Question

1.Where does TLS fit on the Internet protocol stack?

2.How do applications use TLS?

3.How does TLS provide authentication? Does it provide mutual authentication (both client and server-side)? Is that required?

4.What is the purpose of padding, Message Authentication Code (MAC), handshake protocol, change cyber suite (CCS) protocol?

5.How does TLS provide: confidentiality, availability, integrity, non-repudiation?

6.Is TCP a user of TLS services or does it provide services to TLS (hard question) – explain your answer in one sentence?

7.Does TLS use sequence numbers?

8.Sequence numbers can be used to launch replay attacks (as in TCP). How does TLS protect against replay attacks?

Please answer all the questions briefly.

Answer 1

Hi, I would love to help you out with this question, I hope you will love an answer and do get an idea related to the same. So not wasting much time lets get started.

Ans.1 Where does TLS fit on the Internet protocol stack?

• TLS stands for the Transport Layer Security and is attached with the SSL this actually works between the transport layer and the application layer and mainly is wrapped with the application Layer in the Internet Protocol Stack. It encrypts the application layer traffics when in the transport.

Ans.2 How do applications use TLS?

• The applications use TLS Teansport Layer Security with corresponding to the SSL which is Secure Socket Layer. These both works with the HTTPS for making the applications secure and encrypt the traffic been transmitted over the network.

Ans.3 How does TLS provide authentication? Does it provide mutual authentication (both client and server-side)? Is that required?

• The authentication is provided by the TLS and SSL in such a manner by encrypting the data with the server's public key and when the server decrypts the message it needs its private key to decrypt that information. This is required on both client and the server side and this type of authentication is required the most , it helps a lot in securing the network.

Ans.4 What is the purpose of padding, Message Authentication Code (MAC), handshake protocol, change cyber suite (CCS) protocol?

• Padding - Padding provides the space between the element and the border it goes around all the sides of the data and acts as a margin
• Message Authentication Code (MAC)- This is a tag attached with the message so as maintaining the integrity and the authenticity of the messages been transferred.
• Handshake Protocol- This is a protocol used for the authentication of the participants and to decide the encryption algorithm between them
• change cyber suite (CCS)- This is a cyber suite designed to prevent from the larger security risks

Ans.5 How does TLS provide: confidentiality, availability, integrity, non-repudiation?

• These all the security aspects are been fulfilled by the usage of the TLS and SSL combined with it by encrypting the data been transferred as preventing it from being captured and decrypted as it is encrypted with the public key and needs to be decrypted by the private key only.

Ans.6 Is TCP a user of TLS services or does it provide services to TLS (hard question) – explain your answer in one sentence?

• TCP is a user of TLS services as it can also run without the TLS so saying this would be right enough

Ans.7 Does TLS use sequence numbers?

• Yes, TLS uses 64-bit sequence numbers

Ans.8 Sequence numbers can be used to launch replay attacks (as in TCP). How does TLS protect against replay attacks?

• This prevents the replay attacks by preventing the modification or the replaying of the data before the encryption or at the time of decryption, this results in the prevention of the replay attack.

I hope I have answered all questions briefly an in a clear manner for your better understanding

Requested to please give the thums up and do comment for any queries.

Thanks and Happy to help :)

HAPPY LEARNING