ICOM 5018 Final Exam

Spring 2007

May 10, 2007


Open book and notes.  Only the text copies, instruction sheet handout, slide printouts and your own notes may be used.  In the interests of originality and creativity please turn off all electronic communication devices including celulares, laptops, and pocket computing devices

1.       This question relates to IPSEC, SSL, and SSH

a.       Explain the relationship, if any, between IPSEC and the other two.

IPSEC provides security capabilities at the IP level, and appears as an additional level below the transport layer.  SSL is a layer above transport, and is accessed by the secure socket API.  There is essentially no relation.

b.       Secure HTTP is on well-known port 480 (ordinary HTTP is on port 80).  Explain how the SHTTP server invokes the SSL layer.

As above – the SHTTP server makes its socket API calls to the secure socket API.

c.       Repeat b for SSH

SSH is a user of SSL and, like the SHTTP server uses the secure socket API.

d.       Explain the fundamental difference between transport and tunneling

Transport refers to using the next lower layer to carry the information from this layer.  Tunneling refers to using this layer to carry another instance of this layer – for example using an additional IP header to mask a machine inside a corporate network

e.       Can transport and tunneling be implemented at other layers than transport?  Explain

Yes, transport is universal, and tunneling is used (for example) at the link layer to handle PPP with a DSL connection.

2.       This question relates to Oakley and ISAKMP

a.       What is the connection between the two.

Relatively little, Oakley is just a protocol  enhancement to the Diffie-Hellman algorithm to counter some person-in-the middle attacks.  ISAKMP is a complete key management protocol.

b.       What in general is meant by an aggressive interchange

One in which some method, such as using timestamps, is used to reduce the number of steps in the interchange.

c.       In the example at the top of page 510 (figure 16.11) explain what would have to be added to make this a non-aggressive interchange.  You can do this with a one-or-two sentence answer.

A fourth message R->I, needs to be included, with an encryption of a function of the last nonce.  The timestamps may be omitted.

3.       This question relates to Electronic mail security

a.       Explain the basic differences between PGP and S/MIME

PGP is a specific mail security format and system that provides encryption and signature – it does not do certificate management, but does key storage using key rings.  A typical PGP installation probably provides some understanding of certificates.  Again, S/MIME is an addition to the MIME layer that provides a full set of certificate-handling capabilities, and also provides Diffie-Hellman for cases where no certificates exist.

b.       Does PGP support signature without encrypted content (for example signing a University regulation on

No.  (I didn’t ask for an explanation, but it provides only the encrypted, authenticated format).

c.       How does S/MIME support signature without encrypted content

It is an additional content type.