CIA triad in networked environments, Threat modeling for protocols (STRIDE methodology), Secure protocol design patterns (encrypt-then-authenticate, stateful/stateless protocols), Cryptographic agility and algorithm l...
CIA triad in networked environments, Threat modeling for protocols (STRIDE methodology), Secure protocol design patterns (encrypt-then-authenticate, stateful/stateless protocols), Cryptographic agility and algorithm lifecycle management, Protocol downgrade attacks and version negotiation vulnerabilities, Perfect Forward Secrecy (PFS) requirements, Side-channel attack considerations in protocol design.
TLS handshake protocol (client hello, server hello, key exchange, certificate verification), Cipher suite negotiation and security implications, Record protocol and fragmentation, Alert protocol handling, Session resumption and tickets, TLS 1.2 vs 1.3 differences (0-RTT, encrypted SNI), Certificate chain validation and revocation checking (OCSP, CRL).
IPsec protocol suite overview (AH, ESP, IKE), Security associations and databases (SAD, SPD), ESP packet format and encryption/authentication modes, AH integrity protection mechanism, IKEv1 vs IKEv2 (main/aggressive mode, quick mode), Diffie-Hellman key exchange in IKE, NAT traversal and MOBIKE extensions.
WPA2/WPA3 protocol analysis (4-way handshake, PMK/PTK derivation), Enterprise vs Personal modes, Dragonfly handshake in WPA3, HTTPS ecosystem (HSTS, HPKP, Certificate Transparency), DNS security (DNSSEC, DANE, DoH/DoT), SSH protocol (key exchange, authentication, channel multiplexing), Secure email protocols (S/MIME, PGP/OpenPGP).
Historical protocol failures (SSH1 CRC32, TLS renegotiation, BEAST, POODLE, Heartbleed), Protocol implementation flaws (timing attacks, padding oracles), QUIC protocol (0-RTT, connection migration, multiplexing), WireGuard protocol design, Signal protocol for messaging (double ratchet, X3DH), Post-quantum cryptography considerations for protocols.