Cryptographic Protocols Flashcards
What is a cryptographic protocol?
A cryptographic protocol is defined as a series of steps and message exchanges between multiple entities in order to achieve a specific security objective.
Which additional characteristic a cryptographic protocol has that the others protocols doesn’t?
It should not be possible to do or learn more than what is specified in the protocol.
What is data origin authentication?
Data origin authentication is the security service that enables entities to verify that a message has been originated by a particular entity and that it has not been altered afterwards
data integrity is a synonym for which security service?
Data origin authentication
What is entity authentication?
Entity authentication is the security service, that enables
communication partners to verify the identity of their peer entities
why entity authentication is more than
an exchange of (data-origin-) authentic messages?
Because timeliness is also important to be sure that old messages are not being used to reply and that the person answering is really present on that moment.
What are the two principle means to ensure timeliness in cryptographic protocols?
Timestamps (require more or less synchronized clocks) and Random numbers (challenge-response exchanges)
which are the two main categories of protocols for entity authentication?
Arbitrated authentication and Direct authentication.
How does the arbitrated authentication protocol work?
an arbiter, also called trusted third party
(TTP) is directly involved in every authentication exchange
What are the main advantages of the arbitrated authentication protocol ?
- This allows two parties A and B to authenticate to each other without knowing any pre-established secret
- Even if A and B do not know each other, symmetric cryptography can be used
What are the drawbacksof the arbitrated authentication protocol ?
- The TTP can become a bottleneck, availability of TTP is critical
- The TTP can monitor all authentication activity
How does the Direct authentication protocol work?
A and B directly authenticate to each other
What is the main advantage of direct authentication protocol?
no online participation of a third party is required and no
possible performance bottleneck is introduced
What is the main drawback of direct authentication protocol?
requires asymmetric cryptography or pre-established secret keys
How does the Needham-Schroeder Protocol work?
It uses a trusted third party (TTP). first A sends a message asking the TTP for a key to send message to B. The message contains:
- A - > TTP: (A, B, r A )
The ttp then generates a key KA,B and send to A
- TTP → A: {r A , B, K A,B , {K A,B , A} K B,TTP } K A,TTP
A decrypts the message and by the random number rA A knows that it is a fresh message from TTP. After A sends a message to B:
- A → B: {K A,B , A} K B,TTP
B decrypts the message and obtains KB,TTP and send a random number to A:
- B → A: {r B } K A,B
A decrypts and answer with rB -1 and send it back to B.
- A → B: {r B -1} K A,B
B checks if the result is valid.
There are any mean to impersonate someone using the Needham-Schroeder Protocol?
Yes, since old messages continue to be valid, if someone knows K A,B, it can use latter to impersonate A party during a communication.
Which protocol solve the impersonate problem of the Needham-Schroeder one?
Otway-Rees Protocol, by adding a index to the exchange messages.
how the Otway-Rees Protocol solve the problem of replying old messages?
Instead of only send message to TTP, A send the random number either to TTP and to B. B sends a random number by its own and then share with TTP attaching the index and the random number from A. TTP send the message with both encrypted random number to B. B verifies its random number and then send the A part to A. A check i A and r A to see if they are unchanged. If yes, then A is sure about the authenticity of the key.
What is X.509?
X.509 is an international recommendation of ITU-T and defines a framework for provision of authentication
services, comprising Certification of public keys and certificate handling (format, hierarchy, revocation list) and Three different dialogues for direct authentication (one way and two way [requiring synchronized clocks] authentication and three way mutual authentication [entirely based on random numbers].
What happened when the private key of a
certification authority is compromised?
This implies, that all certificates signed with this key have to be revoked.
How Certificate revocation is realized?
by maintaining certificate revocation lists (CRL):
- CRLs are stored in the X.500 directory
- When checking a certificate, it has also to be checked that the certificate has not yet been revoked
- Certificate revocation is a relatively slow and expensive operation
What is Perfect Forward Secrecy?
It is a characteristic in which is guaranteed that a compromise of a key in the future will not allow to compromise any data that has been protected with this key exchanged before that compromise.
How can we guarantee the property of perfect forward secrecy (PFS)?
By doing the separation of key exchange and authentication of the exchange is possible to guarantee the property of perfect forward.
Which cryptographic protocol for key exchange does not realize any authentication?
The Diffie-Hellman protocol
