Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

M6-108 > E-Authentication > Flashcards

E-Authentication Flashcards

1
Q
  1. Which of these is not a method of POPOS- (Proof of possession of secret) based authentication?

a. OTP (i.e., a One-Time Password)
b. PvtKey{challenge}
c. Hash (PrivateKey, challenge)
d. SecretKey{challenge}

A

c. Hash (PrivateKey, challenge)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Why is it not necessary to “protect” a digital certificate that is sent over the wire?
    a. Modification of anything in the certificate would not help the attacker.
    b. The key it carries is encrypted to protect its confidentiality.
    c. It is “self-protected” already via the CA’s digital signature.
    d. The integrity of the key in the certificate is not important because it is a public key.
A

c. It is “self-protected” already via the CA’s digital signature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. At the core of all remote digital “e”-authentication methods, is the need to…
    a. ensure that the attacker could never brute force attack the authentication secrets.
    b. prove possession of a shared (symmetric) secret or a private key.
    c. employ a trusted third party to manage all authenticating message exchanges.
    d. generate session keys dynamically, and not keep them stored on hard drives.
A

b. prove possession of a shared (symmetric) secret or a private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of these is a reason that a distinction is made between authenticating humans and
    authenticating computers?
    a. Humans generally cannot remember “strong” secrets: computers can.
    b. Computers generally cannot do complex cryptographic operations: humans can.
    c. No distinction is made.
    d. both a and b
A

a. Humans generally cannot remember “strong” secrets: computers can.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which of these best defines the notion of a common trust anchor in PKI?
    a. If A uses B’s certificate (e.g., B sent a digitally-signed email to A), then A and B must have
    the same signing CA in order for A to accept B’s certificate.
    b. It means that two CAs have issued cross-certificates for each other.
    c. It is synonymous with (i.e., means the same as) a root certificate.
    d. Two different user certificates have a common signing CA somewhere in their signing chain.
A

d. Two different user certificates have a common signing CA somewhere in their signing chain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which of these represents a MAC (Message Authentication Code) of the challenge?
    a. hash(challenge, SecretKey)
    b. hash(challenge, PublicKey)
    c. hash(challenge, PrivateKey)
    d. both a and c
A

a. hash(challenge, SecretKey)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which of the following best describes PFS (Perfect Forward Secrecy)?
    a. Session keys are never re-used.
    b. Authentication keys (e.g., passwords) are not stored anywhere.
    c. Session keys cannot be derived from stored (long term) authentication keys.
    d. Session keys receive the same storage protection that authentication keys do.
A

a. Session keys are never re-used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. The online user who puts a check in the Web server option box that offers: “log me in automatically”,
    is effectively…
    a. indicating that she is willing to let her password be sent in the clear.
    b. saying that she wants to be prompted for both username and password during every logon.
    c. increasing her vulnerability to a having that password stolen from her computer.
    d. causing the Web server to now store her password.
A

c. increasing her vulnerability to a having that password stolen from her computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which is the most “expensive” in terms of the CPU-processing required to perform them?
    a. Hash functions
    b. Asymmetric Key encryption/decryption
    c. Symmetric Key encryption/decryption
    d. There is little difference between any of these
A

b. Asymmetric Key encryption/decryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. A “cross certificate” is best described as…
    a. the root certificate that is common to two different certificate owners.
    b. a CA certificate that has been “signed” by a CA from a different PKI hierarchy/domain.
    c. the common trust anchor CA certificate in any two certificate owner’s ancestral chain.
    d. a “self-signed” root certificate that serves as the common trust anchor for two or more
    different PKI hierarchies/domains.
A

b. a CA certificate that has been “signed” by a CA from a different PKI hierarchy/domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. In the context of cryptography, “strong authentication” across a network means that…
    a. the authentication credentials (e.g. PW) are safe from brute force attack.
    b. knowledge (or possession) of a secret is proven without revealing the secret in transit.
    c. biometric information is used as proof of identity.
    d. the authentication credentials used must be asymmetric.
A

b. knowledge (or possession) of a secret is proven without revealing the secret in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Which of these best describes the use and utility of the Diffie-Hellman protocol?
    a. It solves the key distribution problem by allowing two remote entities to create a shared key.
    b. It allows to remote entities to create a secure (CIA) communications channel between them.
    c. It solves the key distribution problem by employing assymetric key-building techniques.
    d. It allows two remote entities to confidentially create a shared (symmetric) key.
A

d. It allows two remote entities to confidentially create a shared (symmetric) key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. When a KDC (Key Distribution Center) is used as a “trusted (key) intermediary” for symmetric key
    based authentication, which is true regarding the problem-size for key generation and distribution?
    a. It goes from a n(n-1)/2 problem to a simpler n/2 problem.
    b. It goes from a n(n-1) problem to a simpler n/2 problem.
    c. It goes from a n(n-1)/2 problem to a simpler n problem.
    d. It goes from a n(n-1) problem to a simpler n problem.
A

c. It goes from a n(n-1)/2 problem to a simpler n problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What is the purpose of adding “salt” values to every users’ password in the hashed password file?
    a. It effectively prevents any brute-force attack on the password file.
    b. It provides a stronger secret value with which to encrypt the passwords.
    c. It prevents an attacker from being able to do a direct comparison of the password file against
    an already hashed dictionary.
    d. The salt is used as an encryption key for the user’s chosen password, thus permitting the
    computer to strengthen the human’s possibly weak password.
A

c. It prevents an attacker from being able to do a direct comparison of the password file against
an already hashed dictionary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Hash attack #2 had the problem that the key was put in the front of the MAC. How does HMAC fix
    this? (Recall that “MD” means Message Digest… same thing as a hash)
    a. MD (Msg , SecretKey)
    b. MD (SecretKey , MD (SecretKey, Msg))
    c. MD (SecretKey, Msg, SecretKey)
    d. MD (Msg , SecretKey , Recipient_Name)
A

b. MD (SecretKey , MD (SecretKey, Msg))

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which statement best describes the Birthday Attack?
    a. Attacker discovers new Msg2
    whose hash “collides” with that of legitimate captured Msg1.
    b. Attacker un-hashes the legitimate Msg1
    and manipulates it such that a new hash of it is
    identical to the original transmitted hash.
    c. Attacker creates two different messages that suit his purpose that hash to the same value.
    d. Attacker applies one more hash to the hash of the legitimate message in order to
    modify the message without the modification being detected.
A

c. Attacker creates two different messages that suit his purpose that hash to the same value.

17
Q
  1. Assume that KAB is a session key to be used between Alice and Bob. What should Alice do when she
    receives this from Bob? AlicePub{ KAB, CertBob, BobPvt{hash(KAB)} }
    Alice should decrypt this entire thing using ___________________, then verify
    ________________ using the _____________ certificate stored in her computer,
    then decrypt____________________ using ___________________ found inside
    of ______________________, and then re-hash ______________ and compare it
    against the now decrypted ________________.
A
  1. Assume that KAB is a session key to be used between Alice and Bob. What should Alice do when she
    receives this from Bob? AlicePub{ KAB, CertBob, BobPvt{hash(KAB)} }
    Alice should decrypt this entire thing using _AlicePvt__________, then verify
    __Signature_____ using the _CA__________ certificate stored in her computer,
    then decrypt____hash(KAB)_________ using ___Bobpub__________ found inside
    of _____CertBob__________, and then re-hash ___KAB________ and compare it
    against the now decrypted _hash(KAB)__________.
18
Q
  1. Which of these illustrates a cross certificate? (Note: CA1 and CA2 are two root Certification
    Authorities)
    a. CA1 , PvtKeyCA1 PvtKeyCA2{hash (CA1 , PvtKeyCA1)}
    b. CA1 , PubKeyCA1 PvtKeyCA2{hash (CA1 , PubKeyCA1)}
    c. CA1 , PubKeyCA1 PvtKeyCA1{hash (CA1 , PvtKeyCA2)}
    d. CA1 , PubKeyCA1 PvtKeyCA1{hash (CA1 , PubKeyCA1)}
A

b. CA1 , PubKeyCA1 PvtKeyCA2{hash (CA1 , PubKeyCA1)}

19
Q
  1. Which key(s) is/are found inside of a root certificate?
    a. all subordinate CA’s (non-root CAs) public keys are contained in a root certificate
    b. both the root CA’s public and private key
    c. no keys are found in a root certificate
    d. only the root CA’s public key.
A

d. only the root CA’s public key.

20
Q
  1. What would User send in the third message below in order to perform a PKI-based authentication?
    User —— I am User ——> Server
    User Server
    a. User’s digital certificate
    b. UserPub{R} (and—optionally—the user’s digital certificate)
    c. UserPvt{R} (and—optionally—the user’s digital certificate)
    d. Either b or c would work
A

c. UserPvt{R} (and—optionally—the user’s digital certificate)

21
Q
  1. This authentication protocol…
    Hi Bob, I’m Alice, AlicePvt{nonce,hash(Alice,Bob)}, CertAlice
    a. is a good protocol that will reliably authenticate Alice to Bob.
    b. could be replayed to the same recipient or a different recipient.
    c. could only be replayed to Bob.
    d. could not be validated/verified by Bob.
A

b. could be replayed to the same recipient or a different recipient.

22
Q
  1. Show what the attacker would send in Msg#D in order to execute a reflection attack on this
    authentication protocol (i.e., the attacker wants the Server to believe he is Alice)
    Session 1:
    Msg#A: Attacker— I am Alice, R3 –>Server
    Msg#B: Attacker (less than)— hash(R3, PW), R4 —Server
    Msg#C: Attacker—- hash(R4, PW) —>Server
    Session 2:
    Msg#D: Attacker— ______________ —>Server
    Msg#E: Attacker (less than)——(NOT SHOWN)—– Server
A

Msg#D: Attacker __I’m Alice, R4_______ Server

23
Q
  1. Identify the ticket and the session key in this KDC operation. (Note: the syntax KXY indicates a
    symmetric key known only to entities X and Y).
    A —— KAK{I want to talk to B} ——-> KDC
    A (less than)———- KAK{KAB}, KBK{KAB} ————– KDC
    A ———– KBK{KAB}, KAB{Msg} ————-> B
    The complete ticket is __________ ? The session key is __________ ?
A

The complete ticket is __KBK{KAB}__ ? The session key is __KAB_____ ?

24
Q
  1. Why is it a security (e-authentication) best practice to use the identity certificate (and private key)
    vice the email signing certificate (and private key) when authenticating online?
    a. Because the email private key is escrowed while the identity private key is not.
    b. Because the email certificate cannot be used for non-repudiation, while the identity certificate can.
    c. Because email signing requires more plaintext than is provided by the challenge string delivered by the authenticator in an authentication handshake.
    d. Because the person being authenticated may be maliciously duped into “signing” something of an attacker’s choosing.
A

d. Because the person being authenticated may be maliciously duped into “signing” something of an attacker’s choosing.

25
Q
  1. What is the most accurate characterization of this authentication protocol, assuming that Bob has remembered all previous nonces from Alice, and knows their shared PW?
    Hi Bob, it’s Alice, nonce, hash(Alice,nonce,PW)
    a. It is a good protocol that will reliably authenticate Alice to Bob.
    b. Attacker could replay this and successfully impersonate Alice to someone other than Bob.
    c. Attacker could replay this and successfully impersonate Alice to (only) Bob.
    d. It could not be validated/verified by Bob.
A

a. It is a good protocol that will reliably authenticate Alice to Bob.

26
Q

Questions 26 and 27 refer to this SSL illustration

  1. Which is true of this SSL transaction?
    a. Alice is authenticating to Bob, but Bob is not authenticating to Alice.
    b. Bob is authenticating to Alice, but Alice is not authenticating to Bob.
    c. Neither Alice nor Bob are authenticating in this SSL transaction.
    d. Both Alice and Bob are authenticating in this transaction.
A

b. Bob is authenticating to Alice, but Alice is not authenticating to Bob.

27
Q

Questions 26 and 27 refer to this SSL illustration

  1. Which is true of this SSL transaction?
    a. Bob is authenticating in Step 2 by presenting his certificate.
    b. Bob is authenticating in Step 4 by proving he knows messages 1, 2 and 3.
    c. Alice is authenticating in Step 3 by proving she knows ‘S’.
    d. Bob is authenticating in Step 4 by proving he can create KAB.
A

d. Bob is authenticating in Step 4 by proving he can create KAB.

28
Q
  1. What is the most accurate characterization of this message transfer protocol?
    BobPub{I am Alice, Message, nonce, hash(Message,nonce)}
    a. It will provide only confidentiality for the message.
    b. It will provide only integrity for the message.
    c. It will provide both integrity and confidentiality for the message.
    d. It will provide neither integrity nor confidentiality for the message .
A

a. It will provide only confidentiality for the message.

29
Q 
29. What would User send in the third message below in order to perform a PKI-based authentication?
User ------ I am User ------> Server
User (less than)---UserPub{challenge}--- Server
 User -------\_\_\_\_\_\_\_\_\_ ------> Server
a. hash( PW, nonce)
b. hash( challenge, nonce)
c. challenge
d. none of the above
A

c. challenge

M6-108 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions