L18 Flashcards
The challenge values in an authentication protocol can be repeatedly used in multiple sessions
a) True
b) False
b) False
Repeating challenge values is not secure
The authentication messages can be captured and replayed by an adversary
a) True
b) False
a) True
Always assume messages sent over the internet can be received by an adversary
Authentication can be one-way, e.g., only authenticating Alice to Bob
a) True
b) False
b) True
The first 3 steps of the protocol authenticate user to server (Alice to Bob)
A reflection attack is a form of man-in-the-middle attack
a) True
b) False
a) True
To defeat a reflection attack, we can use an odd number as challenge from the initiator and even number from the responder
a) True
b) False
a) True
The attacker cannot replay the challenge received from the server (an even number) because the server is expecting an odd number
We can use signing with public keys to achieve mutual authentication
a) True
b) False
a) True
A session key should be a secret and unique to the session
a) True
b) False
a) True
Authentication should be accomplished before key exchange
a) True
b) False
a) True
A key benefit of using KDC is for scalability
a) True
b) False
a) True
In order for Bob to verify Alice’s public key, the certificate authority must be on-line
a) True
b) False
b) False
As long as the user has the CA’s public key, they can verify the certificate
Signing the message exchanges in Diffie-Hellman eliminates the man-in-the-middle attack
a) True
b) False
a) True
Kerberos provides authentication and access control
a) True
b) False
a) True
Kerberos also distributes session keys
a) True
b) False
a) True
To avoid over-exposure of a user’s master key, Kerberos uses a per-day key and a ticket-granting-ticket
a) True
b) False
a) True
The authenticators used in requests to KDC and application servers can be omitted
a) True
b) False
b) False
