Lec 5: Authentication and Key Distribution

Question 1

What do you use when you want to provide evidence that an object is authentic? What does authentic mean?

Answer 1

• providing evidence that an object is authentic == wanting to provide evidence that an object was endorsed by a particular person
• you use signatures

Question 2

What do you use when you want to provide evidence that you are who you say you are?

Answer 2

authentication protocols

Question 3

Consider a paper check used to transfer money from one person to another. What are the properties of the checks and the physical signatures on the checks?

Answer 3

1. Signature confirms authenticity
   - only legitimate signer can produce signature (Arguable)
2. in case of alleged forgery
   - 3rd party can verify authenticity (arguable)
3. Checks are cancelled
   - so they can’t be reused
4. Checks are not alterable
   - or alterations are easily detected

Question 4

What are the requirements for digital signatures?

Answer 4

1. a mark that only one principal can make, but others can easily recognize
2. unforgeable
   - if P signs a message M with signature S{P,M} it is computationally infeasible for any other principal to produce the pair (M, S{P,M})
3. authentic
   - if R receives the pair (M, S{P,M}) purportedly from P,R can check that the signature relaly is from P
4. Not alterable
   - after being transmitted, (M, S{P,M}) cannot be changed by P, M, or an interceptor
5. Not reusable
   - a duplicate message will be detected by the recipient

Question 5

How do digital signatures with shared keys work?

Answer 5

Question 6

How does RSA work (Digital Signatures with Public Keys)

Answer 6

RSA is commutative:
- D(E(M, K), k) = E(D(M, k), K)

Opposite from normal use of PK as cipher
◆ Let KA be Alice’s public key
◆ Let kA be her private key
◆ To sign msg, Alice sends D(msg, k_A)
◆ Bob can verify the message with Alice’s public key

Works! RSA: (m^e)^d = m^ed = (m^d)^e

Question 7

What are the advantages and disadvantages of digital signatures with public keys? What is the Alice and Bob drawing that shows how digital signatures with public keys works?

Answer 7

Question 8

What are the variations on public key signatures?

Answer 8

Question 9

How do A and B convince each otehr that they are each A and B?

Answer 9

• cryptographic authentication protocols

Question 10

What is the threat model of communication over a network as it relates to cryptographic protocols?

Answer 10

Question 11

What is the general definition of “protocol”?

Answer 11

Question 12

What can the interceptor do?

Answer 12

Question 13

What is an arbitrator and how do they affect protocols (arbitrated protocols)?

Answer 13

Question 14

What are real-world examples of arbitrated protocols and what are the issues with arbitrated protocols?

Answer 14

Question 15

How do adjudicated protocols work?

Answer 15

Question 16

How do self-enforcing protocols work?

Answer 16

Question 17

Is the shared key digital signature algorithm an arbitrated or adjudicated protocol?

Answer 17

arbitrated

Question 18

Is trusted 3rd party provided authenticity an arbitrated or adjudicated protocol?

Answer 18

arbitrated

Question 19

is public key digital signature algorithm an arbitrated or adjudicated protocol?

Answer 19

adjudicated

Question 20

What is trusted 3rd party provided non-repudiation mean? Is it an arbitrated or adjudicated protocol?

Answer 20

• Bob can keep Alice’s digitally signed message
• adjudicated

Question 21

What is the goal of authentication?

Answer 21

Question 22

What are the threats to authentication?

Answer 22

Question 23

What situation would we use shared-key authentication?

Answer 23

Question 24

How does weak authentication work?

Answer 24

Question 25

What is a replay attack?

Answer 25

Question 26

What are the three strategies for defeating replay attacks?

Answer 26

Question 27

What are nonces?

Answer 27

Question 28

What are the uses of nonces in a challenge-response protocol?

Answer 28

Question 29

How are time stamps used?

Answer 29

Question 30

What are sequence numbers used for? What are the disadvantages?

Answer 30

Question 31

How does strong(er) shared-key authentication w/ nonces work? What makes it stronger?

Answer 31

Question 32

What is wrong with this flawed version of shared-key authentication?

Answer 32

Question 33

What are the difficulties of protocol design?

Answer 33

Question 34

What are the general principles of protocol design?

Answer 34

Question 35

What are the different types of key establishments? What is the key issue?

Answer 35

Question 36

What is bilateral out-of-band?

Answer 36

Question 37

What is point-to-point?

Answer 37

Question 38

What is third-party key distribution?

Answer 38

Question 39

Explain the Needham-Schroeder Protocol

Answer 39

Question 40

How can a replay attack occur on the Needham-Schroeder Protocol?

Answer 40

Question 41

What are the different attack scenarios of the replay attack on the Needham-Schroeder Protocol?

Answer 41

Question 42

What is Kerberos? What is it used for?

Answer 42

Question 43

Draw the diagram that shows how Kerberos works

Answer 43

Question 44

How does Kerberos login work...in notation terms?

Answer 44

Question 45

How does Kerberos Service Request work..in notation terms?

Answer 45

Question 46

How does Kerberos work in quasi-english?

Answer 46

Question 47

What are the benefits to Kerberos?

Answer 47

Question 48

What are the drawbacks to Kerberos?

Answer 48

Question 49

What do Public Key Infrastructures do?

Answer 49

Question 50

What do Certification Authorities do?

Answer 50

Certification Authority (CA) ◆ Binds identifiers to a public key ◆ Expected to perform some amount of due diligence before vouching for this binding ◆ Popular CA’s: Verisign, Thawte ◆ Note that you must trust CA

Question 51

What is the PKI cErtificate 'X.509'

Answer 51

Question 52

Explain the SSL/TLS example of PKI

Answer 52

Question 53

What to do about SSL/TLS if you want multiple Certificate Authorities (CA)?

Answer 53

Question 54

What happens if a private key is lost or compromised?

Answer 54

Question 55

What is Secure Shell?

Answer 55

Question 56

What are the different way SSH authenticates?

Answer 56

Question 57

How does SSH with passwords work?

Answer 57

Question 58

What is an example use of ssh with password?

Answer 58

Question 59

How does SSH Protocol work?

Answer 59

Question 60

What are the problems with SSH with password?

Answer 60

Question 61

What does ssh.com's SSH and SSH error look like? When does the error come up?

Answer 61

Question 62

How does SSH with client keys work?

Answer 62