Lecture 11-Kerberos, Network Security Flashcards
What is the main most important point of zero knowledge proofs?
It gives you a way to mutually authenticate when both parties don’t trust each other. Password authentication: you can give up your password to a bad guy. Public key cryptography: Bob can get Alice to sign anything if he goes rogue.
When if the Fiat-Shamir protocol insecure?
If Eve knows Bob’s challenge in advance, she can manipulate the math involved in the Fiat-Shamir protocol to give Bob what he’s looking for. But even then the probability of being right is only 50% so increasing the number of iterations will reduce her probability.
Where is Fiat-Shamir used in practice?
Watermark verification: show presence of watermark without revealing info about it and also prevent duplicating watermark
Videocrypt: a way to authenticate subscriber for satellite DirecTV before showing movie
Kerberos
It is an authentication infrastructure used to authenticate users to servers and servers to users and relies on symmetric key encryption and is based on TTP
Needham-Schroeder
-basis for Kerberos (essentially works with TTP assigning shared key + ticket to Alice and Alice sends ticket to Bob so he can decrypt it and get the shared key as well)
What is the difference between a ticket granting ticket and a service ticket?
A tgt is requested first since you need to send a tgt as part of your request for a service ticket. A service ticket is essentially Alice’s way of wanting to talk to Bob
What are realms in Kerberos?
Different “departments.” If you want access to another realm you have to get your realm to vouch for your identity through a TGT.
What are some Kerberos limitations?
Not scalable, if you guess password you can guess the keys generated, requires clock sync
How does PGP provide confidentiality?
Alice sends email using symmetric key encryption
How does PGP provide integrity?
Alice digitally signs the message and sends Bob both the message and the signature. Bob applies Alice’s public key to verify the signed digest and compares the hash of the message with his own hash
How does PGP use trust to validate keys?
If it is signed by enough valid keys, it is fully valid
SSL
Also known as Transport Layer Security and it provides server authentication, data encryption, client authentication
What is the difference between TLS connection and TLS session?
Connection is transient, peer-to-peer communication link. Session is an association between client and server and is created by the Handshake Protocol (a session has multiple connections)
What are the two phases of TLS?
Handshake protocol: authenticate each other, negotiate encryption and MAC algorithms, negotiate cryptographic keys to be used
Record-layer protocol: Use the shared key for secure communication
How does the TLS handshake work?
First there is TCP authentication, then Alice sends a nonce. Bob sends public key, certificate, and his nonce. Alice verifies Bob’s pk. Alice generates pre-master secret and can transit secret value to Bob. (Which is then used to generate the four keys)