Lecture 11-Kerberos, Network Security Flashcards

1
Q

What is the main most important point of zero knowledge proofs?

A

It gives you a way to mutually authenticate when both parties don’t trust each other. Password authentication: you can give up your password to a bad guy. Public key cryptography: Bob can get Alice to sign anything if he goes rogue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When if the Fiat-Shamir protocol insecure?

A

If Eve knows Bob’s challenge in advance, she can manipulate the math involved in the Fiat-Shamir protocol to give Bob what he’s looking for. But even then the probability of being right is only 50% so increasing the number of iterations will reduce her probability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where is Fiat-Shamir used in practice?

A

Watermark verification: show presence of watermark without revealing info about it and also prevent duplicating watermark

Videocrypt: a way to authenticate subscriber for satellite DirecTV before showing movie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Kerberos

A

It is an authentication infrastructure used to authenticate users to servers and servers to users and relies on symmetric key encryption and is based on TTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Needham-Schroeder

A

-basis for Kerberos (essentially works with TTP assigning shared key + ticket to Alice and Alice sends ticket to Bob so he can decrypt it and get the shared key as well)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the difference between a ticket granting ticket and a service ticket?

A

A tgt is requested first since you need to send a tgt as part of your request for a service ticket. A service ticket is essentially Alice’s way of wanting to talk to Bob

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are realms in Kerberos?

A

Different “departments.” If you want access to another realm you have to get your realm to vouch for your identity through a TGT.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some Kerberos limitations?

A

Not scalable, if you guess password you can guess the keys generated, requires clock sync

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does PGP provide confidentiality?

A

Alice sends email using symmetric key encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does PGP provide integrity?

A

Alice digitally signs the message and sends Bob both the message and the signature. Bob applies Alice’s public key to verify the signed digest and compares the hash of the message with his own hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does PGP use trust to validate keys?

A

If it is signed by enough valid keys, it is fully valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SSL

A

Also known as Transport Layer Security and it provides server authentication, data encryption, client authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the difference between TLS connection and TLS session?

A

Connection is transient, peer-to-peer communication link. Session is an association between client and server and is created by the Handshake Protocol (a session has multiple connections)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the two phases of TLS?

A

Handshake protocol: authenticate each other, negotiate encryption and MAC algorithms, negotiate cryptographic keys to be used

Record-layer protocol: Use the shared key for secure communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does the TLS handshake work?

A

First there is TCP authentication, then Alice sends a nonce. Bob sends public key, certificate, and his nonce. Alice verifies Bob’s pk. Alice generates pre-master secret and can transit secret value to Bob. (Which is then used to generate the four keys)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why does TLS use 4 keys?

A

First you need separate keys for MAC-ing and encryption. Next each direction needs a separate key. All this prevents reflection attacks

17
Q

Would it be ok to MAC the whole messages instead of each message fragment separately?

A

Can’t do this. There are message size constraints so the message would need to be fragmented. If you wait to MAC on all of it you’d need to wait for all the pieces to get in. If something gets corrupted along the way, since there’s no separate MAC you wouldn’t know which fragment so the whole thing would need to be sent again.

18
Q

What is IPSec?

A

A set of protocols and algorithms used to secure IP data at the network layer

19
Q

Security Association

A

-comes under IPSec. It is a set of parameters to establish a one way relationship between sender and receiver

20
Q

Authentication Header

A

Part of IPSec. Provides integrity, authentication

21
Q

Overall layer organization

A

PGP is application layer, TLS is transport level, IP/IPSec is network level security

22
Q

Network vs Transport layer?

A

Network layer relays logical communication between hosts. Transport layer provides logical communication between processes on different hosts.