Lecture 11-Kerberos, Network Security Flashcards
What is the main most important point of zero knowledge proofs?
It gives you a way to mutually authenticate when both parties don’t trust each other. Password authentication: you can give up your password to a bad guy. Public key cryptography: Bob can get Alice to sign anything if he goes rogue.
When if the Fiat-Shamir protocol insecure?
If Eve knows Bob’s challenge in advance, she can manipulate the math involved in the Fiat-Shamir protocol to give Bob what he’s looking for. But even then the probability of being right is only 50% so increasing the number of iterations will reduce her probability.
Where is Fiat-Shamir used in practice?
Watermark verification: show presence of watermark without revealing info about it and also prevent duplicating watermark
Videocrypt: a way to authenticate subscriber for satellite DirecTV before showing movie
Kerberos
It is an authentication infrastructure used to authenticate users to servers and servers to users and relies on symmetric key encryption and is based on TTP
Needham-Schroeder
-basis for Kerberos (essentially works with TTP assigning shared key + ticket to Alice and Alice sends ticket to Bob so he can decrypt it and get the shared key as well)
What is the difference between a ticket granting ticket and a service ticket?
A tgt is requested first since you need to send a tgt as part of your request for a service ticket. A service ticket is essentially Alice’s way of wanting to talk to Bob
What are realms in Kerberos?
Different “departments.” If you want access to another realm you have to get your realm to vouch for your identity through a TGT.
What are some Kerberos limitations?
Not scalable, if you guess password you can guess the keys generated, requires clock sync
How does PGP provide confidentiality?
Alice sends email using symmetric key encryption
How does PGP provide integrity?
Alice digitally signs the message and sends Bob both the message and the signature. Bob applies Alice’s public key to verify the signed digest and compares the hash of the message with his own hash
How does PGP use trust to validate keys?
If it is signed by enough valid keys, it is fully valid
SSL
Also known as Transport Layer Security and it provides server authentication, data encryption, client authentication
What is the difference between TLS connection and TLS session?
Connection is transient, peer-to-peer communication link. Session is an association between client and server and is created by the Handshake Protocol (a session has multiple connections)
What are the two phases of TLS?
Handshake protocol: authenticate each other, negotiate encryption and MAC algorithms, negotiate cryptographic keys to be used
Record-layer protocol: Use the shared key for secure communication
How does the TLS handshake work?
First there is TCP authentication, then Alice sends a nonce. Bob sends public key, certificate, and his nonce. Alice verifies Bob’s pk. Alice generates pre-master secret and can transit secret value to Bob. (Which is then used to generate the four keys)
Why does TLS use 4 keys?
First you need separate keys for MAC-ing and encryption. Next each direction needs a separate key. All this prevents reflection attacks
Would it be ok to MAC the whole messages instead of each message fragment separately?
Can’t do this. There are message size constraints so the message would need to be fragmented. If you wait to MAC on all of it you’d need to wait for all the pieces to get in. If something gets corrupted along the way, since there’s no separate MAC you wouldn’t know which fragment so the whole thing would need to be sent again.
What is IPSec?
A set of protocols and algorithms used to secure IP data at the network layer
Security Association
-comes under IPSec. It is a set of parameters to establish a one way relationship between sender and receiver
Authentication Header
Part of IPSec. Provides integrity, authentication
Overall layer organization
PGP is application layer, TLS is transport level, IP/IPSec is network level security
Network vs Transport layer?
Network layer relays logical communication between hosts. Transport layer provides logical communication between processes on different hosts.
