Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

COSC362 > Lecture 16: Key Establishment > Flashcards

Lecture 16: Key Establishment Flashcards

1
Q

What does key establishment in TLS use to allow clients and servers to share a new communication key?

A

public keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Kerberos?

A

A widely used system for secure communications which achieves key establishment without using public keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the four phases of key management?

A

generation
distribution
protection
destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Comment on the key generation phase in key management

A

keys should be generated s.t. they are equally like to occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Comment on the key distribution phase in key management

A

keys should be distributed in a secure fashion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Comment on the key protection phase in key management

A

keys should be accessible for use in relevant cryptographic algorithms, but not accessible to unauthorised parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Comment on the key destruction phase in key management

A

once a key has performed its function, it should be destroyed s.t. it is of no value to an attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the two keys involved in the simple 2-level hierarchy?

A

Long-term keys

Short-term keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are long-term keys also called?

A

static keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How long are long-term keys intended to be used for?

A

a long time

depending on the application, from few hours to few years

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are long-term keys used to protect

A

used to protect distribution of session keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are short-term keys also called?

A

session keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How long are short-term keys intended to be used for?

A

a short period

depending upon the application, from a few seconds to a few hours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are short-term/session keys used to protect?

A

protect communications in a session (e.g. with authenticated encryption)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In practice, what are session keys? Why?

A

symmetric keys used with ciphers (e.g. AES, MAC)

–> due to their greater efficiency over public key algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What type of keys can long-term keys be?

A

Either symmetric or asymmetric keys, depending on how they are used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is does key establishment involved figuring out?

A

how to establish secrete session keys among communication parties using the long-term keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are common approaches to do key establishment? (3)

A

1) key pre-distribution
2) using an online server with symmetric long-term keys
3) using asymmetric long-term keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the two key distribution security goals?

A

1) authentication

2) confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Explain the authentication key distribution security goal

A

if Alice completes the protocol and believes that the key is shared with Bob, then it should not be the case that the key is actually shared with another party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Explain the confidentiality key distribution security goal

A

the adversary is unable to obtain the session key accepted by a particular party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

In formal models, how has the key establishment protocol been seen as broken?

A

if the adversary can distinguish the session key from a random string

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

When does the key establishment protocol provide mutual authentication?

A

if both parties achieve the authentication goal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

When does the key establishment protocol provide unilateral authentication

A

if only one party achieves the authentication goal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the four adversary capabilities of a strong adversary who knows the details of the cryptographic algorithms involved

A

1) eavesdrop on all messages sent in a protocol
2) alter all messages sent in a protocol using any info available to them
3) re-route any messages (including new ones) to any other party
4) obtain the value of the session key used in any previous run of the protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Who generates and distributes long-term keys to all users when they join the system?

A

a trusted authority (TA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Explain the simple schemes for distribution of pre-shared keys

A
  • Assigning a secrete key for each pair of uses
  • The number of keys thus grows quadratically

• The TA only operates in the pre-distribution phase
–> does not need to be online afterwards

• poor scalability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Explain the probabilistic scheme for distribution of pre-shared keys

A
  • reducing key material at each party
  • but only guaranteeing a secure channel between any 2 users with some (high) probability
  • suitable for sensor networks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Explain the key distribution process using symmetric keys

A
  • key distribution with an online server
  • TA shares a long-term shares a long-term shared key with each user
  • An online TA generates and distributes session keys for users when requested –> secure fashion using long-term keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is a single point of attack in key distribution using symmetric keys?

A

the TA (highly trusted)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Comment on scalability for key distribution using symmetric keys

A

can be problematic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Explain key distribution for asymmetric cryptography

A
  • no online TA required
  • public keys used for authentication
  • public keys managed by PKI (certificates and CAs)

• users are trusted to generate good session keys
–> a good pseudo-random number generator required at each party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are the two types of key distribution using asymmetric cryptography?

A

1) key transport

2) key agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What happens when a long-term key is compromised?

A
  • the attacker can now act as the owner of the long-term key
  • previous session keys kay also be compromised
  • -> this can be the case with key transport
  • -> prevent with key agreement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is required for a protocol to provide (perfect) key secrecy

A

if compromise of long-term secrete keys does NOT reveal session keys previously agreed using those long-term keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is key transport?

A

user chooses key material and sends it encrypted to another party
–> sometimes message is also signed by sender

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Does TLS include the option for key transport?

A

yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Does key transport provide forward secrecy

A

NO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is key agreement?

A

• 2 parties each provide input to the key material

• prodiving authentication with public keys
–> by signing the exchanged messages

40
Q

What is an example of key agreement?

A

Diffie-Hellman protocol (widely used)

41
Q

Does TLS include options for key agreement?

A

yes

42
Q

Does key agreement provide forward secrecy?

A

yes

43
Q

What is the notation for signed Diffie-Hellman?

A

See slide 18 in set 16

44
Q

In signed Diffie-Hellman, do Alice and Bob both know each other’s public verification key?

A

yes

45
Q

In signed Diffie-Hellman, is there forward secrecy?

A

yes, since long-term signing keys are only used for authentication

46
Q

Explain the signed Diffie-Hellman protocol process

A

See slide 19 in set 16

47
Q

When was the Needham-Schroeder protocol published?

A

1978

48
Q

What is the Needham-Schroeder protocol?

A

widely known key establishment protocol

49
Q

What is an example of where the Needham-Schroeder protocol is used?

A

Kerberos

50
Q

What is the Needham-Schroeder protocol vulnerable to?

A

replay attacks

–> attacker can replay old protocol message s.t. an honest party will accept an old session key

51
Q

What are the parties and their notation in the Needham-Schroeder protocol?

A
  • 2 parties A and B want to establish a shared secrete key

* S is the TA

52
Q

What are the shared secret keys and their notation in the Needham-Schroeder protocol?

A

A and S share the long-term key KAS

B and S share the long-term key KBS

New session key KAB generated by S

53
Q

What are the involved nonces and their notation in the Needham-Schroeder protocol?

A

NA, NB are randomly generated for one-time use

54
Q

In terms of the Needham-Schroeder protocol, what does S -> A:M mean?

A

that S sends a message M to A

55
Q

What does {M}k denote?

A

the authenticated encryption of message M using the key K

56
Q

Give and explain the diagram for the Needham-Schroeder protocl

A

See slide 23 in set 16

57
Q

Explain how a replay attack occurs on the Needham-Schroeder protocol and give the diagram

A

See slide 24 in set 16

58
Q

To defend against replay attacks what is required for each session i.t.o Needham-Schroeder protocol?

A

established key must be fresh (new)

59
Q

What are some of the freshness mechanisms i.t.o Needham-Schroeder protocol?

A

1) random challenges (nonces)
2) timestamps (string on the current time)
3) counters (increased for each new message)

60
Q

What does the repaired Needham-Schroeder protocol use for freshness?

A

random challenges

-> it can be adapted to use timestamps and counters

61
Q

Explain the process for the repaired protocol using random challenges i.t.o Needham-Schroeder protocol and give the diagram

A

See slide 26 in set 16

62
Q

What are tickets i.t.o the Needham-Schroeder protocol?

A

another way to fix the Needham-Schroeder protocol

63
Q

Explain how tickets work for the Needham-Schroeder protocol

A

See slide 27 in set 16

64
Q

Explain the repaired protocol which uses tickets for i.t.o Needham-Schroeder protocol and given diagram

A

See slide 28 in set 16

65
Q

What is the latest version of Kerberos?

A

version 5

66
Q

What standard is Kerberos in ?

A

RFC 4120 (2005)

67
Q

Who uses Kerberos as their defualt?

A

Default Windows domain authentication method from Windows 2000

68
Q

What are the goals of Kerberos?

A
  • Secure network authentication service in an insecure network environment
  • Single sign-on (SSO) solution
  • providing access selectively for a number of different online services, using individual tickets
  • establishing session keys to deliver confidentiality and integrity services for each service access
69
Q

What is a single sign-on SSO?

A

users only need to enter usernames and passwords once for a session

70
Q

How many levels does the Kerberos protocol have?

A

3

71
Q

Explain the first level of the Kerberos protocol

A

client C interacts with authentication server AS in order to obtain a ticket-granting ticket

–> happening once for a session (e.g. one day long)

–> C only authenticates once at the start of a session

72
Q

Explain the second level of the Kerberos protocol

A

C interacts with ticket-granting server TGS in order to obtain a service-granting ticket

–> happening once for each server during the session

73
Q

Explain the third level of the Kerberos protocol

A

C interacts with application server V in order to obtain a service

–> happening once for each time C requires service during the session

74
Q

Give and explain the diagram for level 1 of Kerberos

A

See slide 32 in set 16

75
Q

What is the key K_C in level 1 of Kerberos?

A
  • symmetric key shared between AS and C

* typically generated by the workstation of C from a password entered by C at logon time

76
Q

What is the key K_C,TGS in level 1 of Kerberos?

A

• new symmetric key generated by AS and shared between TGS and C

77
Q

What is the nonce N_1 in level 1 of Kerberos?

A

nonce used by C to check that key K_C,TGS is fresh

78
Q

What is the key K_TGS in level 1 of Kerberos?

A

long-term key shared between AS and TGS

79
Q

Give and explain the diagram for level 2 of Kerberos

A

See slide 34 in set 16

80
Q

What is the ticket_TGS in level 2 of Kerberos?

A

the same as the one sent in level 1

81
Q

What is the key K_C,V in level 2 of Kerberos?

A

session key shared between V and C

82
Q

What is the nonce N_2 in level 2 of Kerberos?

A

nonce used by C to check that key K_C,V is fresh

83
Q

Why must TGS first get K_C,TGS from ticket_TGS and then check the fileds in the authenticator_TGS are valid in level 2 of Kerberos?

A
  • checking that TS_1 is recent

* checking that C is authorized by access V

84
Q

In practice, are AS and TGS the same machine i.t.o level 2 of Kerberos?

A

yes

85
Q

Give and explain the diagram for level 2 of Kerberos

A

See slide 36 in set 16

86
Q

What is the ticket ticket_v in level 3 of Kerberos?

A

the same as the one sent in level 2

87
Q

What is K_C,V, contained in ticket_V, in level 3 of Kerberos?

A

same as the one sent in level 2

88
Q

What is the reply from V intend to provide in level 3 of Kerberos?

A

mutual authentication

–> C can check that it is using the right application server V

89
Q

Define timestamp i.t.o Kerberos

A
  • includes start and end times

* can be suggested by C in the latest version of Kerberos (v5)

90
Q

Define realm i.t.o Kerberos

A

a domain over which an authenticated server has the authority to authenticate a user

91
Q

Define flag i.t.o Kerberos

A

used in tickets to indicate when and how tickets should be used

92
Q

Defined sequence number i.t.o. Kerberos

A

optional, initiated during the client-server exchange

93
Q

Define subkey i.t.o Kerberos

A

derived from the key K_C,V

94
Q

Comment on the scalability of Kerberos

A

limited
• even though different realms are supported, one realm needs to share a key with each other realm

  • Kerberos best suited for corporate environments with shared trust
  • public-key variants exist
95
Q

Comment on the attack limitations of Kerberos

A
  • offline password guessing

* when the key K_C derived from a human memorable password

96
Q

Comment on the limitations of the standard for Kerberos

A

does not specify how to sue the session key once it is established

COSC362 (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions