Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IMT4113 Technology > Network Security: Kerberos, X.509, PKI > Flashcards

Network Security: Kerberos, X.509, PKI Flashcards

1
Q

What is Kerberos?

A

A defacto standard for remote authentication.
It is a trusted third party (TTP) service.

  • client and server trust Kerberos to mediate their mutual authentication
  • Kerberos requires user to authenticate for each service invoked
  • optionally requires servers to authenticate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the authentication server in Kerberos?

A

A central server that is responsible for authentication
- All application servers rely on authentication servers to verify identities of users

  • authentication server can store all passwords
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does a typical interaction with Kerberos look like?

A
  1. User requests service on host
  2. authentication server verifies user’s access rights and creates ticket-granting ticket and session key.
  3. User provides password to decrypt incoming message, then sends ticket and authenticator to Ticket-granting server
  4. Ticket-granting server decrypts ticket and authenticator, verifies request, then creates ticket for requested server.
  5. User’s workstation sends ticket and authenticator to application server
  6. Application server verifies ticket and authenticator, then grants access to service.

https://imgur.com/a/mWYAm4w

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Kerberos key exchange etc.

A

to do

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is X.509?

A

A highly used standard for public key certificates. These certificates bind an identity to a public key using a digital signature.
A certificate contains an identity, a public key, and is either signed by a Certificate Authority or by other means.

Used in S/MIME, IPsec, SSL, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How is X.509 certificates revoked?

A

Certificates have an expiration date, but sometimes that is not enough.
To revoke a X.509 certificate, the certificate serial can be added to a Certificate Revocation List.

Recipients should verify certificates against Certificate Revocation Lists. But this is often not done because it adds extra overhead. Online Certificate Status protocol (OCSP) is a query to Certificate Authority to find status of certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is PKI?

A

Public Key Infrastructure.

Definition:
The set of hardware, software, people, policies, procedures needed to create, manage, store, distribute and revoke digital certificates based on asymmetric cryptography.

The goal is to enable secure, convenient, acquisition of public keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How is PKI structured and how is certificates signed and verified?

A

In a hierarchical way.

User certificate are signed and verified by a Certificate Authority’s keys. The Certificate Authority’s keys are signed and verified using a parent Certificate Authority’s keys. The entity at the top is called Root Certificate Authority and has a self-signed certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

IMT4113 Technology (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions