P2L9 Protocols Flashcards
Shared secret key measures to implement
The challeng number R should be large and random.
Shared secret key needs to be protected and Alice and Bob (end points of communication)
reflection attack mechanics
In the scenario of a simplified handshake process, Attacker Trudy will impersonate Alice and initiate two connections to Bob.
Connection 1 will result in Trudy getting stuck at step three because Trudy cannot encrypt the challenge R1 (from Bob) at step two. Connection 2 will send challenge Bob with R1. Bob responds with encrypted value of R1. Trudy sees this and goes back to connection 1 to complete the malicious step 3.
Fix to reflection attack
Different keys for the initiator and responder
Another method is to use different types of challenges for the initiator and the responder (i.e. even number for Alice and odd number for bob)
mutual authentication via public keys
Alice sends bob challenge R1 that is encrypted using Bob’s public key. Bob decrypts this using his private key. He sends challenge R1 back to Alice (so she can see Bob was able to decrypt) along with his own challenge encrypted with Alice’s public key. Alice decrypts this challenge and sends it back to Bob so bob knows it’s really Alice.
benefit of session key
if key is leaked, impact is limited to current session
Ways to create session key
Via shared master key, via public keys
problem with shared master key
does not scale well
solution to scalability issue of master keys
KDC: key distribution center. The KDC act as intermediary between Alice and Bob so that KDC handles the shared keys. Each user only needs a shared master key with the KDC.
True of False: authentication should be accomplished before key exchange
true
True or False: signing message exchanges in Diffie-Hellman eliminates man in the middle attacks
true
kerberos benefits
localhost does not need to store passwords,
master key that user shares with KDC is only used once a day (limits exposure)
