P2L9: Security Protocols

Question 1

What are the building blocks for Security Protocols?

Answer 1

• Public key (asymmetric) algorithm
• Secret key (symmetric) algorithm
• Hash Functions

Question 2

What are key things to look out for in Mutual Authentication with Shared Keys?

Answer 2

• The “challenge” (R1 & R2) sent for proving authentication shouldn’t repeat (or at least not easily) since an attack can just watch the challenge and save the response to be used later when the challenge is repeated
• This can be done by using large random values for R1 and R2

Question 3

Authentication can be one way. T/F

Answer 3

True, since clients need to authenticate to servers, but not other way

Question 4

What is a reflection attack and how can it be mitigated?

Answer 4

• A reflection attack is a man in the middle attack while two parties are authenticating, where the impersonator reflects back the answers.
• This can be stopped by either:
  • Using two different secret keys, so Bob encrypts with R1 and Alice encrypts with R2
  • Using a different type of challenge for the initiator and responder (for example odd for initiator and even for responder)

Question 5

With public keys we can use signing to achieve mutual authentication. T/F

Answer 5

True

Question 6

What is a long term secret key called?

Answer 6

Master key

Question 7

What is the problem with shared master keys and what is the solution?

Answer 7

• They do not scale

* Key Distribution Centers (KDC) are the solution

Question 8

What is KerberOs?

Answer 8

• A KDC
• Authentication and Access Control system for networks
• Every principal has a master key
  
  • Humans have keys based on passwords
  • Computers have keys based on their device

Question 9

What are the benefits to Kerberos?

Answer 9

• Localhost doesn’t need to store passwords
• Master key is used less, only once a day, and then Kerberos gives a session key for every day
• Limits the exposure of the master key