Security Protocols

Question 1

It is a good idea to use sequentially increasing numbers as challenges in security protocols.(T/F)

Answer 1

False

Question 2

In security protocol, an obvious security risk is that of impersonation.(T/F)

Answer 2

True

Question 3

In Kerberos, the authentication server shares a unique secret key with each authorized computer on the network.(T/F)

Answer 3

True

Question 4

In Kerberos, each human user has a master key shared with the authentication server, and the key is usually derived from the user’s password.(T/F)

Answer 4

True

Question 5

In Kerberos, the purpose of using ticket-granting-ticket (TGT) is to minimize the exposure of a user?s master key.(T/F)

Answer 5

True

Question 6

The ticket-granting ticket is never expired.(T/F)

Answer 6

False

Question 7

Kerberos does not support inter-realm authentication. (T/F)

Answer 7

False

Question 8

The purposes of a security protocol include:

Answer 8

A. Authentication

B. Key-exchange

C. Negotiate crypto algorithms and parameters

Question 9

Example scenarios requiring a security protocol:

Answer 9

log in to mail.google.com

connecting to work from home using a VPN

Question 10

network protocol defined

Answer 10

A network protocol defines the rules and conventions for communications between two entities.

Question 11

security protocol defined

Answer 11

A security protocol defines the rules and conventions for SECURE communications.

Question 12

Kerberos Protocol

Answer 12

Authentication and access control in a network environment

Every principal has a master (secret) key

• -Human user’s master key is derived from password
• -Other resources must have their keys configured in

All principals’ master keys are stored in the KDC database, protected/encrypted

Question 13

Kerberos Benefits

Answer 13

Localhost does not need to store passwords

The master key that the user shares with the KDC is only used once every day
–This limits exposure of the master key

Question 14

Ticket granting ticket

Answer 14

AS responds with TGT and session key, both encrypted with one time encryption key (DES)

TGT is a set of credentials used by client to apply for service

• -not just a specific application service
• -it’s for a ticket granting server that can be used to get more tickets

Indicates the AS has accepted the client and its user

Contains:

• • user’s ID
• -server’s ID
• -timestamp
• • lifetime after which ticket is invalid
• -copy of session key

Question 15

Kerberos environment requirements

Answer 15

Kerberos server must have user ID and password of all participating users in its database.

Kerberos server must share a secret key with each server.

Question 16

Certificates

Answer 16

Certificates issued from trusted third party that links public key with identity of key’s owner

Certificate Authority trusted by user community
–user present public key and obtains certificate

Certificate variants:

• -Conventional (long-lived) certificates
• -Short-lived certificates
• -Proxy certificates (allow end user certificate to sign another certificate to extend it)
• -Attribute Certificates: links user’s identity to set of attributes used for authorization and access control

Question 17

Public Key Infrastructure

Answer 17

set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography

Principle Objective

Question 18

Public Key Infrastructure Principle Objective

Answer 18

Enable secure, convenient, efficient acquisition of public keys

Question 19

Public Key Infrastructure issues

Answer 19

Reliance on the user to make an informed decision when there is a problem verifying certificate problem because users just accept

Assumption that all of the CAs in the trust tore are equally trusted, equally well managed, and apply equivalent policies

Different implementations in various web browsers and operating systems use different trust stores, so present different security views