Lec 5: Authentication and Key Distribution Flashcards Preview

CSE 127: Intro to Security > Lec 5: Authentication and Key Distribution > Flashcards

Flashcards in Lec 5: Authentication and Key Distribution Deck (62)
Loading flashcards...
1

What do you use when you want to provide evidence that an object is authentic? What does authentic mean?

- providing evidence that an object is authentic == wanting to provide evidence that an object was endorsed by a particular person

- you use signatures

2

What do you use when you want to provide evidence that you are who you say you are?

authentication protocols

3

Consider a paper check used to transfer money from one person to another. What are the properties of the checks and the physical signatures on the checks?

1. Signature confirms authenticity
- only legitimate signer can produce signature (Arguable)

2. in case of alleged forgery
- 3rd party can verify authenticity (arguable)

3. Checks are cancelled
- so they can't be reused

4. Checks are not alterable
- or alterations are easily detected

4

What are the requirements for digital signatures?

1. a mark that only one principal can make, but others can easily recognize

2. unforgeable
- if P signs a message M with signature S{P,M} it is computationally infeasible for any other principal to produce the pair (M, S{P,M})

3. authentic
- if R receives the pair (M, S{P,M}) purportedly from P,R can check that the signature relaly is from P

4. Not alterable
- after being transmitted, (M, S{P,M}) cannot be changed by P, M, or an interceptor

5. Not reusable
- a duplicate message will be detected by the recipient

 

5

How do digital signatures with shared keys work?

6

How does RSA work (Digital Signatures with Public Keys)

RSA is commutative:
- D(E(M, K), k) = E(D(M, k), K)

Opposite from normal use of PK as cipher
◆ Let KA be Alice’s public key
◆ Let kA be her private key
◆ To sign msg, Alice sends D(msg, kA)
◆ Bob can verify the message with Alice’s public key

Works! RSA: (me)d = med = (md)e

 

7

What are the advantages and disadvantages of digital signatures with public keys? What is the Alice and Bob drawing that shows how digital signatures with public keys works?

8

What are the variations on public key signatures?

9

How do A and B convince each otehr that they are each A and B?

- cryptographic authentication protocols

10

What is the threat model of communication over a network as it relates to cryptographic protocols?

11

What is the general definition of "protocol"?

12

What can the interceptor do?

13

What is an arbitrator and how do they affect protocols (arbitrated protocols)?

14

What are real-world examples of arbitrated protocols and what are the issues with arbitrated protocols?

15

How do adjudicated protocols work?

16

How do self-enforcing protocols work?

17

Is the shared key digital signature algorithm an arbitrated or adjudicated protocol?

arbitrated

18

Is trusted 3rd party provided authenticity an arbitrated or adjudicated protocol?

arbitrated

19

is public key digital signature algorithm an arbitrated or adjudicated protocol?

adjudicated

20

What is trusted 3rd party provided non-repudiation mean? Is it an arbitrated or adjudicated protocol?

- Bob can keep Alice's digitally signed message

- adjudicated

21

What is the goal of authentication?

22

What are the threats to authentication?

23

What situation would we use shared-key authentication?

24

How does weak authentication work?

25

What is a replay attack?

26

What are the three strategies for defeating replay attacks?

27

What are nonces?

28

What are the uses of nonces in a challenge-response protocol?

29

How are time stamps used?

30

What are sequence numbers used for? What are the disadvantages?