Lec 5: Authentication and Key Distribution Flashcards Preview

CSE 127: Intro to Security > Lec 5: Authentication and Key Distribution > Flashcards

Flashcards in Lec 5: Authentication and Key Distribution Deck (62)
Loading flashcards...
1
Q

What do you use when you want to provide evidence that an object is authentic? What does authentic mean?

A
  • providing evidence that an object is authentic == wanting to provide evidence that an object was endorsed by a particular person
  • you use signatures
2
Q

What do you use when you want to provide evidence that you are who you say you are?

A

authentication protocols

3
Q

Consider a paper check used to transfer money from one person to another. What are the properties of the checks and the physical signatures on the checks?

A
  1. Signature confirms authenticity
    - only legitimate signer can produce signature (Arguable)
  2. in case of alleged forgery
    - 3rd party can verify authenticity (arguable)
  3. Checks are cancelled
    - so they can’t be reused
  4. Checks are not alterable
    - or alterations are easily detected
4
Q

What are the requirements for digital signatures?

A
  1. a mark that only one principal can make, but others can easily recognize
  2. unforgeable
    - if P signs a message M with signature S{P,M} it is computationally infeasible for any other principal to produce the pair (M, S{P,M})
  3. authentic
    - if R receives the pair (M, S{P,M}) purportedly from P,R can check that the signature relaly is from P
  4. Not alterable
    - after being transmitted, (M, S{P,M}) cannot be changed by P, M, or an interceptor
  5. Not reusable
    - a duplicate message will be detected by the recipient
5
Q

How do digital signatures with shared keys work?

A
6
Q

How does RSA work (Digital Signatures with Public Keys)

A

RSA is commutative:
- D(E(M, K), k) = E(D(M, k), K)

Opposite from normal use of PK as cipher
◆ Let KA be Alice’s public key
◆ Let kA be her private key
◆ To sign msg, Alice sends D(msg, kA)
◆ Bob can verify the message with Alice’s public key

Works! RSA: (me)d = med = (md)e

7
Q

What are the advantages and disadvantages of digital signatures with public keys? What is the Alice and Bob drawing that shows how digital signatures with public keys works?

A
8
Q

What are the variations on public key signatures?

A
9
Q

How do A and B convince each otehr that they are each A and B?

A
  • cryptographic authentication protocols
10
Q

What is the threat model of communication over a network as it relates to cryptographic protocols?

A
11
Q

What is the general definition of “protocol”?

A
12
Q

What can the interceptor do?

A
13
Q

What is an arbitrator and how do they affect protocols (arbitrated protocols)?

A
14
Q

What are real-world examples of arbitrated protocols and what are the issues with arbitrated protocols?

A
15
Q

How do adjudicated protocols work?

A
16
Q

How do self-enforcing protocols work?

A
17
Q

Is the shared key digital signature algorithm an arbitrated or adjudicated protocol?

A

arbitrated

18
Q

Is trusted 3rd party provided authenticity an arbitrated or adjudicated protocol?

A

arbitrated

19
Q

is public key digital signature algorithm an arbitrated or adjudicated protocol?

A

adjudicated

20
Q

What is trusted 3rd party provided non-repudiation mean? Is it an arbitrated or adjudicated protocol?

A
  • Bob can keep Alice’s digitally signed message
  • adjudicated
21
Q

What is the goal of authentication?

A
22
Q

What are the threats to authentication?

A
23
Q

What situation would we use shared-key authentication?

A
24
Q

How does weak authentication work?

A
25
Q

What is a replay attack?

A
26
Q

What are the three strategies for defeating replay attacks?

A
27
Q

What are nonces?

A
28
Q

What are the uses of nonces in a challenge-response protocol?

A
29
Q

How are time stamps used?

A
30
Q

What are sequence numbers used for? What are the disadvantages?

A
31
Q

How does strong(er) shared-key authentication w/ nonces work? What makes it stronger?

A
32
Q

What is wrong with this flawed version of shared-key authentication?

A
33
Q

What are the difficulties of protocol design?

A
34
Q

What are the general principles of protocol design?

A
35
Q

What are the different types of key establishments? What is the key issue?

A
36
Q

What is bilateral out-of-band?

A
37
Q

What is point-to-point?

A
38
Q

What is third-party key distribution?

A
39
Q

Explain the Needham-Schroeder Protocol

A
40
Q

How can a replay attack occur on the Needham-Schroeder Protocol?

A
41
Q

What are the different attack scenarios of the replay attack on the Needham-Schroeder Protocol?

A
42
Q

What is Kerberos? What is it used for?

A
43
Q

Draw the diagram that shows how Kerberos works

A
44
Q

How does Kerberos login work…in notation terms?

A
45
Q

How does Kerberos Service Request work..in notation terms?

A
46
Q

How does Kerberos work in quasi-english?

A
47
Q

What are the benefits to Kerberos?

A
48
Q

What are the drawbacks to Kerberos?

A
49
Q

What do Public Key Infrastructures do?

A
50
Q

What do Certification Authorities do?

A

Certification Authority (CA)

◆ Binds identifiers to a public key

◆ Expected to perform some amount of due diligence before vouching for this binding

◆ Popular CA’s: Verisign, Thawte

◆ Note that you must trust CA

51
Q

What is the PKI cErtificate ‘X.509’

A
52
Q

Explain the SSL/TLS example of PKI

A
53
Q

What to do about SSL/TLS if you want multiple Certificate Authorities (CA)?

A
54
Q

What happens if a private key is lost or compromised?

A
55
Q

What is Secure Shell?

A
56
Q

What are the different way SSH authenticates?

A
57
Q

How does SSH with passwords work?

A
58
Q

What is an example use of ssh with password?

A
59
Q

How does SSH Protocol work?

A
60
Q

What are the problems with SSH with password?

A
61
Q

What does ssh.com’s SSH and SSH error look like? When does the error come up?

A
62
Q

How does SSH with client keys work?

A