15.1 Give examples of replay attacks.
Get 15.1 exercise solution
15.2 List three general approaches to dealing with replay attacks.
Get 15.2 exercise solution
15.3 What is a suppress-replay attack?
Get 15.3 exercise solution
15.4 What problem was Kerberos designed to address?
Get 15.4 exercise solution
15.5 What are three threats associated with user authentication over a network or Internet?
Get 15.5 exercise solution
15.6 List three approaches to secure user authentication in a distributed environment.
Get 15.6 exercise solution
15.7 What four requirements were defined for Kerberos?
Get 15.7 exercise solution
15.8 What entities constitute a full-service Kerberos environment?
Get 15.8 exercise solution
15.9 In the context of Kerberos, what is a realm?
Get 15.9 exercise solution
15.10 What are the principal differences between version 4 and version 5 of Kerberos?
Get 15.10 exercise solution
Problems
15.1 In Section 15.4, we outlined the public-key scheme proposed in [WOO92a] for the distribution of secret keys. The revised version includes IDA in steps 5 and 6. What attack, specifically, is countered by this revision?
Get 15.1 exercise solution
15.2 The protocol referred to in Problem 15.1 can be reduced from seven steps to five, having the following sequence:
a. A -> B:
b. A S KDC:
c. KDC -> B:
d. B -> A:
e. A -> B: Show the message transmitted at each step. Hint: The final message in this protocol is the same as the final message in the original protocol.
Get 15.2 exercise solution
15.3 Reference the suppress-replay attack described in Section 15.2 to answer the following. a. Give an example of an attack when a party’s clock is ahead of that of the KDC. b. Give an example of an attack when a party’s clock is ahead of that of another party.
Get 15.3 exercise solution
15.4 There are three typical ways to use nonces as challenges. Suppose Na is a nonce generated by A, A and B share key K, and f() is a function (such as an increment). The three usages are
Describe situations for which each usage is appropriate.
Get 15.4 exercise solution
15.5 Show that a random error in one block of ciphertext is propagated to all subsequent blocks of plaintext in PCBC mode (See Figure T.2 in Appendix T).
Get 15.5 exercise solution
15.6 Suppose that, in PCBC mode, blocks Ci and Ci+1 are interchanged during transmission. Show that this affects only the decrypted blocks Pi and Pi+1 but not subsequent blocks.
Get 15.6 exercise solution
15.7 In addition to providing a standard for public-key certificate formats, X.509 specifies an authentication protocol. The original version of X.509 contains a security flaw. The essence of the protocol is as follows.
where tA and tB are timestamps, rA and rB are nonces and the notation X {Y} indicates that the message Y is transmitted, encrypted, and signed by X. The text of X.509 states that checking timestamps tA and tB is optional for three-way authentication. But consider the following example: Suppose A and B have used the preceding protocol on some previous occasion, and that opponent C has intercepted the preceding three messages. In addition, suppose that timestamps are not used and are all set to 0. Finally, suppose C wishes to impersonate A to B. C initially sends the first captured message to B: C -> B: A {0, rA, IDB} B responds, thinking it is talking to A but is actually talking to C: B -> C: B {0, r"B, IDA, rA} C meanwhile causes A to initiate authentication with C by some means. As a result, A sends C the following: A -> C: A {0, r"A, IDC} C responds to A using the same nonce provided to C by B: C -> A: C {0, r"B, IDA, r"A} A responds with A -> C: A {r"B} This is exactly what C needs to convince B that it is talking to A, so C now repeats the incoming message back out to B. C -> B: A {r"B} So B will believe it is talking to A whereas it is actually talking to C. Suggest a simple solution to this problem that does not involve the use of timestamps.
Get 15.7 exercise solution
15.8 Consider a one-way authentication technique based on asymmetric encryption: A -> B: IDA B -> A: R1 A -> B: E(PRa, R1) a. Explain the protocol. b. What type of attack is this protocol susceptible to?
Get 15.8 exercise solution
15.9 Consider a one-way authentication technique based on asymmetric encryption: A -> B: IDA B -> A: E(PUa, R2) A -> B: R2 a. Explain the protocol. b. What type of attack is this protocol susceptible to?
Get 15.9 exercise solution
15.10 In Kerberos, when Bob receives a Ticket from Alice, how does he know it is genuine?
Get 15.10 exercise solution
15.11 In Kerberos, when Bob receives a Ticket from Alice, how does he know it came from Alice?
Get 15.11 exercise solution
15.12 In Kerberos, when Alice receives a reply, how does she know it came from Bob (that it’s not a replay of an earlier message from Bob)?
Get 15.12 exercise solution
15.13 In Kerberos, what does the Ticket contain that allows Alice and Bob to talk securely?
Get 15.13 exercise solution
