Name____________________________________
March 21, 2002
Open books and notes. Only
the course text and notes in your own handwriting may be used.
1. The following relate to signature protocols.
a. The author states the authors of the protocol on page
308 spotted an error and corrected it with the protocol on page 309. What is the difference between the two
protocols?
ID sub A is added to line 5 and to the encrypted return in line 6.
b. In part a., what was the weakness in the first
protocol? Explain.
This is directly explained – it is the unusual case that a different user
would use the same nonce.
c.
Consider the arbitrated
digital signature protocol of table 10.1.c (Page 302)?
Which of the criteria of page 300 are met:
|
Criterion |
Met (Yes/No) |
|
The
signature must be a bit pattern that depends on the message |
Yes |
|
The
signature must use some information unique to the sender |
Yes |
|
It
must be relatively easy to produce |
Yes, short messages |
|
It
must be computationally infeasible to forge |
Yes |
|
It
must be practical to retain |
Yes, light traffic |
2.
The
following apply to Kerberos. Please
answer the following, briefly, but avoiding the dreaded RADQ.
a. Explain how the two-realm model of figure 11.2 would
deal with a user from the client realm with the same ID as the user from the
server realm?
This again is relatively simple – the client server is the one performing
user authentication, and the server TGS grants a ticket based on its trust of
the client TGS.
b. What safeguards would you use in adding a user to a
Kerberos authentication server using certificate authorities rather than
off-line key distribution.
The Kerberos server has to have a secure distribution of the certificate
server’s public key or a shared key. The issuance criteria demanded by the Kerberos server can be
specified all the way to personal experience if the local application requires
that level of security.
c. What are the disadvantages of three-way authentication
(p. 347) when synchronized clocks are available?
Only the additional message traffic and encryption.
3.
Please answer the following,
briefly, please.
a.
In PGP, a key revocation certificate is signed by the
owner. How would the owner counter the
situation in which a malicious individual has done so for the purpose of
denying service?
There is really no counter to this one except
not allowing later keys to be compromised.
The new key is not subject to the same kind of compromise unless the
rightful user continues to be careless.
Note that the compromise may have been of the passphrase, and then the
entire key ring needs reencryption.
b.
Consider Figure 13.10.d on page 420. Describe what protections this gives.
The inner tunnel is host-to-host and can be used for interdepartmental
purposes, the outer is gateway-to host or gateway and can be used for VPN
purposes. In effect this is a remote
member of a VPN with an internal departmental security layer added.
c.
State an example of a scenario (VPN, departmentalization,
etc.) in which this would be useful.
This is answered above