Answered step by step
Verified Expert Solution
Question
1 Approved Answer
1. Authentication protocols. A large Appalachian research university wants to implement a central sign-on facility where users authenticate themselves to an official site then receive
1. Authentication protocols. A large Appalachian research university wants to implement a central sign-on facility where users authenticate themselves to an official site then receive a token that confirms their identity to all other campus sites (a) Assuming the protocol is competently implemented and deployed, how might deploy- ing this service improve security on campus? Under the same assumptions, how might it hurt security? Suppose the sign-on protocol proceeds as follows: When the user visits site A, which requires authentication, site A redirects the user to the central sign-on site. Following authentication, the central sign-on site redirects the user's browser back to a standardized HTTPS URL at site A with the following parameters: u, the user's username, and Sign(u), a digital signature produced with the sign-on site's private key. (Assume that the corresponding public key is widely known.) The site checks that the signature is valid for u, and considers the user authorized if so (c) If site A is controlled by an attacker, how can it trivially impersonate the user to other sites that trust the sign-on protocol? (d) Propose a simple change to the protocol that would fix the problem identified in (c). Professor Vuln would like to provide a simple mechanism to allow members of his massive research group to authenticate to each other before they exchange confidential data. He decides to distribute a shared secret key k that will allow the group members to mutually authenticate each other. His protocol is given below
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started