Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

https://s3.amazonaws.com/answer-board-image/bf9aea6f-c5d7-46ec-ac5b-8195178ef01d.png Lets consider the Kerberos authentication scenario shown in Figure 1. Before the client user can prove his identity to the Server in Step 5,

https://s3.amazonaws.com/answer-board-image/bf9aea6f-c5d7-46ec-ac5b-8195178ef01d.png

Lets consider the Kerberos authentication scenario shown in Figure 1. Before the client user can prove his identity to the Server in Step 5, the client needs to first get a (service) ticket from the Ticket Granting Server (TGS) through Step 3 and Step 4. Moreover, in order to get a ticket from TGS, the client has to firstly go through Step 1 and 2 with the Authentication Server (AS) to get the TGT (ticket granting ticket). Figure 1 2. 1.1: In Figure 1, only one machine knows the long term key of the TGS besides the TGS, who is it? 3.

1.2: In Figure 1, say True or False to the following statement: AS knows the long term key of the Server. 4.

1.3: In Step (2), AS will send the TGT to the client. Say True or False to the following statement: To enable the client to see what is inside the TGT, the TGT will be encrypted by the client users long term key, which is a transformation of the users password. 5.

1.4: In Step (3), the client needs to send two things to TGS: the authenticator and the TGT. Since the TGT contains the users identity information, it seems that the authenticator is useless. However, without the authenticator, Mallory (the attacker) may launch a serious attack. What can this attack do? 6.

1.5: With the authenticator, the attack mentioned in Question 1.4 will be defeated. Why? 7.

1.6: To prevent attacks, the authenticator must be encrypted in Step (3). However, the client does NOT know the long term key of the TGS. How can Kerberos let the TGS know the authenticator encryption key? Please give a complete answer. 8.

1.7: After TGS verifies the clients identity, TGS will issue a ticket to the client. What information items are included in this ticket? 9.

1.8: After a while, the client will receive the ticket. Then the client will send the ticket to the server. However, this ticket itself is NOT sufficient for the server to offer the service to the client because Mallory may launch a serious attack. What can this person do to fool the server? 10.

1.9: Because of the problem mentioned in Question 1.8, the client also needs to send another authenticator to the server. The authenticator will be encrypted by which key? 11.

1.10: When the Server receives the authenticator and the ticket from the client. The server will compare the information items contained in the authenticator and the ticket to authenticate the client users identity. Please give a detailed answer on how such comparison will be done? 12.

2. To avoid letting every server know every users password, Kerberos wants to enforce the ticket-based service access idea. However, this idea is facing three security threats. What are they?

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Spatial Database Systems Design Implementation And Project Management

Authors: Albert K.W. Yeung, G. Brent Hall

1st Edition

1402053932, 978-1402053931

More Books

Students also viewed these Databases questions

Question

=+Is the message on-strategy?

Answered: 1 week ago