Question
https://s3.amazonaws.com/answer-board-image/bf9aea6f-c5d7-46ec-ac5b-8195178ef01d.png Lets consider the Kerberos authentication scenario shown in Figure 1. Before the client user can prove his identity to the Server in Step 5,
https://s3.amazonaws.com/answer-board-image/bf9aea6f-c5d7-46ec-ac5b-8195178ef01d.png
Lets consider the Kerberos authentication scenario shown in Figure 1. Before the client user can prove his identity to the Server in Step 5, the client needs to first get a (service) ticket from the Ticket Granting Server (TGS) through Step 3 and Step 4. Moreover, in order to get a ticket from TGS, the client has to firstly go through Step 1 and 2 with the Authentication Server (AS) to get the TGT (ticket granting ticket). Figure 1 2. 1.1: In Figure 1, only one machine knows the long term key of the TGS besides the TGS, who is it? 3.
1.2: In Figure 1, say True or False to the following statement: AS knows the long term key of the Server. 4.
1.3: In Step (2), AS will send the TGT to the client. Say True or False to the following statement: To enable the client to see what is inside the TGT, the TGT will be encrypted by the client users long term key, which is a transformation of the users password. 5.
1.4: In Step (3), the client needs to send two things to TGS: the authenticator and the TGT. Since the TGT contains the users identity information, it seems that the authenticator is useless. However, without the authenticator, Mallory (the attacker) may launch a serious attack. What can this attack do? 6.
1.5: With the authenticator, the attack mentioned in Question 1.4 will be defeated. Why? 7.
1.6: To prevent attacks, the authenticator must be encrypted in Step (3). However, the client does NOT know the long term key of the TGS. How can Kerberos let the TGS know the authenticator encryption key? Please give a complete answer. 8.
1.7: After TGS verifies the clients identity, TGS will issue a ticket to the client. What information items are included in this ticket? 9.
1.8: After a while, the client will receive the ticket. Then the client will send the ticket to the server. However, this ticket itself is NOT sufficient for the server to offer the service to the client because Mallory may launch a serious attack. What can this person do to fool the server? 10.
1.9: Because of the problem mentioned in Question 1.8, the client also needs to send another authenticator to the server. The authenticator will be encrypted by which key? 11.
1.10: When the Server receives the authenticator and the ticket from the client. The server will compare the information items contained in the authenticator and the ticket to authenticate the client users identity. Please give a detailed answer on how such comparison will be done? 12.
2. To avoid letting every server know every users password, Kerberos wants to enforce the ticket-based service access idea. However, this idea is facing three security threats. What are they?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started