Sol31 - 1 CHAPTER 31 Network Security Solutions to Review...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 1 CHAPTER 31 Network Security Solutions to Review Questions and Exercises Review Questions 1. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from a repeated one. 2. The N 2 problem refers to the large number of keys needed for symmetric key cryp- tography. For N people, (N (N-1))/2 keys are needed, which is proportional to N 2 . 3. Both the Needham-Schroeder and the Otway-Rees protocols use a KDC for user authentication. 4. The Kerberos authentication server (AS) registers each user and grants each user a user identity and a password. The AS issues a session key for use between the sender and the ticket-granting server (TGS). 5. The Kerberos TGS issues a ticket for the real server and provides the session key between the sender and the receiver. 6. X.509 is a protocol that describes the certificate in a structural way. 7. A certification authority (CA) is a federal or state organization that binds a public key to an entity and issues a certificate. 8. A long password is more immune to guessing than a short password . However, a long password is difficult to remember; it is often written somewhere. This may make it easier for the adversary to steal it. 9. A frequently-changed password is more secure than a fixed password but less secure than a one-time password. However, a one-time password needs more effort from the system and the user. The system needs to check if the password is fresh every time the user tries to use the password. The user needs to be careful not to use the pervious one. A more frequently changed password can be used as an alternative. One solution is that the system initializes the process of changing the password by sending the new password, through a secure channel, and challenging the user to be sure that the right user has received the new password. 10. One way to prevent a guessing attack on a password is to use long passwords. For example, it is more difficult to guess a 10-digit password than a 4-digit one. Banks 2 recommend that a customer not use a short PIN (a type of password). In particular, they recommend not using an easily-guessed number such as the birth year. Banks also request a change in the PIN when a stolen bank card is reported and replaced by a new one. Exercises 11. a. The algorithm meets the first criteria ( one-wayness ). It is not possible to find the original numbers if the digest is given. For example, if we know the digest is 76, we cannot find the original ten numbers. They can be any set of 10 numbers. b. The algorithm does not meet the second criteria ( weak collision ). If the digest is given, we can create 10 numbers that hash to the same digest. For example, Eve, without knowing the original set of numbers, can intercept the digest of 51 and create the set {12, 23, 45, 12, 34, 56, 9, 12, 34, 14} and send it with the digest 51 to Bob. Bob is fooled and believes that the set is authentic....
View Full Document

Page1 / 8

Sol31 - 1 CHAPTER 31 Network Security Solutions to Review...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online