Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
9 Cards in this Set
- Front
- Back
Define security protocols and ideal security protocol
|
Communication rules followed in security applications.
Are particularly subtle since the attacker can actively intervene in the process in a variety of ways Ideal security protocol: not too fragile (protocol would function correctly even when an attacker actively tried to break it). Should continue to work even if environment in which its deployed changes. |
|
Simple security protocols
|
Could be used for entry into a secure facility (insert badge and provide PIN, withdraw money from ATM)
|
|
Challenge response mechanism
To prevent replay attack, incorporate... |
Bob sends challenge, response from Alice must be something only Alice can provide and Bob can verify.
To prevent replay attack, Bob can incorporate a nonce (number used once), in the challenge. He can send a unique challenge each time |
|
Purpose of Session Keys
|
To limit the amount of data encrypted with any one particular key and to limit the damage if one session key is compromised.
Used to provide confidentiality or integrity protection to the messages. |
|
Definite session keys
|
Single use symmetric key used for encrypting all messages in one communication session.
|
|
Definition of timestamps and benefits and issues
|
A time value, typically expressed in miliseconds. Can be used in place of a nonce.
Benefits: Don't need to waste any messages exchanging nonces. Issues: Use of timestamps implies time is a security critical parameter. Can't rely on clocks to be perfectly synchronized so must allow for clock skew (must accept any timestamp that is close to the current time) |
|
TCP three way handshake for authentication
how to make more secure and overall better approach |
TCP not designed to be used for authentication so method is not secure.
1. Synchronization request 2. acknowledges sync request 3. acknowledges previous message Could make more secure by randomization of initial SEQ numbers but eh Better approach: employ a secure authentication protocol after three way handshake is completed. |
|
Zero Knowledge Proofs: Fiat- Shamir
Advantages |
Alice wants to prove to Bob she knows a secret without revealing any info about the secret. Bob must be able to verify that Alice knows even though he gains no info about the secret.
Adv: Allow authentication with anonymity |
|
Zero knowledge Proofs: Messages
|
1. Commitment phase: Alice commits to her choice of r but has not revealed r.
2. Challenge phase: Bob challenges Alice to provide correct response. 3. Response phase: Alice must respond with correct value. |