For the following questions I would like you to discuss the particulars of each

Question

For the following questions I would like you to discuss the particulars of each attack scenario and how Kerberos defends against it.

You will need to consider various elements of the attack scenarios. Some attacks can be implemented between multiple Kerberos components. For example, a MITM attack could occur between various components at various times. State your assumptions about how the attack is occurring, then describe how Kerberos defends against it. Good answers will describe both the particulars of the attack and the Kerberos defenses.

1.) A user gains access to a particular workstation and pretends to be another user from that workstation.

2.) An eavesdropper obtains the IP address of an authenticated workstation and reconfigures another workstation to impersonate the authenticated workstation.

3.) An eavesdropper captures messages and attempts a replay attack to access a server or cause damage.

4.) An eavesdropper obtains the IP address of a server and reconfigures another machine to impersonate the server and capture user requests.

5.) An attacker acts as the “man in the middle” between two computers (e.g. client and the server). The attacker spoofs each computer to “think” they have connected to the correct computer, when in fact the attacker is intercepting all transmissions. The attacker can then monitor or change any of the data before routing it on to the intended computer.

Explanation / Answer

For the following 5 scenario's any unauthorised user may be able to gain access to services and data.

kerberos solution:

Rather than building in elaborate authentication protocols at each server, Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption.

Following features that are used to design the authentication facility in kerberos inorder to handle the 5 scenario's mentioned.

1)A simple authentication dialogue:

In an unprotected network environment, any client can apply to any server for service. The obvious security risk is that of impersonation. An opponent can pretend to be another client and obtain unauthorized privileges on server machines.

To counter this threat, servers must be able to confirm the identities of clients who request service. Each server can be required to undertake this task for each client/server interaction, but in an open environment, this places a substantial burden on each server.

An alternative is to use an authentication server (AS) that knows the passwords of all users and stores these in a centralized database. In addition, the AS shares a unique secret key with each server. These keys have been distributed physically or in some other secure manner.

Kerberos satisfy the following requirements:

A)Secure: A network eavesdropper should not be able to obtain the necessary information
to impersonate a user. More generally, Kerberos should be strong enough that a potential
opponent does not find it to be the weak link.

2)X.509 Authentication Service
:

A)Distributed set of servers that maintains a database about users.
B)Each certificate contains the public key of a user and is signed with the private key of a CA.

3)SSL (Secure Socket Layer)
:

A)transport layer security service.It was developed by Netscape
B)version 3 designed with public input subsequently became Internet standard known as TLS
uses TCP to provide a reliable end-to-end service.

4)Dual Signature:

customer creates dual messages
A)order information (OI) for merchant
B)payment information for bank neither party needs details of other but must know they are linked

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.