Deck 4: Key Distribution and User Authentication

The ticket-granting ticket is encrypted with a secret key known only to the authentication server and the ticket granting server.

When two end systems wish to communicate they establish a logical connection and, for the duration of that logical connection, all user data are encrypted with a one-time __________ which is destroyed at the end of the session.

User certificates generated by a CA need special efforts made by the directory to protect them from being forged.

One of the major roles of public-key encryption is to address the problem of key distribution.

It is not required for two parties to share a secret key in order to communicate securely with conventional encryption.

The principal underlying standard for federated identity is the Security Assertion Markup Language (SAML) which defines the exchange of security information between online business partners. 1.A _________ is a key used between entities for the purpose of distributing session keys.

For symmetric encryption to work the two parties to an exchange must share the same key, and that key must be protected from access by others.

After determining which systems are allowed to communicate with each other and granting permission for the two systems to establish a connection, the _________ provides a one-time session key for that connection.

The automated key distribution approach provides the flexibility and dynamic characteristics needed to allow a number of users to access a number of servers and for the servers to exchange data with each other.

X.509 is based on the use of public-key cryptography and digital signatures.

If the lifetime stamped on a ticket is very short (e.g., minutes) an opponent has a greater opportunity for replay.

Kerberos version 4 did not fully address the need to be of general purpose.

Kerberos relies exclusively on asymmetric encryption and makes use of public key encryption.

Federated identity management is a concept dealing with the use of a common identity management scheme across multiple enterprises and numerous applications and supporting many thousands, even millions, of users.

The strength of any cryptographic system rests with the _________ technique, a term that refers to the means of delivering a key to two parties that wish to exchange data without allowing others to see the key.

A session key is destroyed at the end of a session.

If an opponent captures an unexpired service granting ticket and tries to use it they will be denied access to the corresponding service.

It is not necessary for a certification authority to maintain a list of certificates issued by that CA that were not expired but were revoked.

Rather than building elaborate authentication protocols at each server, _________ provides a centralized authentication server whose function is to authenticate users to servers and servers to users.

A _________ is the client's choice for an encryption key to be used to protect this specific application session.

__________ defines a framework for the provision of authentication services by the X.500 directory to its users and defines alternative authentication protocols based on the use of public-key certificates.

The technical deficiencies of Kerberos version 4 are: double encryption, PCBC encryption, session keys and __________ .

A _________ consists of a public key plus a user ID of the key owner, with the whole block signed by a trusted third party which is typically a CA that is trusted by the user community.

Kerberos version 5 defines all message structures by using __________ and Basic Encoding Rules (BER), which provide an unambiguous byte ordering.

The _________ exentsion is used only in certificates for CAs issued by other CAs and allows an issuing CA to indicate that one or more of that issuer's policies can be considered equivalent to another policy used in the subject CAs domain.

A __________ is a set of managed nodes that share the same Kerberos database which resides on the Kerberos master computer system that is located in a physically secure room.

A __________ server issues tickets to users who have been authenticated to the authentication server.