CS 448 Part 4
_________ are entities that obtain and employ data maintained and provided by identity and attribute providers, which are often used to support authorization decisions and to collect audit information.
Data Consumers
The purpose of the _________ algorithm is to enable two users to exchange a secret key securely that then can be used for subsequent encryption of messages and depends on the difficulty of computing discrete logarithms for its effectiveness.
Diffie-Hellman
Based on the use of a mathematical construct known as the elliptic curve and offering equal security for a far smaller bit size, __________ has begun to challenge RSA.
ECC
________ protects against passive attacks (eavesdropping)
Encryption
Kerberos version 4 requires the use of a(n) ____________ .
Ethernet link address
Cryptographic hash functions generally execute slower in software than conventional encryption algorithms such as DES.
False
If an opponent captures an unexpired service granting ticket and tries to use it they will be denied access to the corresponding service.
False
If the lifetime stamped on a ticket is very short (e.g., minutes) an opponent has a greater opportunity for replay.
False
It is not necessary for a certification authority to maintain a list of certificates issued by that CA that were not expired but were revoked.
False
It is not required for two parties to share a secret key in order to communicate securely with conventional encryption.
False
Kerberos relies exclusively on asymmetric encryption and makes use of public key encryption.
False
Message encryption alone provides a secure form of authentication
False
Private key encryption is used to produce digital signatures which provide an enhanced form of message authentication.
False
The security of the Diffie-Hellman key exchange lies in the fact that, while it is relatively easy to calculate exponentials modulo a prime, it is very easy to calculate discrete logarithms
False
The two important aspects of encryption are to verify that the contents of the message have not been altered and that the source is authentic.
False
User certificates generated by a CA need special efforts made by the directory to protect them from being forged.
False
A ___________ is a service or user that is known to the Kerberos system and is identified by its principal name.
Kerberos principal
__________ is a procedure that allows communicating parties to verify that received messages are authentic.
Message authentication
Encryption in version 4 makes use of a nonstandard mode of DES known as ___________ .
PCBC
The most widely accepted and implemented approach to public-key encryption, _________ is a block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n.
RSA
The most important hash function is ________ .
SHA
Secure Hash Algorithms with hash value lengths of 256, 384, and 512 bits are collectively known as _________ .
SHA-2
A session key is destroyed at the end of a session.
True
Because of the mathematical properties of the message authentication code function it is less vulnerable to being broken than encryption
True
Even in the case of complete encryption there is no protection of confidentiality because any observer can decrypt the message by using the sender's public key
True
Federated identity management is a concept dealing with the use of a common identity management scheme across multiple enterprises and numerous applications and supporting many thousands, even millions, of users.
True
For symmetric encryption to work the two parties to an exchange must share the same key, and that key must be protected from access by others.
True
In addition to providing authentication, a message digest also provides data integrity and performs the same function as a frame check sequence
True
In the ECB mode of encryption if an attacker reorders the blocks of ciphertext then each block will still decrypt successfully, however, the reordering may alter the meaning of the overall data sequence
True
Kerberos version 4 did not fully address the need to be of general purpose.
True
One of the major roles of public-key encryption is to address the problem of key distribution.
True
Public key algorithms are based on mathematical functions rather than on simple operations on bit patterns
True
Public key algorithms are useful in the exchange of conventional encryption keys
True
The automated key distribution approach provides the flexibility and dynamic characteristics needed to allow a number of users to access a number of servers and for the servers to exchange data with each other.
True
The key exchange protocol is vulnerable to a man-in-the-middle attack because it does not authenticate the participants
True
The main advantage of HMAC over other proposed hash based schemes is that HMAC can be proven secure, provided that the embedded hash function has some reasonable cryptographic strengths
True
The principal underlying standard for federated identity is the Security Assertion Markup Language (SAML) which defines the exchange of security information between online business partners.
True
The private key is known only to its owner
True
The strength of a hash function against brute-force attacks depends solely on the length of the hash code produced by the algorithm
True
The ticket-granting ticket is encrypted with a secret key known only to the authentication server and the ticket granting server.
True
X.509 is based on the use of public-key cryptography and digital signatures.
True
Used in most network security applications, the __________ standard has become universally accepted for formatting public-key certificates.
X.509
Public key cryptography is __________ .
asymmetric
The __________ knows the passwords of all users and stores these in a centralized database and also shares a unique secret key with each server.
authentication server
The _________ extension lists policies that the certificate is recognized as supporting, together with optional qualifier information.
certificate policies
It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). A hash function with this property is referred to as __________ .
collision resistant
The __________ property protects against a sophisticated class of attack known as the birthday attack.
collision resistant
The purpose of a ___________ is to produce a "fingerprint" of a file, message, or other block of data.
hash function
A random value to be repeated to assure that the response is fresh and has not been replayed by an opponent is the __________ .
nonce
A _________ is a key used between entities for the purpose of distributing session keys.
permanent key
The readable message or data that is fed into the algorithm as input is the __________ .
plaintext
"It is easy to generate a code given a message, but virtually impossible to generate a message given a code" describes the __________ hash function property.
preimage resistant
The key used in conventional encryption is typically referred to as a _________ key.
secret
Containing the hash code of the other fields encrypted with the CA's private key, the __________ covers all of the other fields of the certificate and includes the signature algorithm identifier.
signature
Once the authentication server accepts the user as authentic it creates an encrypted _________ which is sent back to the client.
ticket
In order to solve the problem of minimizing the number of times that a user has to enter a password and the problem of a plaintext transmission of the password a __________ server is used.
ticket granting
If the message includes a _________ the receiver is assured that the message has not been delayed beyond that normally expected for network transit
timestamp
In order to prevent an opponent from capturing the login ticket and reusing it to spoof the TGS, the ticket includes a __________ indicating the date and time at which the ticket was issued.
timestamp
