* 5 *
- What is a replay attack? How can we avoid replays?Eavesdrop/wiretap during challenge/response authentication. Record a session and try to play back the correct response to challenges
at later time. Solution: include a timestamps or session-dependent data.
- What is meant by a session key? What is meant by a one-time password? Session key is a random encryption key which is used only for the duration of the current session. A one-time password is an authentication key which is
generated randomly and used in place of a password in order to authenticate a user.
In order to obtain a one-time password, the user must know his or her password, but
by sending the one-time password, we avoid sending the true password over the
network where it could be overheard on a wiretap.
- Explain how encryption can help with message authentication, even if the encryption is weak and easily broken. If encryption is based on a
secret, know only to the sender and receiver, then the receiver and sender can be
sure of one-another's identities in virtue of being able to decrypt data. If encryption
is based on one-time keys in addition, then it doesn't matter that the encryption is
weak, as long as the encryption could not be broken and faked while the message is
- Describe the basic idea behind the Kerberos system. What are the major drawbacks of
Kerberos?Drawbacks are security problems in multiuser systems.