Cryptography Reference
In-Depth Information
9
. Find out information about the Kerberos protocol. There are different versions
of this protocol, but they all work in broadly similar ways.
(a) What is the Kerberos protocol used for?
(b) What entities are involved in the Kerberos protocol?
(c) What assumptions need to be in place before use of the Kerberos protocol?
(d) Informally describe the protocol flow and messages of the Kerberos
protocol.
(e) Explain the extent to which the Kerberos protocol meets the typical AKE
protocol goals of Section 9.4.1.
10
. By basing your ideas heavily on the protocol in Section 9.4.3, design a similar
AKE protocol that uses clock-based freshness mechanisms instead of nonces.
11
. Suppose that two different cryptographic protocols both achieve the same
protocol goals and can thus be argued to be equivalent from a security
perspective. What criteria do you suggest we use to compare these two
protocols from an
efficiency
perspective?
12
. A cryptographic protocol is normally considered to have to failed if some
protocol message is not received correctly, or a protocol action fails. One
option for proceeding is simply to rerun the protocol. Explain, by means of
some illustrative examples, why straightforward rerunning of the protocol is
not always the best way of proceeding.
13
. Cryptographic protocols are notoriously difficult to design. Provide an informal
explanation of the different approaches that are being taken towards trying to
establish the formal security of cryptographic protocols.
14
. Most of the cryptographic protocols that we discussed in this chapter were AKE
protocols, whose primary goals are entity authentication and key establishment.
Find at least two examples of cryptographic protocols that are not AKE
protocols. For each of these protocols:
(a) Identify the main protocol goals.
(b) Briefly explain which cryptographic mechanisms are used to achieve these
goals.
15
.
In Section 9.3.4 we mentioned
interleaving attacks
on cryptographic protocols,
which can be launched against parallel executions of a protocol.
(a) Find an example of a simple interleaving attack against a cryptographic
protocol.
(b) Explain what types of defence mechanism can be put in place against this
type of attack.
