Chapter 23 - Internet Authentication Applications

0.0(0)
studied byStudied by 0 people
linked notesView linked note
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/16

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

17 Terms

1
New cards

Kerberos

A standard, public-domain-based remote authentication protocol developed by MIT that uses a trusted third party to verify identities.

2
New cards

Kerberos anatomy

  • client - person that request authentication

  • application - resource client tries to access

  • Kerberos - in between client + app

    • Kerberos authentication server

    • Kerberos ticketing server

3
New cards

Man-in-the-middle attacks

Unsecured networks that are susceptible to interception, putting sensitive data at risk.

4
New cards

Ticket Granting Ticket (TGT)

An encrypted ticket that contains the session key and message, allowing access to applications without sending passwords over an insecure network.

5
New cards

Authentication server

The server that verifies the identity of clients in the Kerberos protocol.

6
New cards

Ticket Granting Server (TGS)

The server that encrypts the TGT with the session key and grants access to services.

7
New cards

3 Step TGT exchanges

  • client authentication request: client logs in + requests application → authentication server → once match TGT → sends TGT back to client

  • authentication server response: client sends TGT to ticketing server → TGS further encrypts with session key → validates and grants TGT back to client

  • client sends TGT to application server → application creates a service ticket → client sends ticket to host

8
New cards

Version 5 Kerberos

An updated version of Kerberos that improved scalability and used AES instead of DES.

9
New cards

Certificate Authority (CA)

A trusted entity that assigns public keys to owners to prevent impersonation.

10
New cards

Certificate

Created by a trusted, third party that actually binds the key w/ its owner

11
New cards

X.509

The digital standard for public key certificates

12
New cards

X.509 anatomy

  • subject

  • public key

  • issuer

  • validity,

  • digital signature.

13
New cards

Public Key Infrastructure (PKI)

The framework that includes all assets necessary for creating, managing, and distributing public keys.

14
New cards

Short-lived certificates

Certificates with limited validity that require frequent renewal.

15
New cards

Attribute certificates

Certificates that have validity based on roles or attributes rather than identity.

16
New cards

Proxy Certificates

Certificates that address short-lived certificate demerits and are acknowledged using extensions

17
New cards

Public Key Infrastructure (PKI)

all assets that create public keys including:

  • CA

  • Registration Authority (RA) - authenticates a certificate that refers to CA

  • Digital Certificates

  • Trust Store - repository of all the certificates (includes unused certificates)