8-1 Discuss the severity of the problems associated with authentication and access control for centralized and network-based systems.

In both cases a password or other authenticator has to be transmitted from the users input device and input into the authenticating system. If the password is transmitted in clear the degree of insecurity depends on whether the connection is within a firewall or external to it. For external authentication the password is usually required to be encrypted with a protocol such as ssh (secure shell).

8-2 Suppose an eavesdropper captures the complete (unsecured) interaction between a client and each of the following services. Discuss the possible implications.

Note that in both cases national data protection acts require that such interactions should be secure. We are looking at a situation where the security provided has been broken.

The eavesdropper has personal information about the client, such as the delivery address but, more importantly, has the purchaser?s credit card details which he/she can then use with other web services, validated by the home address etc.

The eavesdropper has highly personal information about the client. Such information might bear on the individual?s ability to obtain insurance or be used in family disputes. If the person is famous the information could be sold to the press.

8-3 What is meant by a firewall? How can people connect to their computers that are located behind firewalls? How can web services be provided? How can peer-to-peer sharing be provided?

The concept is that the set of computers comprising a domain are protected from external access. Any external, incoming communication destined for an IP address within the domain is intercepted at the host implementing the forewall. Email and web traffic are detected and can proceed to mail hosts and web servers (typically at a well-known port (80) at the web server?s IP address.)

8-4 What are the main problems associated with each of secret key and public key encryption? How are secret and public key encryption commonly used together to achieve the best of both worlds?

Secret key encryption requires key distribution. Public key encryption has a much higher algorithmic overhead than secret key. They are complementary in that public key encryption can be used for key distribution and secret key encryption for secure communication using the distributed keys.

8-5 How can encryption keys (initially designed to achieve secure communication) be used for authentication?

By testing whether the principal to be authenticated is the posessor of the secret key corresponding to its published public key. This is called a challenge-response protocol, a nonce is sent to the principal, encrypted with its public key and it must return the decrypted nonce. (The communications secured by the server?s keys). But principals should not respond to unexpected challenges.

8-6 What is meant by a digital signature? How are digital signatures created? How do they support non-repudiation and prevent tampering?

A one-way function is applied to a document to create a signature. Subsequently, anyone can check whether the document has been tampered with by reapplying the one-way fundtion to it and checking the output with the original signature. If the one-way function is used with a key that is private to a single principal then the document plus signature can be used for non-repudiation.

8-7 What is meant by a ?nonce? and what problem does the use of a nonce attempty to solve?

A nonce is a random number that is intended to be used in a single request-response interaction. Its purpose is to guard against replay attacks.

8-8 What is meant by a session key? Why are session keys used? How can a session key be shared securely?

The basic idea is that if persistent public keys are used over a long period to encrypt communication they become increasingly vulnerable to attack. If a fresh key pair is generated to secure communication only for the duration of a session, then discarded, security is enhanced.

8-9 What is the idea behind SPKI?

The idea is to avoid the need for globally valid certificates. Any organisation might have its own certification authority and then effectively vouches for its employees. The organisation?s authority might be vouched for by a higher level authority. In general, the recipient of a certificate must follow back the chain of issuers until it reaches an issuer it is prepared to trust.

8-10 What is the role of certification authorities and services?

To act as trusted third parties. To issue signed certificates and to validate them when they are subsequently presented as evidence of authenticity or authorisation.