Haedes and Cerberos in the Underworld (right)
(from Gamespot.com)
(from Gamespot.com)
CERBEROS is another name for KERBEROS
Week 4 Assignments
Theme for the Week - Key Distribution and User Authentication
Learning Objectives:
• Construct a model of a Kerberos realm that depicts all main principals.
• Discuss how a certificate can be used for authentication.
• Explain how a secure private key exchange can be conducted using public key cryptography algorithms.
• Describe how authentication can be accomplished using asymmetric encryption/decryption.
Readings:
• Chapter 4 in your textbook.
• Designing an Authentication System: a Dialogue in Four Scenes (MIT)
This week:
Our last two lessons have been mainly theory. We examined symmetric and asymmetric encryption and theorized how they could be used to provide authentication and encryption for a secure network infrastructure. This week, we examine specific implementations of those concepts. Kerberos is used to provide third party authentication and is the principle authentication mechanism for Microsoft Active Directory domains. Certificates are widely used as a means to authenticate users and distribute secret keys. Federated Identity Management allows us to authenticate across multiple systems using a single sign-on. At the heart of each of these services is a combination of symmetric and asymmetric encryption algorithms, and we'll study each of these implementations in considerable depth in this week's lesson. You author uses a variety of models to explain the main concepts of this lesson. Remember to slow down and study the terms and symbology for each. The models are pictures, and each is worth a thousand words. Time spent studying them is time well spent. If you have any problems or questions trying to figure something out, please post it to the discussion forum. Also, textbooks are not without errors. The author has an errata page on his Web site. Please refer to it or ask questions if you think you have found something that is in error.
I'll briefly touch on one very important concept here, because I want to be sure that you know it well as you approach your studies. Keys for asymmetric encryption are special. Unlike symmetric keys where you can choose your key at random, asymmetric keys must be created using a key generator that produces a mated pair. If I use one key to encrypt, the only key that can unencrypt is the other key in the pair.
Let me say that again: One key encrypts and ONLY THE OTHER KEY IN THE PAIR DECRYPTS.
There is no other key in the known universe, including the one used for encryption, that can unencrypt. This is an extremely powerful concept. Think about it; if you encrypt something using your private key and I can unencrypt it using your public key, then I have a reasonable assurance that it came from you. If I receive something that was encrypted by any other key, your public key won't unencrypt it, and I'll know it didn't come from you.
We are now ready to begin work on our assignments. There is about eight hours of work this week, so I suggest that your get started early. It would also be wise to get on the discussion forum as soon as possible. That way, you will have a better chance at capturing the question you want to answer. Now let's get started.
Assignment 4_1 (On-line Quiz)
Take this ten question true/false and multiple choice chapter quiz over the reading assignment. Quizzes are a "participation grade," which means that you can retake them as many times as necessary. However, please be aware that low scores are a sign that you need to go back to the reading assignment, slow down, and read more carefully.
You need to take the quiz by the end of the week to earn credit.
Assignment 4_2 (Post to this week's discussion forum)
Post a substantive answer to one of the following questions below. Please select a question that has not been previously answered by one of your classmates, until all questions have been answered at least once. Once that has been done, you may select any question that has only been answered once. Once you have submitted your initial post, read each initial post and respond to at least three. Remember to cite your sources.
1. Your text says that certificates are unforgeable. Why can't they be forged? Please note that you could also argue that they can be forged and explain how to do it.
2. What is a Kerberos realm and how does it provide third party authentication?
3. How does single sign-on authenticate across different systems?
4. If a certificate is used to distribute a public key, how can you be sure that it is a valid key?
5. How can I set up my own Certificate Authority (CA) server on the Internet and issue certificates for fun and profit? You might want to use the Internet to answer this question.
6. What is in a certificate and, if it is issued to me, why don't I have to protect it?
7. How do I know when something needs to be encrypted using my public key, or when I need to use my private key to encrypt it?
8. I am in the process of logging on to a Microsoft Active Directory domain. What process does my computer go through to get a Kerberos session ticket? You might want to use Microsoft Technet to answer this question.
9. How do the concepts we have studied for the past three weeks relate to designing a secure network architecture? "I don't know," will not get you full credit for this question.
10. What is the biggest threat to current encryption technologies and how would you counter it?
Our trivia question for the week: What cipher was discussed at length in Edgar Alan Poe's short story, The Gold Bug, how does it work, and what message was it used to encrypt?
General Posting Guidelines (for participation): Postings are counted as participation for the week. Make sure all postings for this week's assignments are posted to this week's discussion forum. You must post at least two substantive messages to get minimum credit for participation (a 'C' grade). Two messages on different days gets a 'B' for participation - more postings (including answering other questions) get more credit. To qualify for an 'A' grade, you must post at least three critical thinking messages on three different days. Postings on the last day of the lesson will not count for credit since other students will not have sufficient time to respond or participate in your discussion. Post early and often. Don't wait until the last minute!
Assignment 4_3 (Attach to this assignment)
Complete your reading assignment first. Based on what you read in your text and the MIT Kerberos document, "Designing an Authentication System: a Dialogue in Four Scenes," explain how Kerberos works in your own words. You may access this document from the link in your reading assignment above. You may also use appropriate sources from the Internet. If you wish, you can provide a practical example of how Kerberos is being used. Remember to cite your sources using APA style with in-text citations and a reference list. This paper should be 1-2 pages in length. Feel free to use figures to help make your point. Save your work to a Word document as CYBR515 Assignment 4_3 and attach it to this assignment.
Assignment 4.4 Milestone 1 (Attach to this assignment)
Our first deliverables are due this week. They consist of a Visio diagram that depicts your interpretation of the current network and a written summary of network vulnerabilities that you uncover. Please include CYBR515 Assignment 4_3 and your name in the file name for your diagram and summary and attach them to this assignment. Remember, you only have one opportunity to attach documents, so please attach both documents at the same time.
No comments:
Post a Comment