Information Security-Terminal Exam-Sp21
Information Security-Terminal Exam-Sp21
Lahore Campus
Question 3: [5 Marks]
Compute the shared private keys (Ka and Kb) using the Diffie-Hellman key exchange algorithm based on the
following provided information.
P= 13 G= 7 a= 5 b= 7
Question 4: [5 Marks]
Discuss the SSL record protocol operations required for both the sender and the receiver.
Page 1 of 2
Question 8: Kerberos involves three two-message exchanges: [(10+10+10) =30 Marks]
1. One between the client and the Key Distribution Center (KDC)
2. One between the client and the Ticket Granting Service (TGS)
3. One between the client and the server (S) chosen by the client.
In Kerberos v4, the initial communication between the client C and the KDC D goes like this:
1. C sends a ticket request containing C’s name and a TGS’s name T.
2. The KDC checks that both C and T are known to the system.
3. The KDC creates a ticket containing C’s and T’s names, C’s network address, the current time,
the lifetime of the ticket, and a session key KCT. This ticket is encrypted with T’s secret key
KDT known to both the key-distribution center D and the ticket-granting service T.
4. The reply to C consists of the ticket just described, T’s name, the current time, the lifetime of the
ticket, and the session key, all encrypted with C’s secret key KC. To keep messages that are
intended for one purpose from being mistakenly used for another, the plaintext of the encrypted
reply contains a constant string “krbtgt” identifying this as a ticket-granting ticket.
5. The client decrypts the reply and saves the ticket for use.
a) Explain briefly, in general terms, the purpose of the each of the three exchanges (between the
client and KDC, client and TGS, and client and S).
b) Assume that the user’s password is not stored on the client machine, and the client’s key KC is
computed from the user’s password by a known function. Why is Kerberos more convenient, for
the human user, than a system in which the TGS is eliminated, and the client makes a Kerberos-
style request to the KDC for each server connection?
c) A Kerberos realm consists of a KDC, a TGS, a number of clients sharing keys with the KDC,
and a number of application servers sharing keys with the TGS. In cross-realm authentication, a
client.
Page 2 of 2