CSCI 4541 Lecture Notes - Lecture 4: Network Access Control, Replay Attack, Symmetric-Key Algorithm
Document Summary
02/13/2017 - chapter 15: user authentication - kerberos & chapter 16: network. Software utility available in both public domain and in commercially supported versions. Issues as an internet standard and is the defacto standard for remote authentication. Overall scheme is that of a trusted third party authentication service. ** simple kcd-based protocol 1 syntax in slides ** Attach a sequence number to each message used in an authentication exchange. A new message is accepted only if its sequence number is in the proper order. Difficulty with this approach is that it requires each party to keep track of the last sequence number for each claimant it has dealt with. Generally not used for authentication and key exchange because of overhead. Requires that clocks among the various participants be synchronized. Party a accepts a message as fresh only if the message contains a timestamp that, in a"s judgement, is close enough to a"s knowledge of current time.