Explore BrainMass

authentication protocol

This content was STOLEN from BrainMass.com - View the original, and get the already-completed solution here!

Suppose we are using a three-message mutual authentication protocol, and Alice initiates contact with Bob. Suppose we wish Bob to be a stateless server, and therefore it is inconvenient to require him to remember the challenge he sent to Alice. Let's modify the exchange so that Alice sends the challenge back to Bob, along with the encrypted challenge. The protocol is: (It is shown in the image attached)

Is this protocol secure? Justify your answer

© BrainMass Inc. brainmass.com October 24, 2018, 6:11 pm ad1c9bdddf


Solution Preview

In secret key protocol, it is absolutely necessary that A and B have a common session key that is not known by the intruder I. We will call the session key: Kab. Along with the session key we have variables that indicate the user that is user, they are: A and B in the protocol. Ra and Rb are so called challenges that are sent and retrieved encrypted by the session key so that when it is decrypted it can be ...

Solution Summary

This job discusses authentication protocol.

See Also This Related BrainMass Solution

Authentication and Handshake Protocols

1) Please identify and describe the research direction (if any) you want to conduct in authentication and handshake protocols.

2) Please describe any research experience and/or preparation that may support you towards this research-oriented PhD study.

My capstone project for the Bachelor's degree was to identify vulnerabilities in virtual utility companies by using security tools and developing mitigation plans based on the results.

Hers is some helpful info about my research.
VUC recently has procured actual devices from the field made available for your assessment. You will need to review the devices and perform a security assessment of them and report back to VUC management.
What is an end system technical security assessment?

Use tools such as Nessus, Harris STAT, LanGuard, MBSA, CISecurity.org, vendor documentation, message boards, exploitdb, Metasploit, or any other technical scanning/assessment tool to produce a report Then, using these results - report upon each individual finding:

How to respond (How to remediate with prioritization)?
When to respond (What is the exposure)?
What if you do nothing (What is the worst that could happen)

For this part: (As an Individual)
Perform a security assessment of a host operating system configuration [use your computer, an online system image or a computer in the lab]

For this part: (As a Group)
Perform a security assessment of three of the VUC field devices available in the computer lab on the 3rd floor.

View Full Posting Details