Question 1: Consider the enhanced protocol of Kerberos. This protocol introduces an additional structure using Ticket Granting Server (TGS) to perform identity verification in addition to Authentication server.
(a) Discuss the advantages of the new structure as compared with the simple protocol. Explain how the TGS helps in the process.
(b) The enhanced protocol uses two tickets, Ticket1 and Ticket2. Explain the functions of the two Tickets. Explain how encryption and decryption are carried out on the two Tickets.
(c) There are still some shortcomings in the enhanced protocol, for example, there is still a need for the user to authenticate the servers. Propose how this can be implemented.
Question 2: SSH can be used to secure and protect both Internet and Web traffic through port forwarding techniques such as Local Forwarding and Remote Forwarding. Consider a scenario where you wish to access your company's SharePoint/File Server, located at office, from your home laptop. The Server is located behind the company's firewall and will not accept any incoming connection request from your home computer.
(a) Which port forwarding technique will you use to access your work server from home?
(b) Explain briefly, the steps taken to accomplish this scenario.
(c) In the SSH Transport layer protocol, the Server host key is used during key exchange to authenticate the identity of the host. What are the trust models for a client to have prior knowledge of the server's public host key? State the advantages or disadvantages of each trust model.
Question 3:
(a) The key management phase of the IEEE802.11i RSN involves the generation of cryptographic keys for the use of AP and the STA. By applying the IEEE802.1X standard, show how these keys are generated.
(b) Briefly describe the five IEEE 802.11i phases of operation
Question 4: Alice sends to Bob a signed and encrypted PGP email message.
(a) Explain the process to sign and encrypt the message.(8 marks)
(b) Illustrate the detailed format of the transmitted PGP message with a description of its comprising components. Also, show clearly the parts of the message that are encrypted, compressed and encoded.
Question 5: In IPSEC, ESP provides confidentiality, data origin authentication, connectionless integrity, anti-replay service and limited traffic flow confidentiality.
(a) Explain traffic flow confidentiality and what it protects against.
(b) Explain how the anti-replay service is implemented in IPSEC
(c) In IPSEC, why is there a need to combine security associations? Examine the basic approaches to combine security associations into bundles? Illustrate your answers with the aid of diagrams.