# Final exam system protection
Looks like KAS stage is merged with the next one, so it's authorisation and authentication.
On the step 3 we have interservice communication, where A is authorizing in B using ticket issued by KAS.
`{Kab, A, T1}` -- servTicket
`{A, T2}` -- authenticator
ServTicket is a authorisation issued by TGS, so that Bob can authenticate Alice. This secret is shared between TGS and Bob
Authenticator -- is a time-sensitive authenticator, so communication be protected from "pass-the-hash" like attacks / stealing creds.
`{T2-1}Kab` -- will be used as a session key, if autenthiciator is right
```
Question 2 (max score: 1.5): Explain how a replay attack could work in the case of an authentication protocol in which users authenticate with a remote host by transmitting their password in encrypted format, namely, they encrypt the password with the public key of the remote host such that only the remote host can decrypt and see it.
Assume that
i) the remote host is a trusted host, and
ii) the public key of the remote host comes with a valid and verified certificate, and
iii) the attacker cannot break the cryptographic algorithm being used.
```
If we can intercept the authentication request (no need to decrypt it) and just send it over again to the auth server, we can receive a valid token/ticket. This is only given there is no nonce/stored authenticator is implemented (or we can outrun the original request, eg by failing it)
```
Question 3 (max score: 1.5): Say which three statements apply for the NIST cybersecurity framework:
1) The framework classifies the cybersecurity outcomes at which an organisation may aim.
2) According to the framework, a profile indicates a subset out of the five functions (identify, protect, detect, respond, recover).
3) According to the framework, companies must necessarily accomplish the cybersecurity outcomes classified under function "detect" before addressing any cybersecurity outcomes classified under function "respond".
4) The framework is based on the classification of security requirements as confidentiality, integrity and availability: it defines sub-categories for each of these three types of requirements.
5) Comparing a "current profile" with a "target profile" can assist to drive the improvement of a cybersecurity program.
6) According to the framework, the cybersecurity outcomes can be associated with an implementation tier (out of 4 possible implementation tiers) that defines the corresponding level of risk management practices.
```
1 2 5
P.S. all of them look so legit, i am afraid this question is about slight word differences
Sign in with Wallet
Connect another wallet