Suggested Answer:B🗳️
Sesame is an authentication and access control protocol, that also supports communication confidentiality and integrity. It provides public key based authentication along with the Kerberos style authentication, that uses symmetric key cryptography. Sesame supports the Kerberos protocol and adds some security extensions like public key based authentication and an ECMA-style Privilege Attribute Service.
The users under SESAME can authenticate using either symmetric encryption as in Kerberos or Public Key authentication. When using Symmetric Key authentication as in Kerberos, SESAME is also vulnerable to password guessing just like Kerberos would be. The Symmetric key being used is based on the password used by the user when he logged on the system. If the user has a simple password it could be guessed or compromise. Even thou Kerberos or SESAME may be use, there is still a need to have strong password discipline. The Basic Mechanism in Sesame for strong authentication is as follow: The user sends a request for authentication to the Authentication Server as in Kerberos, except that SESAME is making use of public key cryptography for authentication where the client will present his digital certificate and the request will be signed using a digital signature. The signature is communicated to the authentication server through the preauthentication fields. Upon receipt of this request, the authentication server will verifies the certificate, then validate the signature, and if all is fine the AS will issue a ticket granting ticket (TGT) as in Kerberos. This TGT will be use to communicate with the privilage attribute server (PAS) when access to a resource is needed. Users may authenticate using either a public key pair or a conventional (symmetric) key. If public key cryptography is used, public key data is transported in preauthentication data fields to help establish identity. Kerberos uses tickets for authenticating subjects to objects and SESAME uses Privileged Attribute Certificates (PAC), which contain the subjects identity, access capabilities for the object, access time period, and lifetime of the PAC. The PAC is digitally signed so that the object can validate that it came from the trusted authentication server, which is referred to as the privilege attribute server (PAS). The PAS holds a similar role as the KDC within Kerberos. After a user successfully authenticates to the authentication service (AS), he is presented with a token to give to the PAS. The PAS then creates a PAC for the user to present to the resource he is trying to access.
Reference(s) used for this question: http://srg.cs.uiuc.edu/Security/nephilim/Internal/SESAME.txt and KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 43.
Both the Kerberos protocol and SESAME are vulnerable to potential attacks, including:
A. timeslot replay
Replay attacks involve intercepting and re-transmitting valid data, such as tickets or authentication tokens, to gain unauthorized access. This vulnerability is not specific to Kerberos alone but is also a concern in protocols like SESAME.
I guess password and key are different in that A password is not as long as a key normally. And A Password commonly isn't used for the encryption, but in SESAME it uses both A password & encryption, so a password is easier to guess.
Symmetric key guessing
Like the Kerberos protocol, the SESAME (Secure European System for Applications in a Multi-vendor Environment) protocol is also subject to symmetric key guessing attacks. Both Kerberos and SESAME use symmetric encryption for authentication and secure communication. In a symmetric key guessing attack, an attacker tries to guess the secret symmetric encryption key, which could allow them to impersonate a legitimate user or gain unauthorized access to protected resources. These attacks typically involve exhaustive searching or other techniques to guess the key.
This section is not available anymore. Please use the main Exam Page.SSCP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
nanson
4 months, 4 weeks agoDefenestrateIT
5 months agoStevovo123
6 months, 4 weeks agokmanb
1 year, 3 months agobradseth
1 year, 2 months ago