2.2Identification and Authentication Flashcards
What is identification?
Makes a claim about about what or something is.
What is authentication?
Establishes whether this claim is true.
How is using an ATM an example of Authentication and identification?
Swiping your card provides identification, punching in your pin, authenticates that claim
T or F : a claim alone to identity is enough.
False: factors can change, including last name, if you get married physical characteristics, if you lose weight.
Why are spam emails happening so much at the rate of 80% of emails?
Because it’s difficult to authenticate emails that are sent and rarely happens
Why is falsifying identification such a threat?
Because with basic unauthenticated information, someone can open a line of credit easily.
What is authentication?
A set of methods used to establish whether a claim of identity is true.
What are the five factors of authentication?
- Something you know
- Something you are (biometrics)
- Something you have (identity card, bank card. Cell phone, bank card, **Security token to a mobile phone)
- Something you do (analyze your gait of keystroke speed) harder to replicate sometimes
What is multi factor authentication?
Using a combination of factors.
What is mutual authentication?
We’re both parties in a transaction authenticate each other. Relies on digital certificates.
If you don’t perform mutual authentication, what kind of attack do you leave yourself open to?
Man in the middle attack. This is because attacker only needs to authenticate between client and attacker. If it was mutual attacker would need to authenticate between both client and server.
If you don’t perform mutual authentication, what kind of attack do you leave yourself open to?
Man in the middle attack. This is because attacker only needs to authenticate between client and attacker. If it was mutual attacker would need to authenticate between both client and server.
What are three common identification and authentication methods?
- Passwords
- Biometrics
- Hardware tokens
What are three common identification and authentication methods?
- Passwords
- Biometrics
- Hardware tokens
What is processing characteristics of a fingerprint called?
Biometric minutiae
What seven factors are biometrics defined by?
acceptability, circumvention, collectibility, performance, permanence, Universality, uniqueness.
What are two ways to measure performance in a biometric system?
- False acceptance rate. (FAR)
- False rejection rate. (FRR)
What is circumvention?
Tricking a biometric identifier. example is the gummy finger where attacker copies a fingerprint and makes a mold of the fingerprint.
What measures how many times a user is accepted who should be rejected? What is this also known as?
False acceptance rate. Also known as false positive.
What measures how often we reject a legitimate user?
False negative
What is the equal error rate? Or EER
It is the intersection of the False acceptance rate in the false rejection rate.
What is the difference between verification and authentication of an identity?
Verification is claiming to be someone by presenting an identity in some way. Authentication is presenting a factor to prove the identity is true.
How do you measure the rate at which you fail to authenticate legitimate users in a biometric system?
-Through an FRR system. This is called a false negative.
A key would be described as which type of authentication factor?
Something you have.
What do you call the process in which the client authenticates to the server and the server authenticates to the client?
-Mutual authentication
What biometric factor describes how well a characteristic resists change over time?
Permanence
If you’re using an eight-character password that contains only lowercase characters, would increasing the length to ten characters represent any significant increase in strength? Why or why not?
Not significant. Key is to make the password more complex by using different cases, and special characters and numbers.
Name three reasons why an identity card alone might not make an ideal method of authentication.
Easy to replicate, photo of person can age. You can authenticate the ID, however it dosent really confirm who the person is standing infront of you.
What factors might you use when implementing a multifactor authentication scheme for users who are logging onto workstations that are in a secure environment and are used by more than one person?
Something you have, ID, Something you know, password, Where you are – inside a secure environment.
If you’re developing a multifactor authentication system for an environment where you might find larger-than-average numbers of disabled or injured users, such as a hospital, which authentication factors might you want to use or avoid?
Probably avoid biometric, something you are. Lean more on something you have such as a ID or tolken or key.
__________ and ________are key concepts in security measures. They are fundamental to developing effective security mechanisms and infrastructures.
Identification and authentication
Showing ID is _________, not _________. This distinction is crucial in understanding security processes.
verification, authentication
Methods of _________ can be falsified. This vulnerability underscores the need for robust authentication processes.
identification
“__________” factor is based on physical possessions or logical concepts. It uses tangible or digital items for authentication.
Something you have
Password ______ involves not writing down passwords and using password managers. These practices enhance password security.
hygiene
_______ __________ across multiple systems poses risks. Using the same password everywhere increases vulnerability.
Password synchronization
_________ in biometrics means the chosen characteristic should be found in most people. It ensures broad applicability of the biometric system.
Universality
____in biometrics measures how distinct a characteristic is among individuals. It’s crucial for accurate identification.
Uniqueness
_______ in biometrics refers to how well a characteristic resists change over time. It ensures long-term reliability of the biometric identifier.
Permanence
___ _____ ____ is the balance point between FAR and FRR. It’s used to assess overall system performance.
Equal error rate (EER)
Common flaws in biometric systems include what?
Common flaws in biometric systems include ease of forgery and finite nature of identifiers. These limitations affect system reliability.
Privacy issues in biometrics concern what?
giving away copies of biometric identifiers. This raises ethical and security concerns.
_____ _____ are small devices containing certificates or unique identifiers. They provide a physical component to authentication.
Hardware tokens
Hardware token security varies; simplest represent only “something you have,” more sophisticated can include other factors. Their effectiveness depends on ______ ____
design complexity.
What is the difference between verification and authentication of an identity?
What is the difference between verification and authentication of an identity?
