2.2Identification and Authentication

Question 1

What is identification?

Answer 1

Makes a claim about about what or something is.

Question 2

What is authentication?

Answer 2

Establishes whether this claim is true.

Question 3

How is using an ATM an example of Authentication and identification?

Answer 3

Swiping your card provides identification, punching in your pin, authenticates that claim

Question 4

T or F : a claim alone to identity is enough.

Answer 4

False: factors can change, including last name, if you get married physical characteristics, if you lose weight.

Question 5

Why are spam emails happening so much at the rate of 80% of emails?

Answer 5

Because it’s difficult to authenticate emails that are sent and rarely happens

Question 6

Why is falsifying identification such a threat?

Answer 6

Because with basic unauthenticated information, someone can open a line of credit easily.

Question 7

What is authentication?

Answer 7

A set of methods used to establish whether a claim of identity is true.

Question 8

What are the five factors of authentication?

Answer 8

1. Something you know
2. Something you are (biometrics)
3. Something you have (identity card, bank card. Cell phone, bank card, **Security token to a mobile phone)
4. Something you do (analyze your gait of keystroke speed) harder to replicate sometimes

Question 9

What is multi factor authentication?

Answer 9

Using a combination of factors.

Question 10

What is mutual authentication?

Answer 10

We’re both parties in a transaction authenticate each other. Relies on digital certificates.

Question 11

If you don’t perform mutual authentication, what kind of attack do you leave yourself open to?

Answer 11

Man in the middle attack. This is because attacker only needs to authenticate between client and attacker. If it was mutual attacker would need to authenticate between both client and server.

Question 12

If you don’t perform mutual authentication, what kind of attack do you leave yourself open to?

Answer 12

Man in the middle attack. This is because attacker only needs to authenticate between client and attacker. If it was mutual attacker would need to authenticate between both client and server.

Question 13

What are three common identification and authentication methods?

Answer 13

1. Passwords
2. Biometrics
3. Hardware tokens

Question 14

What are three common identification and authentication methods?

Answer 14

1. Passwords
2. Biometrics
3. Hardware tokens

Question 15

What is processing characteristics of a fingerprint called?

Answer 15

Biometric minutiae

Question 16

What seven factors are biometrics defined by?

Answer 16

acceptability, circumvention, collectibility, performance, permanence, Universality, uniqueness.

Question 17

What are two ways to measure performance in a biometric system?

Answer 17

1. False acceptance rate. (FAR)
2. False rejection rate. (FRR)

Question 18

What is circumvention?

Answer 18

Tricking a biometric identifier. example is the gummy finger where attacker copies a fingerprint and makes a mold of the fingerprint.

Question 19

What measures how many times a user is accepted who should be rejected? What is this also known as?

Answer 19

False acceptance rate. Also known as false positive.

Question 20

What measures how often we reject a legitimate user?

Answer 20

False negative

Question 21

What is the equal error rate? Or EER

Answer 21

It is the intersection of the False acceptance rate in the false rejection rate.

Question 22

What is the difference between verification and authentication of an identity?

Answer 22

Verification is claiming to be someone by presenting an identity in some way. Authentication is presenting a factor to prove the identity is true.

Question 23

How do you measure the rate at which you fail to authenticate legitimate users in a biometric system?

Answer 23

-Through an FRR system. This is called a false negative.

Question 24

A key would be described as which type of authentication factor?

Answer 24

Something you have.

Question 25

What do you call the process in which the client authenticates to the server and the server authenticates to the client?

Answer 25

-Mutual authentication

Question 26

What biometric factor describes how well a characteristic resists change over time?

Answer 26

Permanence

Question 27

If you’re using an eight-character password that contains only lowercase characters, would increasing the length to ten characters represent any significant increase in strength? Why or why not?

Answer 27

Not significant. Key is to make the password more complex by using different cases, and special characters and numbers.

Question 28

Name three reasons why an identity card alone might not make an ideal method of authentication.

Answer 28

Easy to replicate, photo of person can age. You can authenticate the ID, however it dosent really confirm who the person is standing infront of you.

Question 29

What factors might you use when implementing a multifactor authentication scheme for users who are logging onto workstations that are in a secure environment and are used by more than one person?

Answer 29

Something you have, ID, Something you know, password, Where you are – inside a secure environment.

Question 30

If you’re developing a multifactor authentication system for an environment where you might find larger-than-average numbers of disabled or injured users, such as a hospital, which authentication factors might you want to use or avoid?

Answer 30

Probably avoid biometric, something you are. Lean more on something you have such as a ID or tolken or key.

Question 31

__________ and ________are key concepts in security measures. They are fundamental to developing effective security mechanisms and infrastructures.

Answer 31

Identification and authentication

Question 32

Showing ID is _________, not _________. This distinction is crucial in understanding security processes.

Answer 32

verification, authentication

Question 33

Methods of _________ can be falsified. This vulnerability underscores the need for robust authentication processes.

Answer 33

identification

Question 34

“__________” factor is based on physical possessions or logical concepts. It uses tangible or digital items for authentication.

Answer 34

Something you have

Question 35

Password ______ involves not writing down passwords and using password managers. These practices enhance password security.

Answer 35

hygiene

Question 36

_______ __________ across multiple systems poses risks. Using the same password everywhere increases vulnerability.

Answer 36

Password synchronization

Question 37

_________ in biometrics means the chosen characteristic should be found in most people. It ensures broad applicability of the biometric system.

Answer 37

Universality

Question 38

____in biometrics measures how distinct a characteristic is among individuals. It’s crucial for accurate identification.

Answer 38

Uniqueness

Question 39

_______ in biometrics refers to how well a characteristic resists change over time. It ensures long-term reliability of the biometric identifier.

Answer 39

Permanence

Question 40

___ _____ ____ is the balance point between FAR and FRR. It’s used to assess overall system performance.

Answer 40

Equal error rate (EER)

Question 41

Common flaws in biometric systems include what?

Answer 41

Common flaws in biometric systems include ease of forgery and finite nature of identifiers. These limitations affect system reliability.

Question 42

Privacy issues in biometrics concern what?

Answer 42

giving away copies of biometric identifiers. This raises ethical and security concerns.

Question 43

_____ _____ are small devices containing certificates or unique identifiers. They provide a physical component to authentication.

Answer 43

Hardware tokens

Question 44

Hardware token security varies; simplest represent only “something you have,” more sophisticated can include other factors. Their effectiveness depends on ______ ____

Answer 44

design complexity.

Question 45

What is the difference between verification and authentication of an identity?

Question 46

What is the difference between verification and authentication of an identity?