2.4 Summarize authentication and authorization design concepts. Flashcards
Summarize DIRECTORY SERVICES
They are used for authentication of directories.
Summarize a FEDERATION
A federated system involves the use of a common authentication system and credentials database that multiple entities use and share. This ensures that a user’s credentials in Company A would be acceptable in Company B and Company C, and only access permissions would be the determining factor in accessing systems and data.
Summarize an ATTESTATION
Attestation assures that the hardware or software that created the authentication factors matches the standards and protocols it’s supposed to use. As you might expect, enabling attestation requires a lot more work and upkeep.
Summarize TIME-BASED ONE-TIME PASSWORD(TOTP)
A time-based one-time password (TOTP) uses time as a factor to assist in generating the one time password. If the user is even one or two seconds off from using the correct TOTP displayed on the token, authentication fails. This has many advantages, including the prevention of replay attacks. Another advantage is that it can be very difficult to predict TOTPs, based upon the time factor that is input into the algorithm used to create them.
Summarize HMAC-BASED ONE-TIME PASSWORD
the Hash-based Message Authentication Code (HMAC) provides for message authentication and data integrity. In the case of HOTP use, the user is authenticated against the centralized authentication database, and the authentication server calculates the HMAC value and sends it to the user via an authentication device such as a token.
Summarize SHORT MESSAGE SERVICE (SMS)
Common systems send an OTP via short message service (SMS) to a smartphone, for example, or push notifications to a computer.
Summarize a TOKEN KEY
Third-party, separate-from-the-two-sides-of-a-secure-communication tool will generate these passwords/keys in such a way that both sides of a communication trust the third party. This third-party password generator is known generically as a token or TOKEN KEY.
Summarize STATIC CODES
These refer to personal identification numbers (PINs) that you use to log into a Microsoft account, for example, or to finish authenticating with an automated teller machine (ATM) at the bank. Most smartphones require a static code for login (i.e., authentication).
Summarize AUTHENTICATION APPLICATIONS
You can use a general authentication application as a part of two-factor authentication at various Web sites.
Summarize PUSH NOTIFICATIONS
Push notifications can be used to send a one time password to a user to use to authenticate.
Summarize authentication with a PHONE CALL
Other systems make an automated voice phone call to verify and authenticate.
Summarize SMART CARD AUTHENTICATION
Adding a storage chip to a standard credit card–sized plastic card creates a way for an individual to store personal information, a SMART CARD. Smart cards can store any binary data, not just certificates.
Summarize BIOMETRICS
Biometrics use a person’s physical characteristics (something you are—the inherence factor) to provide strong user identification and verification.
Summarize FINGERPRINT authentication
Every person has unique fingerprints, making those swirls and lines perfect for biometric authentication.
Summarize RETINA authentication
The human retina and iris have unique patterns that lend themselves to identification. Retinal scanners for access controls date back to the early 1990s, but their cost relegated them to extremely secure environments.
Summarize IRIS authentication
Improvements in camera resolution, computing power, and hardware pricing brought iris scanners into the forefront. Iris scanners are far more common than retinal scanners, while providing almost the same degree of accuracy.
Summarize FACIAL authentication
Facial recognition has become a popular and powerful authentication method for several applications. Most facial recognition tools require extra functionality, especially cameras that include infrared so the camera can differentiate between a real face and a photograph.
Summarize VOICE authentication
Voice recognition for speech to text holds a strong niche for dictation. Most mobile devices—like smartphones—and personal assistant hardware use voice recognition tools such as Google Assistant, Amazon Alexa, and Apple Siri. But voice recognition as authentication hasn’t gained any real acceptance due to its low accuracy compared to other biometric technologies.
Summarize VEIN authentication
Vein matching uses the patterns of a person’s blood vessels to identify that person. The patterns in the palm of the hand, for example, provide data 100 times more unique than fingerprints, can be scanned without touching the skin, and ignore damage to the skin.
Summarize GAIT ANALYSIS authentication
Gait analysis measures the unique way a person walks or runs by using machine vision–based tools—external cameras, in other words—or via the sensors built into existing smartphones. This latter technology shows a lot of promise, because it can tap into the accelerometer every current smartphone has to authenticate the user continuously.
Summarize EFFICACY RATES
The efficacy rates of various systems depend on a lot of factors, such as error rates, security, privacy, user acceptance, and usability.
Summarize FALSE ACCEPTANCE
The false acceptance rate, or FAR (also known as a type II error), is the rate at which a biometric system erroneously identifies and authenticates unauthorized individuals as valid users.
Summarize FALSE REJECTION
The false rejection rate, or FRR (also known as a type I error), is the rate at which a biometric system erroneously rejects authorized users who should in fact be identified and authenticated as valid users.
Summarize CROSSOVER ERROR RATE
Tuning a biometric machine too much to reduce one type of error usually results in increasing the other type, so a trade-off is involved. This trade-off is usually tuned to the level of the crossover error rate (CER), which is the point at which one error rate is reduced to the smallest point that does not result in an increase in the other error rate.
