2.4 Summarize authentication and authorization design concepts Flashcards
Directory Service
Similar to a database but is used for fast and efficient data retrieval
LDAP
Lightweight Directory Access Protocol
The authentication, authorization, control for Active Directory.
AWS Managed Microsoft AD
This is related to Microsoft Active Directory.
Federation/Identity Federation
Management system for identifying and gaining access to multiple enterprises with one log in credential. Third party Credentials
Attestation
Organization checking credentials that it was supplied.
TOTP
Time-based One-Time Password
A password that is time
HOTP
HMAC-based One-Time Password
A algorithm password that is authenticated with a server. (Hash password that can have credentials for a long time. Think of IG one time passwords.
SMS (authentication)
Short Message Service
a Multifactor authentication by sending a verification to your phone.
Token Key/Dynamic Key
Token Keys rely on something physical you have like a card that has pin code. Dynamic key is the same thing but changes.
Static Codes
Codes that don’t change. Standard is that all static codes have crypto graphic protection.
Authentication Application
A app such as “Google Authentication” that issues a one time password for user authentication
Push Notifications
A notification will appear on the users devices and the user can deny or allow access from the notification.
Phone Calls (Authentication)
You receive a phone call to authenticate.
Smart Card Authentication
Card that has a chip (ICC) and within that ICC there is a long cryptographic token that cant be copied. Also there is pin associated with it.
Biometrics
getting authentication through unique body parts on a human.
Two part process:
Enrollment: turning biological parts into numeric value, which the template
Authenticate: Numeric value validated by computer
Fingerprint
using the finger print to authenticate by the patterns on a finger
Retina
scanning the blood vessels in the eye for authentication
Iris
Scanning the Pigmentation in the eye.
Issues: can be done at a distance without knowledge
the Iris can change due to medical conditions
Facial
Forward facing camera scans your face
issues: someone can put your face up to the camera to unlock
Voice
Voice recognition to authenticate.
Issues: FRR and FAR
Vein
Scan vein patterns to authenticate.
Gait Analysis
Identify how someone walks to authenticate. Can be used in crowds too.
FAR
False Acceptance Rates
rate of false positives within a system.
FRR
False Rejection Rate
False negatives within a system.
CER
Crossover Error Rate
A balanced combination of FAR and FRR and ideal for systems.
MFA
Multifactor Authentication and Attributes
Related to multiple/two way authentication.
Factors
Things that compromise items of proof.
Something you Know
Passwords, PIN, Patterns. ( in your brain)
Something You Have
Security tokens, device, smart card (something physical)
Something You Are
Biometrics (finger prints, Iris, Voice)
Attributes Related to authentication.
Something you can do
Something you Exhibit
Something You know
Focus on the elements associated with the user
AAA
Authentication, Authorization, and Accounting.
the three make up the AAA framework for security
Somewhere you are
Authentication based on location.