Access Control Flashcards
Type 2 authentication method
What you have: e.g. Token, smart card
Type 1 authentication method
What you know: e.g. Password or Pin
Type 3 authentication method
What you are: e.g. Biometric info
- Fingerprint
- Handprint
- Iris/retina
- voice
- typing patterns
What does CIA stand for in Access Controll?
Confidentiality
Integrity
Availability
What is a race condition?
Two processes carry out their tasks on a shared resource in the incorrect order:
If authentication and authorisation are carried out in the wrong order, an attacker can force authorisation before being authenticated and therefor access data he shouldn’t
4 steps for a subject to access an object?
1) identification
2) authentication
3) authorisation
4) accountability
Biometric type 1 error?
False rejection (rate) - rejecting an authorised subject
Biometric type 2 error?
False acceptance (rate) - accepting an unauthorised subject
Biometric: what is CER?
Crossover error rate: (aka equal error rate - EER)
Is a percentage and represents the point where false rejection (type1) rate = false acceptance (type2) rate.
Determines systems accuracy, lower = better
Clipping level?
Threshold of accepted number of errors (e.g. Failed login attempts)
Synchronous token device
Time or counter bases (event based) which needs to be in sync with the authentication server.
Example: RSA SecurID
Asynchronous token device?
Challenge response scheme: not based on time/event/counter sync. For example: server sends random code which user encrypts and sends back. Server confirms random code encrypted with correct algorithm to identify/authenticate user
Difference between memory card and smart card?
Memory card HOLDS information, smart card PRODUCES information
Least privilege?
Only access to resources absolutely required to accomplish a certain task.
