Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSC2004: Cyber Security Fundamentals > Access Control: Lecture 2 > Flashcards

Access Control: Lecture 2 Flashcards

1
Q

Authentication Methods

A

1) Knowledge (What you know, passwords):

2) Possession (What you have):
+ eTokens

\+ Smart Cards
- JavaCard
cheaper and more popular but less secure
- MULTOS
more secured (government agencies)

+ RFID Tags
Vulnerabilities: Side Channel, MITM, Sniffing

3) Biometric (What you are):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Essential Requirements of Characteristic as a Biometric

A

1) Universality
2) Distinctiveness
3) Permanence
4) Collectability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Acceptability

A

Need to see if staff willing to accept it if implemented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Accuracy

A

Preferably False Accept Rate (ideally 0), True Accept Rate (ideally 1), but this is not possible as TAR increase we will get some FAR increase as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Budget (Cost)

A

Do we have enough money to implement it?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Types of Biometric

A

1) Iris Scanning
- 256 unique characteristics
- More accurate than fingerprint but less than retinal scanning
- More costly than fingerprint but reducing
- Easy and fast enrollment

2) Retinal Scanning
- 400 unique characteristics
- Even more accurate
- Very expensive
- Longer registration due to increase number of characteristics (3x as long as iris)
- Can change due to some diseases

3) Fingerprint Scanning
- Cheapest but least accurate
- Easy to enroll
- Quite permanent but affect by dryness or injures etc.
- Quite universal

4) Facial Recognition
- More expensive than fingerprints
- Fairly accurate, more accurate than fingerprints but might not be for iris and retinal
- Easy to enroll
- Physical characteristics can change over time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Pros & Cons

A

Passwords:

1) Pros
- Cheap
2) Cons
-

Tokens:

1) Pros
- Cheap
2) Cons
- Expensive to scale up

Biometric:

1) Pros
- Unique data harder to crack
- Fast, convenient authentication
- Scalable
2) Cons:
- Unrecoverable if compromised
- New and expensive
- Privacy concerns

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Authorisation

A

Principle of Least Privilege (POLP):
System Administrators will require inputs from management to know what access rights they need.

1) Discretionary Access Control:
Assigns access rights based on rules specified by users (eg. rw-)

2) Role Based Access Control:
Divides users into roles and given access rights accordingly (addresses the principle of least privilege)

3) Mandatory Access Control (Probably most secured):
Assign labels to actors users and objects, assign levels to resources, services and users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CSC2004: Cyber Security Fundamentals (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions