Authentication Flashcards

1
Q

What is authentication?

A

Who are you? Prove it.
Checks if requester has access to resource
TCB needs to know who is requesting
Processes request on behalf of user, subject or principal
User associated with identity should be able to authenticate themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the different ways authentication can be implemented?

A
User knows (password)
User has (RFA token)
User is (biometrics)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the threat models for passwords?

A

Attacker guesses password
Login program is spoofed
Keylogging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a trusted path?

A

Required to be provided by OS
Special kind of input that leads to a display under OS control

Example: Ctrl+Alt+Delete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do we authenticate passwords?

A
  • Store password in a system file

- Store password hashes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why is storing passwords in a file dangerous?

A

Needs to be readable by a root/admin account
In a breach, all passwords are compromised
Easy to mess up access permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the problem with storing the password hashes in a file?

A

Can be brute forced to figure out the hashes

Workaround: SALT the hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does salt the password mean?

A

Pad the front of the hash value with a random value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can brute forcing a password be more effective?

A

Try popular passwords first

Rainbow table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the problems with passwords?

A
  • As passwords get longer and complexity increases, usability suffers
  • Not robust against social engineering
  • Once stolen, passwords can be used multiple times
  • People can’t remember a lot of passwords
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are other authentication methods?

A
  • Use something you have (may require additional hardware, a challenge response)
  • Use something you are (biometrics)
  • Multi-factor authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly