Brukerautentisering - kapittel 6 Flashcards
different between entity and message authentication?
entity authentication - verify the identity of an entity at the end of a session
message authentication : verify the origin of a message
Name two cryptographic methods to achieve message authentication
MAC and digital signature
4 requirement for biometric authentication
- universality: every person should have the characteristic (universalitet)
- distinctiveness: any two persons should have sufficiently different characteristics (særpreg)
- permanence: shouldn’t change much over time (permanent)
- collectability - characteristic can be measured quantitatively (målbarhet)
n-factor user-authentication
using n independent mechanism for verifying identity
Eks: smart car and pin, fingerprint authentication and password
Passordcracking -hvordan?
1. lagret som hashverdi
2. lagret som salt
3. lagret i klartekst
4. lagret som saltet hashverdi
- med hashtabell
- ingen
- uten hashtabell
- vanskelig å cracke
Hva er PAD?
oppdage forsøk på forfalskning av biometri (men vanskelig å oppdage.
Hva sier FMR av en biometrisk system?
- False match rate -viser hvor mange ikke-genuine brukere blir godtatt
-eks: FMR = MAS (matching attacker samples)/ TAS(total numer of attacke samples9
-FAM = 0,05 tilsvarer 5 personer
Hva sier FNMR av en biometrisk system?
False non-match rate
Viser hvor mange genuine brukere blir avvist
- FNMR = NMUS (non-matching user samples/TUS (total numer user samples)
Eks: FNMR = 0,07 tilsvarer 7 personer
Hva står EER for?
Equal Error Rate
Ideelt biometrisk system er når…
FNMR = FMR = EER = 0
Brukes i FIDO-løsninger
onlineenheter
har som regel klokke
OTP-brikke
Brukes i BankID på mobil
sekundærkanal
brukes i BankID
OTP-brikke
blir autenisert av leser/terminal
pass og ID-kort
Brukes for overføring av autorisasjonskode/mønster til bruker
sekundærkanal
Three catgories of credentials for user authentication
- something you know (knowledge) - password, pin
- Something you have (ownership - security token
- Somthing you are (inherence) - face recognition, iris
(secondary channel ex. SMS)
Principle and purpose of salting
password salting is to include a random numer when hashing and it ensures that equal passwords have different hashes and makes cracking more difficult by preventing the use of hash tables
eGovernment 3 classes of requirements for assurance level of user authentication
- authentication method strength
- credential management assurance
- identity registration assurance
Advantage of Biometrics
easy to use, can not loose or forget
Disadvantage of Biometrics
High false negative rate, low performance, threat for personal safety, threat for privacy usability
Disadvantage of Biometrics
High false negative rate, low performance, threat for personal safety, threat for privacy usability
What is the main advantage of passwords/pins generated by an authenticationtoken compared to “normal” ones?
they are different for each authentication attempt (one time password)
Describe 2 synchronised quthentication tokens
clock-based : client and server have synchronized internal clocks, that are used to derive an OTP
Counter-baser: client and server have a counter, which is used to derive an OTP.
