Chapter 2

Question 1

Identification

Answer 1

Asserting who a person is

Question 2

Authentication

Answer 2

Proving the asserted identity

Question 3

3 qualities of authentication

Answer 3

Something the user knows: password, pin etc
Something the user is: Biometrics like voice & fingerprints
Something the user has: ID badges, keys, drivers licence

Question 4

Password drawbacks

Answer 4

Use - for every object
Disclosure
Revocation
Loss

Question 5

Rainbow table

Answer 5

Precomputed lists of values such as passwords

Question 6

Salt

Answer 6

User specific component joined to a password to distinguish identical passwords

Question 7

Tokens

Answer 7

Something you have

Question 8

Active token

Answer 8

Changes on the token with computing power

Question 9

Passive token

Answer 9

Don’t change. ID book

Question 10

Federated identity management

Answer 10

Union of identification and authentication process for a group of systems

Question 11

Single sign-on

Answer 11

Takes over sign-on and authentication to/for several independent systems for a user

Question 12

Multi-factor authentication

Answer 12

Use more than one authentication mechanism at a time, e.g. password and biometrics

Question 13

Access control

Answer 13

Limiting who can access what in what ways

Question 14

Least privilege

Answer 14

Access to the fewest resources necessary to complete a task

Question 15

Reference monitor

Answer 15

Access control that is always invoked, tamperproof and verifiable

Question 16

Capability

Answer 16

Unforgeable token that gives the possessor certain rights to an object

Question 17

Procedures

Answer 17

Can perform actions specific to a particular object in implementing access control. For example a reduced API like add, delete, check.

Question 18

Encryption

Answer 18

Encoding a message so its meaning is not obvious

Question 19

Plaintext

Answer 19

Original message

Question 20

Cyphertext

Answer 20

Encrypted message

Question 21

Cryptographer

Answer 21

Works for sender/receiver

Question 22

Cryptoanalyst

Answer 22

Works for unauthorised party

Question 23

Work factor

Answer 23

Amount of effort needed to break encryption

Question 24

Stream cypher

Answer 24

Encrypt one bit or byte at a time

Question 25

Block cypher

Answer 25

Encrypt a fixed number of bits as a single chunk

Question 26

Nonce

Answer 26

A value that’s meaningless and shows liveness and originality

Question 27

Digital signature conditions

Answer 27

Unforgeable and authentic

Not reusable and not alterable

Question 28

Access control by role

Answer 28

Recognises the common needs of all members by a set of subjects

Question 29

Cryptography

Answer 29

Conceals data from unauthorised access

Question 30

Problems addressed by encryption

Answer 30

Blocking
Interception
Fabrication
Modification

Question 31

Certificate

Answer 31

A public key and a user’s identity are bound together in a certificate and signed by a certificate authority

Question 32

What does a digital signature consist of

Answer 32

A file
A demonstration that the file is unaltered
An indication of who applied the signature
Validation that the signature is authentic
Connection of the signature to the file