Chapter 2 Flashcards
Identification
Asserting who a person is
Authentication
Proving the asserted identity
3 qualities of authentication
Something the user knows: password, pin etc
Something the user is: Biometrics like voice & fingerprints
Something the user has: ID badges, keys, drivers licence
Password drawbacks
Use - for every object
Disclosure
Revocation
Loss
Rainbow table
Precomputed lists of values such as passwords
Salt
User specific component joined to a password to distinguish identical passwords
Tokens
Something you have
Active token
Changes on the token with computing power
Passive token
Don’t change. ID book
Federated identity management
Union of identification and authentication process for a group of systems
Single sign-on
Takes over sign-on and authentication to/for several independent systems for a user
Multi-factor authentication
Use more than one authentication mechanism at a time, e.g. password and biometrics
Access control
Limiting who can access what in what ways
Least privilege
Access to the fewest resources necessary to complete a task
Reference monitor
Access control that is always invoked, tamperproof and verifiable