Chapter 2 Flashcards

1
Q

Identification

A

Asserting who a person is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Authentication

A

Proving the asserted identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 qualities of authentication

A

Something the user knows: password, pin etc
Something the user is: Biometrics like voice & fingerprints
Something the user has: ID badges, keys, drivers licence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Password drawbacks

A

Use - for every object
Disclosure
Revocation
Loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Rainbow table

A

Precomputed lists of values such as passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Salt

A

User specific component joined to a password to distinguish identical passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tokens

A

Something you have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Active token

A

Changes on the token with computing power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Passive token

A

Don’t change. ID book

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Federated identity management

A

Union of identification and authentication process for a group of systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Single sign-on

A

Takes over sign-on and authentication to/for several independent systems for a user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Multi-factor authentication

A

Use more than one authentication mechanism at a time, e.g. password and biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Access control

A

Limiting who can access what in what ways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Least privilege

A

Access to the fewest resources necessary to complete a task

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Reference monitor

A

Access control that is always invoked, tamperproof and verifiable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Capability

A

Unforgeable token that gives the possessor certain rights to an object

17
Q

Procedures

A

Can perform actions specific to a particular object in implementing access control. For example a reduced API like add, delete, check.

18
Q

Encryption

A

Encoding a message so its meaning is not obvious

19
Q

Plaintext

A

Original message

20
Q

Cyphertext

A

Encrypted message

21
Q

Cryptographer

A

Works for sender/receiver

22
Q

Cryptoanalyst

A

Works for unauthorised party

23
Q

Work factor

A

Amount of effort needed to break encryption

24
Q

Stream cypher

A

Encrypt one bit or byte at a time

25
Q

Block cypher

A

Encrypt a fixed number of bits as a single chunk

26
Q

Nonce

A

A value that’s meaningless and shows liveness and originality

27
Q

Digital signature conditions

A

Unforgeable and authentic

Not reusable and not alterable

28
Q

Access control by role

A

Recognises the common needs of all members by a set of subjects

29
Q

Cryptography

A

Conceals data from unauthorised access

30
Q

Problems addressed by encryption

A

Blocking
Interception
Fabrication
Modification

31
Q

Certificate

A

A public key and a user’s identity are bound together in a certificate and signed by a certificate authority

32
Q

What does a digital signature consist of

A

A file
A demonstration that the file is unaltered
An indication of who applied the signature
Validation that the signature is authentic
Connection of the signature to the file