Chapter 2: Toolbox: Authentication, Access Control, and Cryptography Flashcards
The act of asserting who a user is
Identification
The act of proving that the asserted identity of a user is correct, that the user is who they say they are
Authentication
A list of the concealed forms of common passwords
Rainbow table
An extra data field that is added to passwords as an extra piece to the encryption of passwords
A salt
An attack in which the attacker tries all possible passwords, usually in some automated fashion
Exhaustive attack or brute force attack
An information gathering technique in which the attacker contacts the system administrator or the user to elicit the password or the information for how to obtain the password
Social engineering
A tool that is used to save passwords and generate pseudo-randomly generated passwords
Password manager
Biological properties based on some physical characteristic of the user
Biometrics
The error triggered when authentication is confirmed when it should have been denied
False positive
The error triggered when authentication is denied when it should have been confirmed
False negative
the set of rules that determines when a positive test means a positive result
The Reference Standard
tp/(tp + fp)
TP = True Positive
FP = False Positive
The formula for calculating the positive predictive value of a given screening test
tn/(fn + tn)
TN = True Negative
FN = False Negative
The formula for calculating the negative predictive value of a screening test
The proportion of positive results among all possible correct matches for a screening test
Sensitivity
The proportion of negative results among all possible options that are not sought for a screening test
Specificity
tp/(tp + fn)
TP = True Positive
FN = False Negative
The formula for calculating sensitivity
tn/(fp + tn)
TN = True Negative
FP = False Positive
The formula for calculating specificity
The measure of the degree to which a screening test correctly flags a condition or situation
Accuracy or efficacy
(tp + tn)/(tp + fp + fn + tn)
TP = True Positive
TN = True Negative
FP = False Positive
FN = False Negative
The formula for calculating accuracy or efficacy
The measurement of how common a given condition or situation is in a screening test
Prevalence
(tp + fn)/(tp + fp + fn + tn)
TP = True Positive
FN = False Negative
FP = False Positive
TN = True Negative
The formula for calculating prevalence
A graphical representation of the trade-off between false negative and false positive rates for a screening test; The X-axis is usually represented by the specificity and the Y-axis is usually represented by the sensitivity
A receiver operating characteristic (ROC) curve
A pair of data items sent to a visiting user’s web browser by the visited website; consists of a key and a value, designed to represent the current state of a session between the user and the website
Cookie
A security token that does not actively do anything on its own; A security token on which the contents never change
Passive token
A security token that has no computing power on its own and has some variability or interaction with its surroundings; A security token on which the contents can and do change
Active token
A security token on which the value remains fixed
Static token
A security token that has computing power and on which the values can and do change
Dynamic token
The attack method of using a device to copy authentication data surreptitiously from an authentication token and relay that data to an attacker
Skimming
A union of separate identification and authentication systems
A federated identity management scheme
Combining authentication schemes for stronger security
Multifactor authentication
The guideline that states a subject should have access to the smallest number of objects necessary to perform their tasks
Principle of least privilege
The fineness or specificity of access control
Granularity
A record of which subjects have been permitted what kind of access to which objects when
Audit log
The act of restraining users and processes so that any harm they can do is contained in some way
Limited privilege
Access control that is always invoked, tamperproof, and verifiable
Reference monitor
The problem that occurs when access to a given object is provided to a given subject that should not have access to that object
Propagation of access rights
A representation of access rights in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object
Access control matrix
A representation of access rights in which all of the subjects that have access to a particular object are described, as well as what those subjects’ level of access to that object are; corresponds to the columns of the access control matrix
Access control list
The representation of a given subject’s access rights to all objects on a system; corresponds to the rows of the access control matrix
Privilege list or directory
An unforgeable token that gives the possessor certain rights to an object; represented as an access control triple of subject, object, and right
Capability
The access right that provides a subject with the ability to pass copies of capabilities to other subjects
Transfer or propagate
The collection of objects to which a given process has access
Domain
The use of a procedure to control access to objects
Procedure-oriented protection
The association of privileges with groups of users that perform similar functions
Role-based access control
The process of encoding a message so that its meaning is not obvious
Encryption
The process of decoding a message to make its meaning obvious
Decryption
The process of translating whole words or phrases into other words or phrases
Encoding
The process of translating individual characters
Enciphering
The form of a message that is able to be read and understood
Plaintext
The encrypted form of a message
Ciphertext
C = E(P)
C = Ciphertext
E = Encryption rule
P = Plaintext
The formal notation for the transformation of plaintext into ciphertext
P = D(C)
P = Plaintext
D = Decryption rule
C = Ciphertext
The formal notation for the transformation of ciphertext into plaintext
P = D(E(P))
P = Plaintext
D = Decryption rule
E = Encryption rule
The formal notation for a complete cryptosystem
A value used by encryption and decryption algorithms that determines how to encryption/decrypt a given message
Key
The form of encryption in which both the encryption and decryption keys are the same; the same key used to encrypt is also used to decrypt
Symmetric key or secret key encryption
The form of encryption in which a pair of keys are used, one for encryption and the other for decryption; one key is public and the other is private, held by the sender of ciphertext
Asymmetric key or public key encryption
An encryption scheme in which a key is not required
Keyless cipher
A person that studies encryption and encrypted messages for defensive purposes, making sure the codes and ciphers are solid enough to protect data adequately; they tend to work on behalf of unauthorized interceptors
Cryptanalyst
A person that studies encryption and encrypted messages, usually on behalf of a legitimate sender or receiver
Cryptologist
The research into and study of encryption and decryption
Cryptology
The process of deducing the original meaning of ciphertext or determining the decryption algorithm for ciphertext
Breaking an encryption
The point at which an encryption algorithm can be determined, given enough time and data
Breakable
The difficulty of breaking an encryption
Work factor
Proof that data was not modified or fabricated by any subject other than the authorized subject
Authenticity
The property of symmetric encryption schemes that allows keys to be shared among users
Key distribution
The process of activating, storing, and safeguarding encryption keys
Key management
The encryption scheme in which data is encrypted as individual bits or bytes; think “encipher”
Stream encryption
The encryption scheme is which groups of plaintext characters are encrypted as a single block; think “encode”
Block encryption
The encryption algorithm that uses 64-bit blocks and a 56-bit key
The Data Encryption Standard (DES) algorithm
The encryption algorithm that uses two 56-bit keys, one to encrypt, the second to decrypt, and then encrypt again with the first key
Two-key triple DES
The encryption algorithm that uses three 56-bit keys, one to encrypt, the second to encrypt again or decrypt, and the third to encrypt again
Three-key triple DES
The encryption algorithm that uses 128 bit blocks and 10 rounds for 128 bit keys, 12 rounds for 192 bit keys, and 14 rounds for 256 bit keys
Rijndael or the Advanced Encryption System (AES)