Chapter 2: Toolbox: Authentication, Access Control, and Cryptography

Question 1

The act of asserting who a user is

Answer 1

Identification

Question 2

The act of proving that the asserted identity of a user is correct, that the user is who they say they are

Answer 2

Authentication

Question 3

A list of the concealed forms of common passwords

Answer 3

Rainbow table

Question 4

An extra data field that is added to passwords as an extra piece to the encryption of passwords

Answer 4

A salt

Question 5

An attack in which the attacker tries all possible passwords, usually in some automated fashion

Answer 5

Exhaustive attack or brute force attack

Question 6

An information gathering technique in which the attacker contacts the system administrator or the user to elicit the password or the information for how to obtain the password

Answer 6

Social engineering

Question 7

A tool that is used to save passwords and generate pseudo-randomly generated passwords

Answer 7

Password manager

Question 8

Biological properties based on some physical characteristic of the user

Answer 8

Biometrics

Question 9

The error triggered when authentication is confirmed when it should have been denied

Answer 9

False positive

Question 10

The error triggered when authentication is denied when it should have been confirmed

Answer 10

False negative

Question 11

the set of rules that determines when a positive test means a positive result

Answer 11

The Reference Standard

Question 12

tp/(tp + fp)

TP = True Positive
FP = False Positive

Answer 12

The formula for calculating the positive predictive value of a given screening test

Question 13

tn/(fn + tn)

TN = True Negative
FN = False Negative

Answer 13

The formula for calculating the negative predictive value of a screening test

Question 14

The proportion of positive results among all possible correct matches for a screening test

Answer 14

Sensitivity

Question 15

The proportion of negative results among all possible options that are not sought for a screening test

Answer 15

Specificity

Question 16

tp/(tp + fn)

TP = True Positive
FN = False Negative

Answer 16

The formula for calculating sensitivity

Question 17

tn/(fp + tn)

TN = True Negative
FP = False Positive

Answer 17

The formula for calculating specificity

Question 18

The measure of the degree to which a screening test correctly flags a condition or situation

Answer 18

Accuracy or efficacy

Question 19

(tp + tn)/(tp + fp + fn + tn)

TP = True Positive
TN = True Negative
FP = False Positive
FN = False Negative

Answer 19

The formula for calculating accuracy or efficacy

Question 20

The measurement of how common a given condition or situation is in a screening test

Answer 20

Prevalence

Question 21

(tp + fn)/(tp + fp + fn + tn)

TP = True Positive
FN = False Negative
FP = False Positive
TN = True Negative

Answer 21

The formula for calculating prevalence

Question 22

A graphical representation of the trade-off between false negative and false positive rates for a screening test; The X-axis is usually represented by the specificity and the Y-axis is usually represented by the sensitivity

Answer 22

A receiver operating characteristic (ROC) curve

Question 23

A pair of data items sent to a visiting user’s web browser by the visited website; consists of a key and a value, designed to represent the current state of a session between the user and the website

Answer 23

Cookie

Question 24

A security token that does not actively do anything on its own; A security token on which the contents never change

Answer 24

Passive token

Question 25

A security token that has no computing power on its own and has some variability or interaction with its surroundings; A security token on which the contents can and do change

Answer 25

Active token

Question 26

A security token on which the value remains fixed

Answer 26

Static token

Question 27

A security token that has computing power and on which the values can and do change

Answer 27

Dynamic token

Question 28

The attack method of using a device to copy authentication data surreptitiously from an authentication token and relay that data to an attacker

Answer 28

Skimming

Question 29

A union of separate identification and authentication systems

Answer 29

A federated identity management scheme

Question 30

Combining authentication schemes for stronger security

Answer 30

Multifactor authentication

Question 31

The guideline that states a subject should have access to the smallest number of objects necessary to perform their tasks

Answer 31

Principle of least privilege

Question 32

The fineness or specificity of access control

Answer 32

Granularity

Question 33

A record of which subjects have been permitted what kind of access to which objects when

Answer 33

Audit log

Question 34

The act of restraining users and processes so that any harm they can do is contained in some way

Answer 34

Limited privilege

Question 35

Access control that is always invoked, tamperproof, and verifiable

Answer 35

Reference monitor

Question 36

The problem that occurs when access to a given object is provided to a given subject that should not have access to that object

Answer 36

Propagation of access rights

Question 37

A representation of access rights in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object

Answer 37

Access control matrix

Question 38

A representation of access rights in which all of the subjects that have access to a particular object are described, as well as what those subjects’ level of access to that object are; corresponds to the columns of the access control matrix

Answer 38

Access control list

Question 39

The representation of a given subject’s access rights to all objects on a system; corresponds to the rows of the access control matrix

Answer 39

Privilege list or directory

Question 40

An unforgeable token that gives the possessor certain rights to an object; represented as an access control triple of subject, object, and right

Answer 40

Capability

Question 41

The access right that provides a subject with the ability to pass copies of capabilities to other subjects

Answer 41

Transfer or propagate

Question 42

The collection of objects to which a given process has access

Answer 42

Domain

Question 43

The use of a procedure to control access to objects

Answer 43

Procedure-oriented protection

Question 44

The association of privileges with groups of users that perform similar functions

Answer 44

Role-based access control

Question 45

The process of encoding a message so that its meaning is not obvious

Answer 45

Encryption

Question 46

The process of decoding a message to make its meaning obvious

Answer 46

Decryption

Question 47

The process of translating whole words or phrases into other words or phrases

Answer 47

Encoding

Question 48

The process of translating individual characters

Answer 48

Enciphering

Question 49

The form of a message that is able to be read and understood

Answer 49

Plaintext

Question 50

The encrypted form of a message

Answer 50

Ciphertext

Question 51

C = E(P)

C = Ciphertext
E = Encryption rule
P = Plaintext

Answer 51

The formal notation for the transformation of plaintext into ciphertext

Question 52

P = D(C)

P = Plaintext
D = Decryption rule
C = Ciphertext

Answer 52

The formal notation for the transformation of ciphertext into plaintext

Question 53

P = D(E(P))

P = Plaintext
D = Decryption rule
E = Encryption rule

Answer 53

The formal notation for a complete cryptosystem

Question 54

A value used by encryption and decryption algorithms that determines how to encryption/decrypt a given message

Answer 54

Key

Question 55

The form of encryption in which both the encryption and decryption keys are the same; the same key used to encrypt is also used to decrypt

Answer 55

Symmetric key or secret key encryption

Question 56

The form of encryption in which a pair of keys are used, one for encryption and the other for decryption; one key is public and the other is private, held by the sender of ciphertext

Answer 56

Asymmetric key or public key encryption

Question 57

An encryption scheme in which a key is not required

Answer 57

Keyless cipher

Question 58

A person that studies encryption and encrypted messages for defensive purposes, making sure the codes and ciphers are solid enough to protect data adequately; they tend to work on behalf of unauthorized interceptors

Answer 58

Cryptanalyst

Question 59

A person that studies encryption and encrypted messages, usually on behalf of a legitimate sender or receiver

Answer 59

Cryptologist

Question 60

The research into and study of encryption and decryption

Answer 60

Cryptology

Question 61

The process of deducing the original meaning of ciphertext or determining the decryption algorithm for ciphertext

Answer 61

Breaking an encryption

Question 62

The point at which an encryption algorithm can be determined, given enough time and data

Answer 62

Breakable

Question 63

The difficulty of breaking an encryption

Answer 63

Work factor

Question 64

Proof that data was not modified or fabricated by any subject other than the authorized subject

Answer 64

Authenticity

Question 65

The property of symmetric encryption schemes that allows keys to be shared among users

Answer 65

Key distribution

Question 66

The process of activating, storing, and safeguarding encryption keys

Answer 66

Key management

Question 67

The encryption scheme in which data is encrypted as individual bits or bytes; think “encipher”

Answer 67

Stream encryption

Question 68

The encryption scheme is which groups of plaintext characters are encrypted as a single block; think “encode”

Answer 68

Block encryption

Question 69

The encryption algorithm that uses 64-bit blocks and a 56-bit key

Answer 69

The Data Encryption Standard (DES) algorithm

Question 70

The encryption algorithm that uses two 56-bit keys, one to encrypt, the second to decrypt, and then encrypt again with the first key

Answer 70

Two-key triple DES

Question 71

The encryption algorithm that uses three 56-bit keys, one to encrypt, the second to encrypt again or decrypt, and the third to encrypt again

Answer 71

Three-key triple DES

Question 72

The encryption algorithm that uses 128 bit blocks and 10 rounds for 128 bit keys, 12 rounds for 192 bit keys, and 14 rounds for 256 bit keys

Answer 72

Rijndael or the Advanced Encryption System (AES)