Chapter 2 - Toolbox: Authentication, Access Control and Cryptography Flashcards

1
Q

Identification

A

the act of asserting who a person is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Authentication

A

the act of proving that asserted identity: that the person is who she says she is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Salt

A

user-specific component joined to an encrypted password to distinguish identical passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Rainbow table:

A

precomputed list of popular values, such as passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

exhaustive or brute force attack

A

the attacker tries all possible passwords,

usually in some automated fashion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Biometrics

A

biological properties, based on some physical characteristic of the human body.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Sensitivity

A

measures the degree to which the screen selects those whose names correctly match the person sought

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Specificity

A

measures the proportion of negative results among

all people who are not sought.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Accuracy or efficacy

A

measures the degree to which the test

or screen correctly flags the condition or situation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Prevalence

A

tells us how common a certain condition

or situation is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

positive predictive value of a test

A

a number that expresses how many times a positive match actually represents the identification of the sought person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

receiver operating characteristic (ROC) curve

A

a graphical representation of the trade-off between the false negative and false positive rates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

passive token

A

do nothing, the contents of the token never

change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

active token

A

can have some variability or interaction with its surroundings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

static token

A

The value remains fixed. most useful for onsite authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Skimming

A

the use of a device to copy authentication data surreptitiously and relay it to an attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

dynamic token

A

have computing power on the token to change their internal state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

federated identity management scheme

A

unifies the identification and authentication

process for a group of systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

multifactor authentication

A

Combining authentication information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

two-factor authentication

A

Two forms of authentication are presumed to be better than one, assuming of course that the two forms are
strong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

basic access control paradigm

A

A subject is permitted to access an object in a particular mode, and only such authorized accesses are allowed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

granularity

A

the fineness or specificity of access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

audit log

A

Systems also record which accesses have

been permitted,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Limited privilege

A

the act of restraining users and processes so that any harm they can do is not catastrophic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Reference monitor

A

access control that is always invoked, tamperproof, and verifiable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

access control matrix

A

a table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object.

27
Q

access control list

A

representation corresponds to columns of the access control matrix. There is one such list for each object, and the list shows all subjects who should have access to the object and what their access is.

28
Q

privilege list/ directory

A

a row of the access matrix, showing all those privileges or access rights for a given subject

29
Q

capability

A

an unforgeable token that gives the possessor
certain rights to an object. Single- or multi-use ticket to
access an object or service

30
Q

transfer or propagate

A

subject having this right can pass copies of capabilities to other subjects.

31
Q

domain

A

the collection of objects to which the process has access

32
Q

procedure-oriented protection

A

can perform actions specific to a particular object in implementing access control.

33
Q

Role-based access control

A

lets us associate privileges with groups, such as all administrators can do this or candlestick makers are forbidden to do that. Recognizes common
needs of all members of a set of subjects.

34
Q

Encryption or cryptography, encode, encipher

A

the name means secret writing—is probably the strongest defense in the arsenal of computer security protection. Conceals data against
unauthorized access.

35
Q

decryption, decode, decipher

A

transforming an encrypted message back into its normal, original form

36
Q

cryptosystem.

A

A system for encryption and decryption

37
Q

Ciphertext:

A

encrypted material

38
Q

plaintext:

A

material in intelligible form

39
Q

algorithms

A

A cryptosystem involves a set of rules for how to encrypt the plaintext and decrypt
the ciphertext.

40
Q

key

A

algorithms, often use a device so that the resulting ciphertext depends on the original plaintext message,

41
Q

symmetric or single-key or secret key encryption

A

the same key, K, is used both to encrypt a message and later to decrypt it.

42
Q

asymmetric or public key

A

At other times, encryption and decryption keys come in pairs. Then, a decryption key, KD, inverts the encryption of key KE

43
Q

keyless cipher

A

An encryption scheme that does not require the use of a key

44
Q

cryptanalyst

A

studies encryption and encrypted messages, hoping to find the hidden meanings Normally, works on behalf of an unauthorized interceptor

45
Q

cryptographer

A

attempt to translate coded material back to its original form. Normally, works on behalf of a legitimate sender or receiver,

46
Q

cryptology

A

the research into and study of encryption and decryption; it includes both cryptography and cryptanalysis

47
Q

breakable

A

given enough time and data, an analyst can determine the algorithm

48
Q

work factor

A

The difficulty of breaking an encryption

49
Q

key management

A

It involves storing, safeguarding ,and activating keys.

50
Q

stream encryption

A

each bit, or perhaps each byte, of the data

stream is encrypted separately.

51
Q

block cipher

A

encrypts a group of plaintext symbols as a single

block.

52
Q

Rijndael

A

a fast algorithm that can easily be implemented on simple processors

53
Q

The Rivest–Shamir–Adelman (RSA) cryptosystem

A

a public key system. Based on an underlying hard problem and named after its three inventors

54
Q

Man-in-the-middle failure

A

an unauthorized third party intercedes in an activity presumed to be exclusively between two people

55
Q

nonce,

A

a random value meaningless in and of itself, to show activity (liveness) and originality (not a replay).

56
Q

collision

A

Two inputs that produce the same output

57
Q

parity check

A

The simplest error detection code

58
Q

cyclic redundancy

A

detects errors in recording and playback

59
Q

error correction codes

A

can detect multiple-bit errors (two or more bits changed in a data group) and may be able to pinpoint the changed bits (which are the bits to reset to correct the modification).

60
Q

seal a file

A

cryptography can be used to encase a file so that any change becomes apparent.

61
Q

hash or checksum or message digest

A

One technique for providing the seal is to compute

a function,

62
Q

one-way functions

A

Functions, which are much easier to compute than their inverses.

63
Q

cryptographic checksum

A

a cryptographic function that produces a checksum.
It is a digest function using a cryptographic key that is presumably known only to the originator and the proper recipient of the data.

64
Q

digital signature

A

a protocol that produces the same effect as a real signature: It is a mark that only the sender can make
but that other people can easily recognize as belonging to the sender.