Identification and Authentication

Question 1

Identification

Answer 1

Makes a claim about what someone or something is

Question 2

Authentication

Answer 2

Set of methods to establish whether a claim of identity is true

Question 3

How can ID and authentication methods be fragile?

Answer 3

Rely on competence of person or system performing authentication

Question 4

Who we claim to be

Answer 4

Tenuous concept, based on things that can change, are not unique, or can be fabricated or faked

Question 5

Identity verification

Answer 5

Step beyond identification but short of authentication
Ex: show driver’s license, when send email, ID you provide is taken to be true and not authenticated
Reason for spam

Question 6

Factors for authentication

Answer 6

Something you know
Something you are
Something you have
Something you do
Where you are

Question 7

Something you know

Answer 7

Authentication factor
Ex: passwords, PINs
Somewhat weak because information may be exposed

Question 8

Something you are

Answer 8

Authentication factor
Based on unique physical attributes of someone (biometrics)

Question 9

Something you have

Answer 9

Authentication factor
Based on physical possession, can extend into logical concepts
Ex: ID cards, software-based security tokens, access to logical devices, ie, email or cell phones

Question 10

Something you do

Answer 10

Authentication factor
Based on actions or behaviors of individual; overlap with something you are
Ex: gait or handwriting
Higher rate of rejection of legit users

Question 11

Where you are

Answer 11

Authentication factor
Requires person to be present at a specific location

Question 12

Multifactor authentication

Answer 12

Uses one or more factors discussed

Question 13

Mutual authentication

Answer 13

Both parties in a transaction authenticate each other. Typically software-based.
Digital certificates

Question 14

Better name for a strong password?

Answer 14

Complex

Question 15

Manual synchronization of passwords

Answer 15

Using the same password everywhere

Question 16

What do you call the notation of elements of an image in biometrics?

Answer 16

Minutiae

Question 17

Characteristics of biometric factors (7)

Answer 17

Universality
Uniqueness
Permanence
Collectability
Performance
Acceptability
Circumvention

Question 18

Universality (biometric factor)

Answer 18

Must apply to majority of users expected to enroll

Question 19

Uniqueness (biometric factor)

Answer 19

Measure of how unique a characteristic is among individuals

Question 20

Permanence (biometric factor)

Answer 20

How well a characteristic resists change over time

Question 21

Collectability

Answer 21

How easy it is to acquire (log) a characteristic

Question 22

Performance (biometric factor)

Answer 22

How well a system functions based on factors such as speed, accuracy, and error rate

Question 23

Acceptability (biometric factor)

Answer 23

How acceptable the characteristic is to users of the system

Question 24

Circumvention (biometric factor)

Answer 24

How easy it is to trick a system by using a falsified biometric identifier

Question 25

Important metrics in biometric system

Answer 25

False acceptance rate (FAR)
False rejection rate (FRR)
Generally want these to be equal: equal error rate (EER)

Question 26

Flaws in biometric systems

Answer 26

Easy to forge some biometric identifiers, and once they’re forged it’s hard to re-enroll a user in the system
Biometric identifiers are finite
Once biometric identifier is in the system, you have little control over what happens to it