Lecture 1 Flashcards
How does NIST define digital user authentication?
The process of establishing confidence in user identities that are presented
electronically to an information system.
What are the two steps of authentication?
(1) Identification
(2) Authentication
What is identification vs authentication?
Identification: you announce who you are
Authentication: you prove that you are who you claim to be
What is authorization?
The process of giving someone permission to have access to something
What are the four (4) means of user authentication?
(1) Something the individual knows - PIN, pw
(2) Something the individual possesses - token
(3) Something the individual is - fingerprint, face etc
(4) Something the individual does - voice pattern, handwriting
What are some common password cracking strategies?
(1) Exhaustive search
(2) Intelligent search
What is a rainbow table?
A rainbow table is a precomputed table for storing the outputs of a cryptographic hash function
What does the rainbow table attack exploit?
People having very easy/guessable and short password
What is an exhaustive search (brute force)?
Try all possible combination of valid symbol up to a certain length (eg 4-digit number to guess ATM pin code)
What is an intelligent search?
- Search through restriced name space, eg. password asssociated with a user
- Dictionary attack
What is a dictionary attack?
attack where hackers try to guess a user’s password to their online accounts by quickly running through a list of commonly used words, phrases, and number combinations
What is password spoofing?
Fake login to spoof on user voluntarily entering password believing it’s the “true” login page / are mislead about the end point of the channel
What is sniffing attack?
Sniffing (listening) to catch passwords via local networks
What is a Key logger attack?
Key logger are software storing all keystrokes, allowing one to “spy” on password
What are some possible defences again key logger attacks?
(1) One time passwords
(2) Anti-malware programs
