Lecture 2,3,4 questions Flashcards
What is user authentication?
User authentication is the process of verifying a user’s identity before granting access to a system, application, or network.
Mention three common means of authenticating a user’s identity
- Passwords
- Token
- Biometrics
Discuss two password related authentication vulnerabilities
- Brute force attack
- Intelligent attack
What are some password defenses (countermeasures)?
- Salting & Hashing
- Multi-Factor Authentication (MFA)
- Rate Limiting & Account Lockout
- Trusted Path
- Encouraging Strong Passwords
What is a smart card?
A smart card is a physical card with an embedded microchip that can store and process data securely.
Mention the three types of memory that can be included in a smart card
- Read-Only Memory (ROM) - Stores permanent data, such as the card’s operating system and manufacturer information.
- Electrically Erasable Programmable Read-Only Memory (EEPROM) - Stores user data, including credentials, and can be updated or modified.
- Random Access Memory (RAM) - Used for temporary processing and calculations while the smart card is in use
What is biometric authentication?
Biometric authentication is a security process that uses unique biological traits, such as fingerprints, facial recognition, iris scans, or voice recognition, to verify a person’s identity.
Discuss FMR and FNMR in biometric schemes
- False Match Rate (FMR) - The probability that a biometric system incorrectly matches an unauthorized person’s biometric data to an enrolled user’s data. A high FMR means the system is more likely to incorrectly accept unauthorized users.
- False Non-Match Rate (FNMR) - The probability that a biometric system incorrectly rejects an authorized user. A high FNMR means legitimate users may struggle to gain access.
Balancing FMR and FNMR is crucial in biometric systems, as increasing security (lowering FMR) often leads to more false rejections (higher FNMR), and vice versa.
Explain briefly how a biometric system works
- Enrollment - The user’s biometric data is captured and stored in a database.
- Feature Extraction - The system processes the biometric sample to extract key features.
- Matching - When a user attempts authentication, their biometric data is captured and compared with stored data.
- Decision - The system either grants or denies access based on a similarity score and predefined thresholds.
What is the difference between identification and verification in the context of a biometric system?
- Identification: The system determines who a person is by comparing their biometric data against multiple stored templates in a database (1:N matching). Used in law enforcement or large-scale access control.
- Verification: The system checks if the person is who they claim to be by comparing their biometric data against a single stored template (1:1 matching). Used in smartphones and secure login systems.
Mention one application that requires a low FMR
Border Control & Immigration: Systems at airports or border crossings require a low FMR to prevent unauthorized individuals from gaining access using false biometric matches.
What does STRIDE stand for?
STRIDE is a threat modeling framework developed by Microsoft to categorize security threats in six areas:
* Spoofing – Impersonating someone else.
* Tampering – Altering data or code.
* Repudiation – Denying an action without proof.
* Information Disclosure – Exposing sensitive data.
* Denial of Service (DoS) – Disrupting system availability.
* Elevation of Privilege – Gaining unauthorized access.
In STRIDE, what security properties does T, I, and D violate?
- T (Tampering) violates Integrity – Ensuring data remains unaltered.
- I (Information Disclosure) violates Confidentiality – Protecting sensitive data from unauthorized access.
- D (Denial of Service) violates Availability – Ensuring the system remains operational and accessible.
What is the difference between spoofing and tampering attacks?
- Spoofing is when an attacker pretends to be someone else (e.g., forging an email, using stolen credentials). It primarily targets authentication mechanisms.
- Tampering is when an attacker modifies data or code (e.g., altering a software update or modifying database records). It affects data integrity.
What is the worst threat that can happen to an information system?
- The worst threat depends on the system, but generally, data breaches and unauthorized access leading to data leaks or total system compromise are the most severe. A breach can result in loss of confidential information, financial damage, and reputational harm.
- In some cases, ransomware or nation-state cyberattacks targeting critical infrastructure (power grids, hospitals, banks) are considered the most devastating threats.
What does DREAD stand for?
DREAD is a threat assessment framework used to quantify and prioritize security risks. It stands for:
- Damage Potential – How much harm could be caused?
- Reproducibility – How easy is it to replicate the attack?
- Exploitability – How easy is it to execute the attack?
- Affected Users – How many users are impacted?
- Discoverability – How easy is it to find the vulnerability?
- Each factor is typically scored from 0 to 10, and the total score helps prioritize threats.
What is a virus?
A virus is a type of malware that attaches itself to legitimate programs or files and replicates itself when those programs are executed. Viruses can spread from one computer to another, often causing harm to the system or corrupting data. They require human action to propagate, such as opening an infected file or running a malicious program.
Mention one example of a ransomware and discuss its security impact
Example: WannaCry
Security Impact: WannaCry is a ransomware attack that exploited a Windows vulnerability to encrypt files on infected computers, demanding a ransom in Bitcoin to restore access. The attack spread rapidly across networks, affecting thousands of organizations, including hospitals, businesses, and government agencies. Its impact included data loss, operational disruptions, and financial costs associated with recovery efforts. WannaCry highlighted vulnerabilities in outdated software and the importance of regular system updates.
What is a distributed denial of service (DDoS) attack?
A DDoS attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic from multiple compromised devices (botnets).
What is the main security property that DDoS compromises?
Availability
Discuss the lifecycle of a virus malware
- Infection: The virus attaches itself to a legitimate program or file.
- Replication: When the infected program is executed, the virus replicates itself, potentially attaching to other files or programs.
- Activation: The virus activates when certain conditions are met, such as a specific date or when the infected program is run.
- Payload Delivery: The virus performs its malicious action, which may include deleting files, stealing data, or corrupting system resources.
- Spread: The virus continues to spread by infecting other programs or systems, perpetuating the cycle.
Mention and briefly discuss five uses of a bot
- DDoS Attacks: Bots can be used in large numbers to flood a target with traffic, overwhelming it and causing denial of service.
- Spamming: Bots can send bulk emails or messages to promote scams or phishing attempts.
- Credential Stuffing: Bots can automate login attempts using stolen credentials to gain unauthorized access to accounts.
- Web Scraping: Bots can collect data from websites for various purposes, including competitive analysis or market research.
- Cryptojacking: Bots can hijack computing resources to mine cryptocurrency without the owner’s consent.
What is the difference between a bot and a worm?
- Bot: A bot is a compromised device (or “zombie”) controlled by a remote attacker to perform tasks such as DDoS attacks, spamming, or data theft. Bots usually require an initial infection and often form part of a larger botnet.
- Worm: A worm is a standalone malware that can replicate itself and spread to other devices without human intervention. Worms exploit vulnerabilities in networks and software to propagate, often causing widespread damage and network congestion.
