Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CS 6035 > P1L4 > Flashcards

P1L4 Flashcards

1
Q

what is authentication?

A
  • who are you? prove it!
  • the process making the request does it on behalf of a certain user, subject, or principal.
  • claims & verification about the identity.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is authorization?

A

does this person have permission to access?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

false negative

A

negative outcome was generated falsely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

goal of authentication?

A
  • a user associated with identity should be able to successfully authenticate (available & no false negative)
  • a user not associated with identity should not be able to successfully authenticate (available & no false positive)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3 authentication methods

A
  • secret (something the user knows)
  • token (something the user has. e.g. smart cards)
  • part of the user (something the user is. e.g. biometric)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

password method threat

A
  • guessing the password
  • impersonating the login program (similar to phishing)
  • keylogging
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Trusted path

A
  • you are really talking to the OS. There should be signal from the OS to screen, keyboard to confirm that you are connecting to TCB, and there is nothing in between
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

problems with storing passwords on a file?

A
  • readable only by root/admin. Why should admin know all passwords?
  • permission can be set incorrectly
  • if security is breached, all passwords are exposed to the attacker
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

solution to storing password info

A
  • don’t directly store password, store one-way hash function derived from it
  • this file is only accessible by root/admin
  • slow hash function to reduce brute force attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

threats of one-way hash function

A
  • if we know the common passwords, we can figure out their hash
  • for dictionary and offline attacks, we have the dict and plenty of time (online system can stop the attack after a certain amount of trials)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

is password random

A

no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

how to reduce work for brute force attack?

A
  • try popular password first

- rainbow table lookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what if 2 users use the same password? How to distinguish their hash values?

A
  • add a random salt before hashing

- store the salt in the same hash value file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

touch screen password bias

A
  • user often start from top left, since most language starting from top left
  • the ease of moving from current point
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

problem with password

A
  • length, complexity, and expiration reduce usability
  • phishing and social engineering
  • once stolen, it can be used many times
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

problem with tokens

A
  • must have them
  • may require additional hardware
  • need user to confirm identity (challenge/response)
  • cost & misplaced trust
17
Q

biometrics

A
  • fingerprint
  • keystroke
  • voice
  • retina scan
18
Q

problem with biometrics

A
  • depends on probability -> false neg/pos
19
Q

is ATM multi-factor?

A

yes, card and pin

CS 6035 (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions