Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information Security > User Authentication > Flashcards

User Authentication Flashcards

1
Q

What are the authentication factors?

A

Vi har fire ulike faktorer:

  1. knowledge-based, noe du vet, som f.eks. passord.
  2. Ownership-based, noe du har, som f.eks. tokens.
  3. Inherence-based, noe du har /gjør, som f.eks. biometrics. Vi har to ulike biometrics: Physiological og behavioural biometric characteristics.
  4. Secondary channel, en kanal du kontrollerer, som f.eks. SMS, Email osv.

Kombinasjoner av disse er kalt multi-factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is hashing and salting?

A

Hashing er når man bruker en algortime til å kartlegge data i hvilken som helst størrelse til en fiksert lengde. Dette blir ofte kalt for hash value, hash sums , hash code, eller hash digest. Hashing er One-way funksjon.

Salting er et konsept som typisk blir brukt til passord hashing.Det er en unik verdi som kan bli legget inn i enden av passordet for å skape en annen hash verdi.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the types of atuhentication tokens?

A

Synchronised, Challenge, Challenge-respons, clock -based, og counter-based tokens.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain Clock-based, atuthentication tokens.

A

Clock-based OTP Tokens:
Operation
• Token displays time-dependent code on display
– User copies code from token to terminal to log in
• Possession of the token is necessary to know the
correct value for the current time
• Each code computed for specific time window
• Codes from adjacent time windows are accepted
• Clocks must be synchronised
• Example: BankID and SecurID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the biometric system?

A

En teknologisk system som bruker informasjon om en person til å identifisere denne personen. Systemet er avhengig av spesifikke data om unike biologiske trekk for å kunne fungere effektivt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the criteria for biometric characteristics?

A

Universalt:
Hver person burde ha karakteristikkene.
Destinctiveness:
Hvilken som helst to personer burde være tilstrekkelig annerledes forskjellige vilkår av karakteristiskene.
Permanence: Karakteristikkene bør ikke være varierende over tid (feks. ansiktet eller fingeravtrykk)
collectability: Karakteristikkene bør være kvantitativt målbare.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the E-Government user authentication frameworks?

A

Trust in identity is a requirement for e-Government
• Authentication assurance produces identity trust.
• Authentication depends on technology, policy,
standards, practice, awareness and regulation.
• Common e-authentication frameworks allow crossnational and cross-organisational solutions that
give convenience, cost savings and security.

NB! se tabell på s.54 i forelesningen om dette authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is authentication assurance levels?

A

Er forskringsnivå. Forkortet til AAL og er bestemt av det svakeste av tre lenker:

  1. User identity Registration Assuarnce requriments(UIRA).

Requirements for correct registration:
• Pre-authentication credentials, e.g.
- birth certificate
- biometrics

2.User Credential
Management Assurance
(UCMA) requirements.

Requirements for secure
handling of credentials:
• Creation
• Distribution
• Storage

3.User Authentication
Method Strength
(UAMS) requirements.

Requirements for mechanism strength:
• Password length and quality
• Cryptographic algorithm strength
• Tamper resistance of token
• Multiple-factor methods
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain counter-based atuthentication tokens.

A

Counter-based OTP Tokens:
Overview
• Counter-based tokens generate a ‘password’
result value as a function of an internal counter
and other internal data, without external inputs.
• HOTP is a HMAC-Based One-Time Password
Algorithm described in RFC 4226 (Dec 2005)
http://www.rfc-archive.org/getrfc.php?rfc=4226
– Tokens that do not support any numeric input
– The value displayed on the token is designed to be
easily read and entered by the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain challenge-response atuthentication tokens.

A

Challenge Response Based Tokens
for User Authentication:
• A challenge is sent in response to access request
– A legitimate user can respond to the challenge by
performing a task which requires use of information
only available to the user (and possibly the host)
• User sends the response to the host
– Access is approved if response is as expected by host.
• Advantage: Since the challenge will be different
each time, the response will be too – the dialogue
can not be captured and used at a later time
• Could use symmetric or asymmetric crypto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Information Security (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions