Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CYB1UofI_FISCH2.4
Common Identification and Authentication Methods
| Question | Answer |
|---|---|
| what are common identification and authentication methods | passwords, biometrics and hardware tokens |
| what is a common identification and authentication method that is familiar to those use who use computers regularly | passwords |
| what happens when a password is combined with a username | will generally allow you access to a computer system, an application, a phone or a similar device |
| what level of authentication are passwords | single factor |
| although they are only a single factor of authentication what can represent a relatively high level of security when constructed and implemented properly | passwords |
| how do people describe good passwords | passwords as being strong |
| what is a better way to describe good passwords | passwords as being complex |
| what happens if you construct a password that uses lowercase letters only and is eight characters long | you can use a password cracking utility to crack it quickly |
| what does adding character sets to the password do | make it increasingly harder to figure out |
| what happens if you construct a password that uses uppercase letters, lowercase letters, numbers and symbols | end up with a password that is potentially more difficult to remember (#$sU&qw!3) but much harder to crack |
| besides constructing strong passwords what needs to be practiced | good password hygiene |
| what is involved in good password hygiene | don't write your password down and post it under you keyboard or on your monitor , manual synchronization of passwords |
| why shouldn't you write your password down and post it under your keyboard or on your monitor | doing so completely defeats the purpose of having a password in the first place |
| what applications exist to help us manage all the logins and passwords we have for different accounts | password managers |
| what types of password managers exist | some are locally installed software and others are web or mobile device applications |
| what are the arguments for using password managers | when used carefully they can help you maintain good password hygiene |
| what are the arguments for not using password managers | some people think keeping all of your passwords in one place is a bad idea |
| what is another common problem with passwords | manual synchronization of passwords |
| what does manual synchronization of passwords mean | using the same password everywhere |
| what happens if you use the same password everywhere (use the same password for your email, your work login, an your online knitting discussion forum) P1 | your putting the security of all the accounts in the hands of those system owners. if any one of them is compromised, all of your accounts become vulnerable. |
| what happens if you use the same password everywhere (use the same password for your email, your work login, an your online knitting discussion forum) P2 | All attacker needs2do2access other accounts is look up account name on internet2find ur other accounts&log in using ur default password. By time attacker gets ur email account,attacker can use it 2 reset account credentials 4 any other accounts you have |
| why are some biometric identifiers may be more difficult to falsify than others | only because of the limitations of todays technology |
| as the limitations of todays technology decrease what needs to happen regarding biometric identifiers as an authentication mechanism | we'll need to develop more robust biometric characteristics to measure or else stop using biometrics as an authentication mechanism |
| what sort of devices are becoming increasingly common and inexpensive | biometric equipped devices |
| when determine what biometric equipped devices to use what should be considered | pays to research such devices carefully before you depend on them for security, as some of the cheaper versions are easy to bypass |
| what are the two ways you can use biometric systems | you can use them to verify the identity claim someone has put forth you can reverse the process and use biometrics as a method of identification |
| what process is commonly used by law enforcement agencies to identify the owner of fingerprints left on various objects | a biometric system is used as a method of identification |
| describe the complexity of using a biometric system as a method of identification for law enforcement agencies to identify the owner of fingerprints left on various objects | it can be a time consuming effort considering the sheer size of the fingerprint libraries held by such organizations |
| what needs to happen in order to use a biometric system to verify the identity claim someone has put forth or use biometrics as a method of identification | you need to put the user through some sort of enrollment process |
| what does the enrollment process to use a biometric system involve | enrollment involves recording the user's chosen biometric characteristic and saving it in a system |
| what is an example of a common biometric characteristic | a fingerprint |
| how does processing the biometric characteristic work | include noting elements that appear at certain parts of the image |
| what is minutiae | noting elements that appear at certain parts of a biometric characteristic image |
| what can minutiae be later used for | used to match the characteristic to the user |
| biometric factors are defined by what | seven characteristics |
| what are the seven characteristics that biometric factors are defined by | universality, uniqueness, permanence, collectability, performance, acceptability and circumvention |
| what does universality mean | you should be able to find your chosen biometric characteristic in the majority of people you expect to entroll in the system |
| describe the universality of of using a scar as an identifier | you might be able to use a scar as an identifier but you can't guarantee that everyone will have a scar. low universality |
| describe the universality of using a fingerprint | common characteristic, needs to be taken into account the fact that some people may not have an index finger on their right hand and be prepared to compensate for this. mid universality |
| what is uniqueness | a measure of how unique a characteristic is among individuals |
| what is a low uniqueness biometric identifier | height or weight, you'd find a good chance of finding several people in any given group who have the same height or weight |
| what biometric characteristics should you try to select | characteristics with a high degree of uniqueness |
| what are some biometric characteristics with a high level of uniqueness | DNA or iris patterns |
| True or False: Even a biometric characteristic with a high level of uniqueness could be duplicated whether intentionally or otherwise | True |
| Give an example where a high level of uniqueness biometric characteristic could be duplicated whether intentionally or otherwise | identical twins have the same DNA an attacker could replicate a fingerprint |
| what is permanence | tests how well a characteristic resists change over time and with advancing age |
| what happens if you choose a factor that can easily vary | you'll eventually find yourself unable to authenticate a legitimate user |
| what are examples of factors that can easily vary | height, weight, hand geometry |
| what is a better factor to use over height, weight | fingerprints |
| why are fingerprints a better factor to use over height and weight | they are unlikely to change without deliberate action |
| what is collectability | measures how easy it is to acquire a characteristic |
| what is a common biometric that is easy to acquire which is one of the reason they are common | fingerprints |
| what is a common biometric that is more difficult to aquire | DNA sample , because the user must provide a genetic sample to enroll and to authenticate again later |
| what is performance | measures how well a given system functions based on factors such as speed, accuracy and error rate |
| what is acceptability | is a measure of how acceptable the characteristic is to the users of the systems |
| describe the types of systems that are less likely to be acceptable to the user | systems that are slow, difficult to use, or awkward to use |
| what systems are unlikely to have a high degree of acceptability | systems that require users to remove their clothes, touch devices that have been repeatedly used by others, or provide tissue or bodily fluids |
| what is circumvention | describes how easy it is to trick a system by using a falsified biometric identifier |
| what is a classic example of of a circumvention attack against the fingerprint as a biometric identifier | the gummy finger. |
| what is the gummy finger attack | a fingerprint is lifted from a surface and used to create a mold with which the attacker can cast a positive image of the fingerprint in gelatin |
| some biometric systems have ____ to defeat attacks like the gummy finger | secondary features like measuring skin temperature, pulse, or pupillary response |
| True or False: There are many ways to measure the performance of a biometric system | True |
| what are the few primary metrics that are particularly important to measuring the performance of a biometric system | false acceptance rate (FAR), false rejection rate (FRR) |
| what does FAR stand for | false acceptance rate |
| what does FRR stand for | false rejection rate |
| what does FAR measure | how often you accept a user who should be rejected |
| what is FAR also called | false positive |
| what does false acceptance rate measure | how often you accept a user who should be rejected |
| what is another name for false acceptance rate | false positive |
| what does FRR measure | measures how often we reject a legitimate user |
| what does false rejection rate measure | measure how often we reject a legitimate user |
| what is FRR is also called | false negative |
| what is false rejection rate also called | false negative |
| what situations do you want to avoid in excess while measuring performance | false positives and false negatives |
| what should you aim to balance while measuring performance | balance between the two error types (FAR, FRR) |
| equal error rate (EER) | the balance between the two error types (FAR, FRR) |
| what does EER stand for | equal error rate |
| if you plot both the FAR and the FRR on a graph where is the ERR | marks the point where the two lines intersect |
| what is EER sometimes used to measure | the accuracy of biometric systems |
| what are some of the common issues that biometric systems are prone to | easy 2 forge some biometric identifiers, once forged its hard 2 re-enroll user in system privacy issues, once enrolled n biometric system u'r giving away a copy of the identifier. once in the system you have little/if any control over what happens 2 it |
| give an example that demonstrates the issues with biometric systems where an identifier gets forged during circumvention and its hard to re-enroll a user in the system | if u enroll user with both index fingers&those fingerprints get compromised,u could remove these from system&enroll 2 of their other fingers. but if u'v already enrolled all their fingers n system u'd have no way of re-enrolling them using fingers at all |
| in the event that the biometric system identifier gets compromised what may happen where it would be hard to re-enroll a user in the system | depending on the system in question, you may be able to select a different set of minutiae for the same identifier |
| biometric identifiers are | finite |
| what happened in 2015 that demonstrated the issues with biometric systems where an identifier gets forged during circumvention and its basically impossible to re-enroll a user in a system | when an attacker hacked the US Office of Personal Management and stole the fingerprint records of 5.6 million federal employess holding security clearances |
| how do you face privacy issues with biometrics | when your enrolled in a biometric system, you're essentially giving away a copy of the identifier. once such an item has been entered into a computer system you have little/if no control over what happens to it |
| what are identifiers that are commonly entered into a biometric system with serious privacy concerns | fingerprint, iris pattern, DNA sample |
| what happens to the biometric identifier once your no longer associated with the institution and the privacy considerations surrounding it | we can hope the institution would destroy such materials, but you have no way to guarantee this |
| what could affect you the rest of your life | repercussions of surrendering genetic material |
| what is a biometric identifier that the repercussions of surrendering genetic material could affect you for the rest of your life | DNA sampling |
| what is a standard hardware token | a small device that contain a certificate or unique identifier |
| what is the general form factor of a standard hardware token | generally the size and shape of a credit card or keychain fob |
| what do the simplest hardware tokens look identical to | universal serial bus (USB) flash drives |
| what does USB stand for | universal serial bus |
| what do the simplest hardware tokens contain | a certificate or unique identifier |
| what is another name for simple hardware tokens | dongles |
| what do more complex hardware tokens incorporate | liquid crystal displays (LCDs), keypads for entering passwords, biometric readers, wireless devices and additional features to enhance sercurity |
| what doe LCD stand for | liquid crystal display |
| what do many hardware tokens contain | an internal clock that generates a code based on the devices unique identifier, an input PIN or password & other potential factors |
| where is the hardware token code output | code is output to a display on the token |
| when does the hardware token code change | on a regular basis often every 30 seconds |
| what does the infrastructure used to keep track of these tokens do | can predict what the proper output will be at any given time in order to authenticate the user |
| what does the simplest type of hardware token represent | the something you have factor |
| what are hardware tokens susceptible to | theft and potential use by a knowledgeable criminal |
| what do you need to remember to safeguard | hardware tokens |
| what are generally not useful without the associated account credentials | hardware tokens |
| what do hardware tokens represent for the user's accounts | an increased level of security |
| what factors do more sophisticated hardware tokens represent | something you know or something you are |
| how do more sophisticated hardware tokens represent something you know or something you are | they might require a PIN or fingerprint |
| how does a more sophisticated hardware token enhance the security of the device | they might require a PIN or fingerprint. in addition to getting the hardware token, an attacker would need to either subvert the infrastructure that uses the device or extract the something u know/something u r factor from the legitimate owner of device |
Created by:
user-1830624
Popular Computers sets