Auth and Passwords Flashcards
1
Q
Main Objectives(CANADAA)
A
- Authentication(identity) crypto
- Authorisation(permission)
- Confidentiality(encryption) crypto
- Data Integrity(unmodified) crypto
- Accountability(responsibility)
- Availability(access)
- Non repudiation(undeniability) crypto
2
Q
3 types of Auth
A
- Something you know
- Something you have
- Something you are
3
Q
Something you know(1)
A
- Passwords
4
Q
2 Advantages of passwords
A
- simple to implement
- easy to understand
5
Q
2 Disadvantages of passwords
A
- Users do not choose strong passwords
- can be exposed to keyloggers
6
Q
How hackers crack passwords(2steps)
A
- sniff and extract password hash
- Store common passwords with precomputed hashes in dictionaries
7
Q
Solution against keyloggers
A
One Time Passwords, new password each time log in, something you have
8
Q
Something you have(3)
A
- OTP cards
- Smart cards
- ATM cards
9
Q
OTP cards
A
- new password on card each time user logs in
- server verifies password
- password only generated when user enters PIN
10
Q
Smart cards
A
- tamper resistant, breaks when cracked open physically
- smart card challenges smart card reader, then user enters PIN
11
Q
Smart card 2 -ves
A
- Smart card reader must be trusted
- Smart card power consumption reveals contents stored
12
Q
ATM cards
A
- magnetic strip on back of card stores data for auth
13
Q
Problem and Solution for ATM cards
A
magnetic strip easy to copy
Sol: holograms/ other hard to copy elements on the cards
14
Q
Something you are(Biometric)(7)
A
- Palm Scan
- Iris Scan
- Retina Scan
- Fingerprint
- Voice
- Face
- Signature
15
Q
Palm Scan
A
-measures size of hand and fingers + curves
-better than fingerprint scans