4. Auth-AC - Control Questions Flashcards
(32 cards)
What do we mean by (user) authentication?
user authentication = process of proving a claimed identity
What are the 3 approaches to user authentication in computer systems?
○ three basic approaches to user authentication
■ passwords and alike (what you know)
■ hardware tokens (what you have)
■ biometrics (what you are)
What are the advantages and the disadvantages of passwords?
○ advantages
■ simple and intuitive (easy to understand by average users)
■ cheap to implement
○ disadvantages
■ password must be memorized by the user
● users tend to choose guessable passwords
● users tend to use the same password on multiple systems
■ passwords or password hashes must be stored by the verifier
● password files can be stolen and analyzed off-line
● brute force and dictionary attacks are possible
■ password can be obtained on its way from the user to the verifier
● key stroke logging, shoulder surfing
● eavesdropping (encrypted transport between remote parties is essential)
● replay attacks (encryption alone is not enough)
■ passwords are easy to reveal and share
● social engineering attacks are possible
What is the model of password based authentication? (figure)
ábra
What do salting and stretching mean and what is their goal in case of password hashing?
○ design principles:
○ multiple iterations make exhaustive search slower (stretching)
○ user salt makes pre-computation attacks impractical
○ modified DES prevented the use of off-the-shelf DES hardware
+ ábra
What are the main weaknesses of Windows’ LM hash?
○ two halves can be cracked separately
○ conversion to uppercase reduces the size of the password space
What is a dictionary attack in the context of password based authentication?
list contains words from a dictionary (and their variations)
■ user-chosen passwords are often meaningful words that can be found in dictionaries
■ password cracking programs using dictionaries are available on the Web
Why does salting make a rainbow table based attack too expensive for the attacker?
time-memory trade-off:
■ given a fixed pre-computation effort t*m, we can adjust the time (~t 2 ) needed to break a
hash by changing the memory requirement (~2m)
■ hash cracking can be faster at the expense of more storage
How can we measure the strength of a randomly chosen password?
○ strength of randomly chosen passwords against brute force attack can be calculated with
precision:
■ H = L * log 2 N
○ where N is the number of possible symbols and L is the length of the password (in symbols), and
the unit of H is a bit
○ H is essentially the entropy of a randomly chosen password
What is the model of smart card based authentication? (figure)
ábra
What is the untrusted terminal problem?
○ smart cards have no user interface → PIN must be entered through the user terminal
○ a malicious terminal can use the PIN to request a signature from the smart card on any message
examples for potentially untrusted terminals:
■ a terminal installed at a public place (e.g., a PC in a hotel or airport lounge, Internet cafe,
…)
■ a terminal operated by an untrusted principal (e.g., an ATM or a payment terminal of an
unknown merchant in a foreign country)
■ the user’s own PC or smart phone ???
What is the basic model of biometric authentication? (figure)
ábra
What properties should a physiological feature have to be usable for biometric authentication?
○ universality – every person should have the characteristic
○ uniqueness – no two persons should be the same in terms of the characteristic
○ permanence – the characteristic should be invariant with time
○ collectability – the characteristic can be measured quantitatively
○ circumvention – it should be difficult to fool the system by fraudulent techniques
Give a few examples for biometric authentication approaches!
○ fingerprint ○ iris ○ retina ○ face ○ ear ○ hand ○ geometry ○ voice ○ thermogram (face) ○ key stroke dynamics (behavioral) ○ dynamics of handwritten signature (behavioral)
What is a fingerprint minutia?
○ ending: termination of a ridge ○ bifurcation: split of a ridge from a single path to two paths (Y-junction) ○ minutiae are represented by their: ■ type (ending, bifurcation) ■ position ■ direction
What types of global fingerprint patterns do exist?
○ Arch
○ Loop
○ Whorl
What are the fingerprint processing steps?
○ image capture
■ obtaining the fingerprint image
○ noise reduction and image enhancement
■ uses inherent redundancy of parallel ridges
■ ridges oriented in the same direction as those in the same locality are enhanced, and
anything oriented differently are decreased
■ this eliminates noise that may join adjacent ridges (flowing perpendicular to the local
flow)
○ feature extraction
■ binarization of the image from gray-scale to black and white
■ reducing the widths of the ridges down to a single pixel (thinning)
■ minutia detection
How does fingerprint matching work?
○ the most common is minutiae based matching –
○ coarse alignment of the two fingerprints based on local minutia structures, and consolidation of
the local matching results at a global level
○ consists of four steps:
■ 1. compute pairwise similarity between minutiae
● use minutia descriptors that are invariant to rotation and transposition
■ 2. alignment of the two fingerprints according to the most similar minutia pairs
■ 3. establishment of minutia correspondence
● minutiae that are close enough both in location and direction are deemed to be
matching
■ 4. computing a global similarity score and making a decision
● if the similarity score is beyond a threshold, then the fingerprints are considered to
be matching
What do false positives and a false negatives mean in biometric authentication?
○ false rejection (FR) or Type I error
○ false acceptance (FA) or Type II error
What is the basic model of access control? (figure and terminology)
model and terminology:
■ subject:
● an active entity that tries to
perform some access
operation
● typically a process running
on behalf of a user or some other principal
■ object:
● a passive entity representing the resource being accessed by the subject
● typical examples: files, channels, programs, memory locations, devices, …
■ access operation:
● defines the nature of access
● typical examples: read, write, append, execute, create, delete, search, …
■ reference monitor:
● guards the resource by enforcing some access control
What is the difference between a discretionary and a mandatory access control system?
○ discretional access control (DAC):
■ each resource has an owner (can be an untrusted user)
■ owner can decide who is allowed to have access to the resource
■ thus, access control is at the discretion of the (potentially untrusted) owner
○ mandatory access control (MAC):
■ resources have no owners, they belong to security classes
■ a system-wide policy determines if a subject from a given security class can access an
object in another security class
■ only trusted administrators can modify the policy, and only by using trusted programs
What is an ACL and a C-List?
○ access control list (ACL)
■ describes which subjects have which types of access to a particular object
■ can be considered as a column of the access matrix
■ instead of individual subjects, access operations are often defined for groups of subjects
■ makes it convenient to manage access rights on a given resource
○ capability list (C-List)
■ defines what access operations a given subject is permitted on different objects
■ can be considered as a row of the access control matrix
■ not widely used
● operating systems tend to be geared towards managing objects (system resources),
so the concept of ACLs attached to objects fits better
● revocation of access rights on a given object may be difficult
How is a security label defined in MAC systems?
○ let H be a set of classifications with linear ordering
■ e.g., unclassified < confidential < secret < top secret
○ let C be a set of categories
■ e.g., project names, company divisions, …
○ let us call a subset of C as a compartment
○ a security label is a (classification, compartment) pair (h, c)
○ security labels are partially ordered
What is the Bell-LaPadula model? (objective, enforcement rules)
○ subjects and objects have security labels assigned to them
○ the BLP model defines two key properties for information flow secrecy enforcement:
■ simple-security property
■ security property
○ intuition:
■ the simple-security property is quite obvious (it prevents unauthorized subjects from
reading sensitive data)
■ the *-security property prevents any process from writing secrets to a security class that
they dominate even if the process is a Trojan horse, it cannot leak data to unauthorized
subjects
