Chapter 2 - Toolbox: Authentication, Access Control and Cryptography

Question 1

Identification

Answer 1

the act of asserting who a person is.

Question 2

Authentication

Answer 2

the act of proving that asserted identity: that the person is who she says she is.

Question 3

Salt

Answer 3

user-specific component joined to an encrypted password to distinguish identical passwords

Question 4

Rainbow table:

Answer 4

precomputed list of popular values, such as passwords

Question 5

exhaustive or brute force attack

Answer 5

the attacker tries all possible passwords,

usually in some automated fashion.

Question 6

Biometrics

Answer 6

biological properties, based on some physical characteristic of the human body.

Question 7

Sensitivity

Answer 7

measures the degree to which the screen selects those whose names correctly match the person sought

Question 8

Specificity

Answer 8

measures the proportion of negative results among

all people who are not sought.

Question 9

Accuracy or efficacy

Answer 9

measures the degree to which the test

or screen correctly flags the condition or situation

Question 10

Prevalence

Answer 10

tells us how common a certain condition

or situation is.

Question 11

positive predictive value of a test

Answer 11

a number that expresses how many times a positive match actually represents the identification of the sought person

Question 12

receiver operating characteristic (ROC) curve

Answer 12

a graphical representation of the trade-off between the false negative and false positive rates.

Question 13

passive token

Answer 13

do nothing, the contents of the token never

change.

Question 14

active token

Answer 14

can have some variability or interaction with its surroundings

Question 15

static token

Answer 15

The value remains fixed. most useful for onsite authentication

Question 16

Skimming

Answer 16

the use of a device to copy authentication data surreptitiously and relay it to an attacker

Question 17

dynamic token

Answer 17

have computing power on the token to change their internal state.

Question 18

federated identity management scheme

Answer 18

unifies the identification and authentication

process for a group of systems.

Question 19

multifactor authentication

Answer 19

Combining authentication information

Question 20

two-factor authentication

Answer 20

Two forms of authentication are presumed to be better than one, assuming of course that the two forms are
strong.

Question 21

basic access control paradigm

Answer 21

A subject is permitted to access an object in a particular mode, and only such authorized accesses are allowed.

Question 22

granularity

Answer 22

the fineness or specificity of access control

Question 23

audit log

Answer 23

Systems also record which accesses have

been permitted,

Question 24

Limited privilege

Answer 24

the act of restraining users and processes so that any harm they can do is not catastrophic

Question 25

Reference monitor

Answer 25

access control that is always invoked, tamperproof, and verifiable

Question 26

access control matrix

Answer 26

a table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object.

Question 27

access control list

Answer 27

representation corresponds to columns of the access control matrix. There is one such list for each object, and the list shows all subjects who should have access to the object and what their access is.

Question 28

privilege list/ directory

Answer 28

a row of the access matrix, showing all those privileges or access rights for a given subject

Question 29

capability

Answer 29

an unforgeable token that gives the possessor certain rights to an object. Single- or multi-use ticket to access an object or service

Question 30

transfer or propagate

Answer 30

subject having this right can pass copies of capabilities to other subjects.

Question 31

domain

Answer 31

the collection of objects to which the process has access

Question 32

procedure-oriented protection

Answer 32

can perform actions specific to a particular object in implementing access control.

Question 33

Role-based access control

Answer 33

lets us associate privileges with groups, such as all administrators can do this or candlestick makers are forbidden to do that. Recognizes common needs of all members of a set of subjects.

Question 34

Encryption or cryptography, encode, encipher

Answer 34

the name means secret writing—is probably the strongest defense in the arsenal of computer security protection. Conceals data against unauthorized access.

Question 35

decryption, decode, decipher

Answer 35

transforming an encrypted message back into its normal, original form

Question 36

cryptosystem.

Answer 36

A system for encryption and decryption

Question 37

Ciphertext:

Answer 37

encrypted material

Question 38

plaintext:

Answer 38

material in intelligible form

Question 39

algorithms

Answer 39

A cryptosystem involves a set of rules for how to encrypt the plaintext and decrypt the ciphertext.

Question 40

key

Answer 40

algorithms, often use a device so that the resulting ciphertext depends on the original plaintext message,

Question 41

symmetric or single-key or secret key encryption

Answer 41

the same key, K, is used both to encrypt a message and later to decrypt it.

Question 42

asymmetric or public key

Answer 42

At other times, encryption and decryption keys come in pairs. Then, a decryption key, KD, inverts the encryption of key KE

Question 43

keyless cipher

Answer 43

An encryption scheme that does not require the use of a key

Question 44

cryptanalyst

Answer 44

studies encryption and encrypted messages, hoping to find the hidden meanings Normally, works on behalf of an unauthorized interceptor

Question 45

cryptographer

Answer 45

attempt to translate coded material back to its original form. Normally, works on behalf of a legitimate sender or receiver,

Question 46

cryptology

Answer 46

the research into and study of encryption and decryption; it includes both cryptography and cryptanalysis

Question 47

breakable

Answer 47

given enough time and data, an analyst can determine the algorithm

Question 48

work factor

Answer 48

The difficulty of breaking an encryption

Question 49

key management

Answer 49

It involves storing, safeguarding ,and activating keys.

Question 50

stream encryption

Answer 50

each bit, or perhaps each byte, of the data | stream is encrypted separately.

Question 51

block cipher

Answer 51

encrypts a group of plaintext symbols as a single | block.

Question 52

Rijndael

Answer 52

a fast algorithm that can easily be implemented on simple processors

Question 53

The Rivest–Shamir–Adelman (RSA) cryptosystem

Answer 53

a public key system. Based on an underlying hard problem and named after its three inventors

Question 54

Man-in-the-middle failure

Answer 54

an unauthorized third party intercedes in an activity presumed to be exclusively between two people

Question 55

nonce,

Answer 55

a random value meaningless in and of itself, to show activity (liveness) and originality (not a replay).

Question 56

collision

Answer 56

Two inputs that produce the same output

Question 57

parity check

Answer 57

The simplest error detection code

Question 58

cyclic redundancy

Answer 58

detects errors in recording and playback

Question 59

error correction codes

Answer 59

can detect multiple-bit errors (two or more bits changed in a data group) and may be able to pinpoint the changed bits (which are the bits to reset to correct the modification).

Question 60

seal a file

Answer 60

cryptography can be used to encase a file so that any change becomes apparent.

Question 61

hash or checksum or message digest

Answer 61

One technique for providing the seal is to compute | a function,

Question 62

one-way functions

Answer 62

Functions, which are much easier to compute than their inverses.

Question 63

cryptographic checksum

Answer 63

a cryptographic function that produces a checksum. It is a digest function using a cryptographic key that is presumably known only to the originator and the proper recipient of the data.

Question 64

digital signature

Answer 64

a protocol that produces the same effect as a real signature: It is a mark that only the sender can make but that other people can easily recognize as belonging to the sender.