Authentication Flashcards

Flashcards about Authentication

Authentication

A scenario where a party presents a principal’s identity and claims to be that principal.

Claimant

The party presenting a principal’s identity and claiming to be that principal.

Verifier

The party gaining confidence that the claim is legitimate.

Entity authentication

An identity presented by a remote party participating in a communication connection or a session.

Data origin authentication

An identity that is processed along with a data item, claiming that the data originated from the principal identified.

Identification

Claiming an identity.

Verification

The mechanism of verifying that identification or letting the system validate the claimed identity.

Something you know

Information that you store it in your memory and can retrieve it when needed; e.g., passwords, PINs, secret codes.

Something you are

Information that is in you—a characteristic that only you and no one else has; e.g., behavioral traits like signature, voice; physical traits like thumbprint, face.

Something you have

Information that you can physically carry with you; e.g., MyKad, Passport, smartcards, keys.

Something you do

An action you must take to complete authentication.

Somewhere you are

Related to location; e.g., detecting a user’s location via Internet Protocol (IP) addresses, or Media Access Control (MAC) addresses.

Social Engineering

Attacks on passwords that involve revealing passwords through social engineering attacks, including phishing, shoulder surfing, and dumpster diving.

Hash Algorithm

A one-way function that creates a unique digital fingerprint of the password.

Brute Force Attack

An exhaustive attack on a password authentication system by trying out all possible combinations of passwords.

Dictionary Attack

An attack that begins with the attacker creating digests of common dictionary words as candidates and then comparing them against those in a stolen digest file.

Salt

A unique random code added to a password to make it unique.

Biometrics

Biological properties based on some physical characteristic of the human body.

False positive

Incorrectly confirming an identity.

False negative

Incorrectly denying an identity.

What You Have

Authenticating a user by having a specific item in their possession.

Multifactor authentication

Using more than one type of authentication credential.

Memory Cards

Cards that can store but do not process data, often with a magnetic stripe.

Smart Tokens

Tokens that include an embedded microprocessor.

Smart Card

A card containing an integrated circuit chip that can hold information.

TOTP

A time-based one-time password that changes after a set time period.

Something You Do

A type of authentication which proves identities by observing actions, also known as Behavioral / Cognitive Biometrics.

Picture Gesture Authentication (PGA)

Authenticating users using gestures and touches on a picture.

Keystroke Dynamics

Recognizing a user’s unique typing rhythm.

Voice Recognition

Authenticating users based on the unique characteristics of a person’s voice.

Somewhere You Are

Authentication based on where the user is located, known as geolocation.

Federated Identity Management

A union of separate identification and authentication systems.

Single Sign-On (SSO)

Lets a user log on once per session but access many different applications/systems.

Multifactor Authentication

Combining authentication information from multiple factors.