CH3 User Authentication and Security Principles

Digital User Authentication

Establishing confidence in electronically presented identities.

Identification Step

Presenting an identifier to the security system.

Verification Step

Corroborating identity with authentication information.

Access Control

Regulating user permissions to resources.

User Accountability

Tracking user actions for security purposes.

Authentication Scenarios

Examples include logging into computers and websites.

Client-Server Vulnerabilities

Risks during client authentication to server.

Authentication Token

Something the individual possesses for authentication.

Static Biometrics

Physical traits like fingerprints for identity verification.

Dynamic Biometrics

Behavioral traits like voice patterns for identity verification.

Multifactor Authentication

Using multiple methods for user verification.

Assurance Level

Degree of certainty in user identity verification.

FIPS 199

Defines potential impact levels of security breaches.

Password-Based Authentication

User provides login and password for access.

Password Vulnerabilities

Weaknesses that can be exploited to breach security.

Countermeasures

Controls to prevent unauthorized access to passwords.

UNIX Password Storage

Old system stored hashed passwords in /etc/passwd.

Salt

Random data added to passwords before hashing.

Hash Function

Transforms input into a fixed-size string of characters.

Brute Force Attack

Trying all possible combinations to crack passwords.

Dictionary Attack

Using a list of common passwords to gain access.

Rainbow Table Attack

Using pre-computed hash tables to crack passwords.

Keystroke Logging

Recording keystrokes to capture passwords.

Intrusion Detection

Monitoring for unauthorized access attempts.

Account Lockout Mechanism

Prevents access after multiple failed login attempts.

Bcrypt

Secure hashing algorithm using Blowfish for passwords.

Complex password policy

Requires users to create stronger passwords.

Password-cracking techniques

Methods to guess or break passwords.

Password File Access Control

Prevents offline attacks by restricting access.

Shadow password file

Hidden file storing user passwords securely.

Vulnerabilities

Weaknesses in OS allowing unauthorized access.

Reactive password checking

System checks passwords against its own cracker.

Proactive Password Checking

Enforces rules to strengthen password security.

Bloom filter

Data structure for efficient password checking.

TOKEN-BASED AUTHENTICATION

Uses physical tokens for user authentication.

Smart Tokens

Tokens with embedded microprocessors for security.

Smart Cards

Credit card-like tokens with processing capabilities.

Electronic Identity Cards (eID)

Smart cards serving as national identity cards.

Biometric Authentication

Uses unique physical traits for user verification.

False Match

Different biometric data incorrectly identified as same.

False Non-Match

Same biometric data incorrectly identified as different.

Remote User Authentication

Authentication over networks with additional security threats.

Eavesdropping

Listening to capture passwords during transmission.

Replay Attack

Reusing captured authentication sequences to gain access.

Trojan Horse

Malicious software masquerading as legitimate applications.

Denial-of-Service Attack

Flooding service with requests to disable it.

Client Attack

Attacks targeting user authentication processes.

Host Attack

Attacks directed at the host's user files.

Biometric Sensor

Device capturing biometric data for authentication.

Matching Score

Numeric value comparing biometric data for verification.

Authentication Protocol

Rules governing the authentication process.

Dynamic Password Generator

Creates temporary passwords for secure access.

Challenge-Response Protocol

Authentication method using prompts and responses.

User Education

Teaching users about strong password practices.

Password Selection Strategies

Guidelines for users to create secure passwords.

Computer Generated Passwords

Automatically created passwords often hard to remember.

Accident with Permissions

Unintentional exposure of sensitive files.

Sniffing

Capturing passwords from network traffic.