MIS 170 - Chapter 3

avatar
Created by
Thao Nguyễn

Cards (141)

  • Identification
    user claim an identity
  • User claim identity by
    • Username
    • Certificate
    • Token
    • SSH key
    • Smart card
  • Username

    Unique sequence of characters assigned to a user
  • Certificate
    digital credential that binds the identity of a user to a cryptographic key
  • Token
    physical device that can generate a unique code
  • SSH key
    cryptographic key-pair
  • Smart card
    Card with embedded microchip
  • Attribute
    Specific characteristic of an identity
    Can be name, email, location, password
  • Identity and Access Managements (IAM/IdM)

    Framework of technologies and policies for managing user identities in a system and controlling user access to the system's resources
  • Authentication
    Verify or provide a user's claim to an identity
  • Authentication factors
    Different types of evidence to prove the user's claim to an identity like user's possession of device, user's location ,..
  • Authentication protocol
    Computer communications protocol designed for securely transferring authentication information between two parties
    • Password authentication protocol (PAP)
    • Challenge handshake authentication protocol (CHAP)
    • Kerberos
    • EAP
    • IEEE 802.1X
    • RADIUS
    • TACACS+
  • Authorization
    Grant access to a system resource
  • Subject
    The entity want to access the system resources
    • Human, application, process or device
  • Object
    System resource
  • Access control model 

    Set of technology-independent rules for controlling access to an object by a subject
  • Authentication factor
    evidence used to prove the user's claim to an identity
  • Knowledge factor
    something you know
    • PIN, password
  • Possession factor
    Something you have
    • Smart card, mobile phone
  • Inherence factor
    Something you are
    • fingerprints, voiceprints, retina, iris patterns
  • Location factor
    Somewhere you are
    • Location like GPS, IP address
  • Behavior factor
    Something you do
    • hand gesture,
  • Single-factor authentication

    require a user's smart card or user's password
  • Two-factor authentication

    Like password and verification code sent to a user's mobile phone
  • Multi-factor authentication (MFA)

    Number of authentication
    • Greater number of authentication factor negatively impacts user experience and reduces system usability
  • Knowledge-based authentication
    the method that requires knowledge of user's personal information to validate a user's claimed identity
  • Static KBA = Shared secrets
    • Based on pre-agreed set of shared questions between system and users
    • user's answers to a set of questions by authentication systems
  • Dynamic KBA
    Based on knowledge questions complied from public and private information like credit report and historical of financial transactions
  • One-time password (OTP)
    An authentication code that can only be used once
    • 6-10 digit code
    • authentication system that deploys 2FA
  • OTP
    • Prevent a user sharing the user's password with another party from using the same password on multiple system
    • Remove the need for having complex password that difficult for user to remember
    • Can be generated by a software application or a hardware device or delivered to a user by email, short message, or phone call
  • OTP
    • Time-based one-time password (TOTP)
    • HMAC-based one-time password (HOTP)
  • TOTP
    One time password that changes periodically
    • Generated using a timer and a secret key
    • A change in TOTP is based on an increment of time call TIMESTEP
    • is valid for tilmestep is between 30-180
  • HOTP
    One time password that changes based on an event
    • Generated using a counter and a secret key
    • HOTP router is incremented by an event such as press of a button on an HOTP generator device
    • Valid until the HOTP is used or until a new HOTP is generated
  • Software-based OTP
    An authentication application = software token
    • authentication application must be configured for used with an authentication server. The server send a secret key to the application -> the secret key is used by the application to generate OTPs for future authentications request to then server
  • Push notification
    Notification sent by an authentication server to a mobile device associated with a user
    • informs a user of an authentication attempt
    • An attempt is approved if the user performs an action like pushing a Botton, opening an application
    • This uses a possession factor (User's phone) to validate the user's identity
    • Does not deliver an OTP
  • Seed
    A secret key shared between an authentication server and a software token
  • hardware-based OTP
    Security token = token key, security key or password key
    • Hardware device that generate an OTP
    • Security token has an encoded secret key that only shared with an authentication server
    • Security token does not store an OTP on a network device like mobile phone so it's more secure than authentication relies on SMS or email
  • Static code
    a pre-generated OTP
    • Generated by both hardware or software-based OTP generator and saved on a secured storage media for later use
  • OTP
    Is pre generated and used when a hardware or software security token and a network connection does not exits
  • Hardware-based security
    Hardware that can be authentication to ensure an unauthorized operation is not perform on data and systems
    • Trust Platform Module (TPM)
    • Hardware Security Module (HSM)