Chapter 3 – User Authentication
TRUE/FALSE QUESTIONS:
T F 1. Userauthenticationisthefundamentalbuildingblockandtheprimary lineofdefense.
T F 2. Identificationisthemeansofestablishingthevalidityofa claimed identityprovidedbya user.
T F 3. Dependingonthedetailsoftheoverallauthentication system,theregistrationauthorityissuessomesort ofelectronic credentialtothesubscriber.
T F 4. Manyuserschoosea passwordthatistooshortortooeasyto guess.
T F 5. Userauthenticationisaprocedurethat allowscommunicatingpartiesto verifythatthecontentsofareceivedmessagehavenotbeenalteredand thatthesourceisauthentic.
T F 6. Agoodtechniquefor choosingapasswordistousethefirstletterof eachwordofaphrase.
T F 7. Userauthenticationisthebasisformosttypesofaccesscontroland for useraccountability.
T F 8. Memorycardsstoreandprocessdata.
T F 9. Dependingontheapplication,userauthenticationonabiometric systeminvolveseitherverificationoridentification.
T F 10. Enrollmentcreatesanassociationbetweenauserandtheuser’s biometriccharacteristics.
T F 11. Anindividual’ssignatureisnotuniqueenoughtouseinbiometric applications.
T F 12. Identifiersshouldbe assigned carefullybecauseauthenticated identitiesarethebasisforothersecurityservices.
T F 13. Asmartcardcontainsanentiremicroprocessor.
T F 14. Keyloggingisa formofhostattack.
T F 15. In abiometricschemesomephysicalcharacteristicoftheindividualis mappedintoadigital representation.
MULTIPLE CHOICE QUESTIONS:
1. __________definesuser authenticationas“theprocessofverifyinganidentity claimedbyorfor asystementity”.
A. RFC4949 C. RFC2298
B. RFC2493 D. RFC2328
2. Presentingor generatingauthenticationinformationthatcorroboratesthebinding betweenthe entityandtheidentifieristhe___________.
A. identificationstep
B.authenticationstep
C. verificationstep
D. corroborationstep
3. Recognitionbyfingerprint,retina,andface are examplesof__________.
A. facerecognition
B. staticbiometrics
C. dynamicbiometrics
D. tokenauthentication
4. A__________isapasswordguessingprogram.
A. passwordhash
B. passwordbiometric
C. passwordcracker
D. passwordsalt
5. The__________strategyiswhenusers aretoldtheimportanceofusinghardto guesspasswordsandprovidedwithguidelinesfor selectingstrongpasswords.
A. reactivepassword checking
B. computer-generatedpassword
C. proactivepasswordchecking
D. usereducation
6. A__________strategyisoneinwhichthesystemperiodicallyrunsitsown passwordcrackertofind guessablepasswords.
A. usereducation
B. reactivepasswordchecking
C. proactivepasswordchecking
D. computer-generatedpassword
7. Themostcommonmeansofhuman-to-humanidentificationare__________.
A. facial characteristics
C. signatures
B. retinalpatterns D. fingerprints
8. __________systemsidentifyfeaturesofthehand,includingshape, and lengths andwidthsoffingers.
A. Signature C. Handgeometry
B. Fingerprint D. Palmprint
9. Eachindividualwhoistobeincludedinthedatabaseof authorizedusersmustfirst be__________inthesystem.
A. verified C. authenticated
B. identified D. enrolled
10. Tocounterthreatstoremoteuser authentication,systems generallyrelyonsome formof___________protocol.
A. eavesdropping
B. challenge-response
C. Trojanhorse
D. denial-of-service
11. A__________iswhenanadversaryattemptstoachieveuserauthentication withoutaccesstotheremotehostortotheinterveningcommunicationspath.
A. clientattack
B. hostattack
C. eavesdroppingattack
D. Trojanhorse attack
12. A__________isdirectedattheuserfile atthehostwherepasswords, token passcodes,orbiometrictemplatesarestored.
A. eavesdroppingattack
B. clientattack
C. denial-of-service attack
D. hostattack
13. A__________attackinvolvesanadversaryrepeatingapreviouslycaptureduser response.
A.client
B.Trojanhorse
C. replay
D. eavesdropping
14. Aninstitutionthatissuesdebitcardstocardholdersandisresponsible forthe cardholder’saccountand authorizingtransactionsisthe_________.
A. cardholder
B. issuer
C. auditor
D.processor
15. __________allowsanissuertoaccessregionalandnationalnetworks that connectpointofsaledevicesandbanktellermachinesworldwide.
A. EFT
B. BTM
SHORT ANSWER QUESTIONS:
C. POS
D. ATF
1. Anauthenticationprocessconsistsofthe_________stepandtheverificationstep.
2. Voicepattern,handwritingcharacteristics,and typingrhythmareexamplesof __________biometrics.
3. A__________isaseparate filefromtheuser IDswherehashedpasswordsarekept.
4. Withthe__________policyauserisallowedtoselecttheirownpassword,butthe systemcheckstoseeifthepasswordisallowable.
5. Thetechnique fordevelopingan effectiveand efficientproactivepasswordchecker basedonrejectingwords onalistisbasedontheuseofa __________filter.
6. Objectsthatauserpossessesforthepurposeof userauthenticationare called______
7. Authenticationprotocolsusedwithsmarttokenscanbeclassifiedintothree categories: static,dynamicpassword generator,and___________.
8. A__________authenticationsystemattemptstoauthenticateanindividualbasedon hisorheruniquephysicalcharacteristics.
9. The__________isthepatternformedbyveins beneaththeretinalsurface.
10. Ahostgeneratedrandomnumberisoftencalleda__________.
11. __________,inthecontextofpasswords,referstoanadversary’s attempttolearn thepasswordbyobservingtheuser,findingawrittencopyofthepassword, orsome similarattackthatinvolvesthephysicalproximityofuserand adversary.
12. In a__________attack,anapplicationorphysicaldevicemasquerades asan authenticapplicationordeviceforthepurposeofcapturingauserpassword, passcode,orbiometric.
13. A__________attackattemptstodisableauserauthenticationservice byflooding theservice withnumerousauthenticationattempts.
14. A__________isanindividualtowhomadebitcardisissued.
15. The__________stepispresentingor generatingauthenticationinformationthat corroboratesthebindingbetweenthe entityandtheidentifier.