Deck 16: User Authentication

SSO enables a user to access all network resources after a single
authentication.

the simplest replay attack is one in which the opponent simply
copies a message and replays it later.

Multifactor authentication is generally no more secure than single
factor authentication.

the challenge-response approach is unsuitable for a
connectionless type of application beause it requires the overhead of a handshake before any connectionless transmission.

the credential service provider is a trusted entity that issues or
registers subscriber authenticators.

there are a variety of problems including dealing with false
positives and false negatives, user acceptance, cost, and
convenience with respect to biometric authenticators.

Subscriber is a subject whose identity is to be verified using one or
more authentication protocols.

there are four general means, or authentication factors, of
authenticating a user's identity, which can be used alone or in combination.

Kerberos relies exclusively on symmetric encryption.

the clocks among the various participants are not required to be
synchronized when using the timestamp approach.

One way to counter suppress-replay attacks is to enforce the
requirement that parties regularly check their clocks against the KDC's clock.

Authentication enables organizations to keep their networks
secure by permitting only authenticated users to access its protected resources.

Examples of dynamic biometrics include recognition by fingerprint,
retina, and face.

Inherence factor is something the individual is or does.

Identity federation is in essence an extension of identity
management to multiple security domains.

the __________ is an entity that verifies the claimant's identity by verifying the claimant's possession and control of one or two authenticators using an authentication protocol.

____________ authentication involves a single transfer of information from one user (A) intended for another (B).

the __________ is a data structure that authoritatively binds an identity and additional attributes to one or more authenticators possessed by a subscriber, and can be verified when presented to the verifier in an authentication transaction.

_________ protocols enable communicating parties to satisfy themselves mutually about each other's identity and to exchange session keys.

A Kerberos _____ is a set of managed nodes that share the same Kerberos database.

User __________ is the process of determining whether some user or some application or process acting on behalf of a user is, in fact, who or what it declares itself to be.

__________ are items that connect to a computer logically or physically in order to authenticate identity.

the specific items used during authentication, such as a password or hardware token, are referred to as __________ .

Requiring the user to demonstrate knowledge of secret information and routinely used in single-layer authentication processes, __________ can come in the form of passwords, passphrases, PINs, or answers to secret questions.

the three authentication factors of authenticating a user's identity are: knowledge factor, possession factor, and __________ factor.

A ticket is encrypted with a secret key known only to the
AS and the __________ .

A __________ is a random value to be repeated in a message to assure that the response is fresh and has not been replayed by an opponent.

Characteristics, called __________ , that are unique or almost unique to the individual, include fingerprint, voice, handwriting, and face.

In order to convince a server that a user is authentic, the authentication server creates a __________ that is encrypted using the secret key shared by the AS and that server that contains the user's ID and network address and the server's ID.

Principal names consist of three parts: a service or user name, an __________ ,
and a realm name.