Deck 15: User Authentication Protocols

Any timestamp based procedure must allow for a window of time sufficiently large enough to accommodate network delays yet sufficiently small to minimize the opportunity for attack.

User authentication is the means by which a user provides a claimed identity to the system.

There are a variety of problems including dealing with false positives and false negatives,user acceptance,cost,and convenience with respect to biometric authenticators.

The operating system cannot enforce access-control policies based on user identity.

An e-mail message should be encrypted such that the mail handling system is not in possession of the decryption key.

Kerberos provides a trusted third party authentication service that enables clients and servers to establish authenticated communication.

Identity federation is in essence an extension of identity management to multiple security domains.

For network based user authentication the most important methods involve cryptographic keys and something the individual possesses,such as a smart card.

Because there are no potential delays in the e-mail process timestamps are extremely useful.

Examples of dynamic biometrics include recognition by fingerprint, retina,and face.

It is the ticket that proves the client's identity.

Once the server verifies that the user ID in the ticket is the same as the unecrypted user ID in the message it considers the user authenticated and grants the requested service.

Identity providers may also assign attributes to users,such as roles,access permissions,and employee information.

User authentication is the basis for most types of access control and for user accountability.

____________ is a centralized,automated approach to provide enterprise wide access to resources by employees and other authorized individuals.

There are four general means of authenticating a user's identity.They are: something the individual knows,something the individual possesses,something the individual is,and something the individual __________ .

__________ in Greek mythology is a three headed dog with a serpent's tail that guards the entrance of Hades.

The first published report on Kerberos listed the following requirements: secure,reliable,scalable and __________ .

Examples of something the individual possesses would include cryptographic keys,electronic keycards,smart cards,and physical keys.This type of authenticator is referred to as a __________ .

An authentication process consists of two steps: identification step and __________ step.

_________ protocols enable communicating parties to satisfy themselves mutually about each other's identity and to exchange session keys.

A __________ attack is where an opponent intercepts a message from the sender and replays it later when the timestamp in the message becomes current at the recipient's site.

The _________ is responsible for generating keys to be used for a short time over a connection between two parties and for distributing those keys using the master keys to protect the distribution.

To convince the server that a user is authentic,the authentication server creates a _________ that contains the user's ID and network address and the server's ID and sends it back to the client so they can continue the request for service.

Intended to provide an integrity check as part of the encryption operation,encryption in Kerberos Version 4 makes use of a nonstandard mode of DES known as ____________.It has been demonstrated that this mode is vulnerable to an attack involving the interchange of ciphertext blocks.

__________ is an authentication service developed as part of Project Athena at MIT.

A concept dealing with the use of a common identity management scheme across multiple enterprises and numerous applications and refers to the agreements,standards,and technologies that enable the portability of identities,identity attributes,and entitlements across multiple enterprises and numerous applications and supporting many thousands,even millions,of users is _________ .

The ticket granting ticket is encrypted with a secret key known only to the AS and the __________ .

A solution,which eliminates the burden of each server having to confirm the identities of clients who request service,is to use an __________ that knows the passwords of all users and stores these in a centralized database and shares a unique secret key with each server.