Chapter 3 - User Authentication
__________ systems identify features of the hand, including shape, and lengths and widths of fingers.
Hand geometry
An institution that issues debit cards to cardholders and is responsible for the cardholder's account and authorizing transactions is the _________.
issuer
Objects that a user possesses for the purpose of user authentication are called ______
tokens
A good technique for choosing a password is to use the first letter of each word of a phrase.
true
A smart card contains an entire microprocessor.
true
Depending on the application, user authentication on a biometric system involves either verification or identification.
true
Enrollment creates an association between a user and the user's biometric characteristics.
true
Identification is the means of establishing the validity of a claimed identity provided by a user.
true
Identifiers should be assigned carefully because authenticated identities are the basis for other security services.
true
In a biometric scheme some physical characteristic of the individual is mapped into a digital representation.
true
Many users choose a password that is too short or too easy to guess.
true
User authentication is the basis for most types of access control and for user accountability.
true
User authentication is the fundamental building block and the primary line of defense.
true
The __________ strategy is when users are told the importance of using hard to guess passwords and provided with guidelines for selecting strong passwords.
user education
The __________ step is presenting or generating authentication information that corroborates the binding between the entity and the identifier.
verification
The technique for developing an effective and efficient proactive password checker based on rejecting words on a list is based on the use of a __________ filter.
Bloom
__________ allows an issuer to access regional and national networks that connect point of sale devices and bank teller machines worldwide.
EFT
__________, in the context of passwords, refers to an adversary's attempt to learn the password by observing the user, finding a written copy of the password, or some similar attack that involves the physical proximity of user and adversary.
Eavesdropping
A host generated random number is often called a __________.
nonce
A __________ strategy is one in which the system periodically runs its own password cracker to find guessable passwords.
reactive password checking
A __________ attack involves an adversary repeating a previously captured user response.
replay
The __________ is the pattern formed by veins beneath the retinal surface.
retinal pattern
A __________ is a separate file from the user IDs where hashed passwords are kept.
shadow password file
3. Recognition by fingerprint, retina, and face are examples of __________.
static biometrics
A __________ is directed at the user file at the host where passwords, token passcodes, or biometric templates are stored.
host attack
An authentication process consists of the _________ step and the verification step.
identification
A __________ is a password guessing program.
Password Cracker
1. __________ defines user authentication as "the process of verifying an identity claimed by or for a system entity".
RFC 4949
In a __________ attack, an application or physical device masquerades as an authentic application or device for the purpose of capturing a user password, passcode, or biometric.
Trojan horse
2. Presenting or generating authentication information that corroborates the binding between the entity and the identifier is the ___________.
Verification Step
A __________ authentication system attempts to authenticate an individual based on his or her unique physical characteristics.
biometric
A __________ is an individual to whom a debit card is issued.
cardholder
Authentication protocols used with smart tokens can be classified into three categories: static, dynamic password generator, and ___________.
challenge-response
To counter threats to remote user authentication, systems generally rely on some form of ___________ protocol.
challenge-response
A __________ is when an adversary attempts to achieve user authentication without access to the remote host or to the intervening communications path.
client attack
With the __________ policy a user is allowed to select their own password, but the system checks to see if the password is allowable.
complex password
A __________ attack attempts to disable a user authentication service by flooding the service with numerous authentication attempts.
denial-of-service
Voice pattern, handwriting characteristics, and typing rhythm are examples of __________ biometrics.
dynamic
Each individual who is to be included in the database of authorized users must first be __________ in the system.
enrolled
The most common means of human-to-human identification are __________.
facial characteristics
An individual's signature is not unique enough to use in biometric applications.
false
Depending on the details of the overall authentication system, the registration authority issues some sort of electronic credential to the subscriber.
false
Keylogging is a form of host attack.
false
Memory cards store and process data.
false
User authentication is a procedure that allows communicating parties to verify that the contents of a received message have not been altered and that the source is authentic.
false
