Knowledge-Based Authentication and Security Keys
40 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Knowledge-based authentication (KBA) often requires users to answer at least one ______ question.

secret

Dynamic KBA does not require the person to have provided the questions and answers ______.

beforehand

A ______ is a physical device used to add extra protection to online accounts and systems.

security key

Tokens or key fobs often display a number that changes periodically, typically every ______ seconds.

<p>60</p> Signup and view all the answers

HOTP stands for HMAC-based One-Time ______.

<p>Password</p> Signup and view all the answers

A soft token is generally an app downloaded on a computer or mobile ______.

<p>device</p> Signup and view all the answers

Common access cards (DoD) are examples of ______ used for secure identification.

<p>CACs</p> Signup and view all the answers

Soft tokens generate a one-time passcode for two-factor or multi-factor ______.

<p>authentication</p> Signup and view all the answers

Also known as False Acceptance Rate (FAR) – identifies the percentage of times the false acceptance occurred (false negative) – true ______ (good)

<p>negative</p> Signup and view all the answers

True ______ – accurately determines a positive match

<p>acceptance</p> Signup and view all the answers

True ______ – accurately determines a non-match

<p>rejection</p> Signup and view all the answers

______ analysis is the systematic study of animal locomotion

<p>Gait</p> Signup and view all the answers

Multifactor Authentication requires two (or more) types, including something you know AND something you ______

<p>HAVE</p> Signup and view all the answers

Fingerprint, Vein Matching, and Retina Imaging are examples of different types of ______

<p>biometrics</p> Signup and view all the answers

______ Dynamics refers to the study of typing patterns and their variations among users.

<p>Keyboard</p> Signup and view all the answers

In geolocation, a GPS-tracked individual allows systems to be authenticated through geographic ______

<p>location</p> Signup and view all the answers

A ______ account is any account not owned by your organization.

<p>third party</p> Signup and view all the answers

PayPal acts as a ______ in a retail transaction.

<p>third party</p> Signup and view all the answers

Shared and ______ accounts can be used by more than one person.

<p>generic</p> Signup and view all the answers

Privileged access management (PAM) helps protect organizations from ______.

<p>cyberthreats</p> Signup and view all the answers

By using two different accounts, administrators can configure strict ______ access.

<p>Conditional</p> Signup and view all the answers

Organizations often have account management policies that include disabling accounts rather than ______.

<p>deleting</p> Signup and view all the answers

Disabling is preferred over deleting ______ due to potential loss of associated security keys.

<p>user accounts</p> Signup and view all the answers

PAM is also known as privileged identity management (PIM) or privileged access ______.

<p>security</p> Signup and view all the answers

Attestation security permissions are also known as identity and access ______.

<p>attestation</p> Signup and view all the answers

Federation defines policies, protocols, and practices to manage ______ across systems and organizations.

<p>identities</p> Signup and view all the answers

A one-way trust means the child trusts the parent but the parent does not trust the ______.

<p>child</p> Signup and view all the answers

Security Assertion Markup Language (SAML) is used to enable single sign-on (SSO) through an ______ provider.

<p>identity</p> Signup and view all the answers

OAuth is an open-standard authorization protocol providing secure designated ______.

<p>access</p> Signup and view all the answers

SAML is designed for authentication and authorization while OAuth was built solely for ______.

<p>authorization</p> Signup and view all the answers

Transitive trust means that trust extends to other trusted ______.

<p>domains</p> Signup and view all the answers

Identity governance is vital to an organization's information ______.

<p>security</p> Signup and view all the answers

Discretionary Access Control relies on decisions made by the end user to set the proper ______.

<p>permissions</p> Signup and view all the answers

In Mandatory Access Control, access is based on the security ______ of the subject and classification of the object.

<p>clearance</p> Signup and view all the answers

MAC is primarily used in environments requiring higher levels of ______ and structure.

<p>security</p> Signup and view all the answers

In MAC, a subject cannot pass access ______ to another subject.

<p>permission</p> Signup and view all the answers

A key to Mandatory Access Control is that the subject’s label must ______ the object’s label to gain access.

<p>dominate</p> Signup and view all the answers

ABAC stands for Attribute-Based ______ Control.

<p>Access</p> Signup and view all the answers

All files on one system in MAC can share the same ______.

<p>label</p> Signup and view all the answers

A trusted computer system ensures that labels cannot be arbitrarily ______.

<p>changed</p> Signup and view all the answers

Study Notes

Knowledge-Based Authentication (KBA)

  • Authenticates users by asking them secret questions.
  • Often used as part of multi-factor authentication (MFA) or for password retrieval.
  • Dynamic KBA verifies identity without requiring users to pre-set questions and answers

Something You Have

  • Smart card - Requires Public Key Infrastructure (PKI) & Embedded certificate
  • Tokens or Key Fobs - Display one-time passwords (OTPs) that change periodically.
    • HOTP - Uses HMAC (Hash-based Message Authentication Code) and a counter to create an OTP that remains valid until used.
    • TOTP - Similar to HOTP but uses a timestamp instead of a counter. OTPs expire after 30 seconds.
  • CACs and PIVs - Common Access Cards (DoD) and Personal Identity Verification (Federal Agencies).

Security Keys

  • Physical devices that add an extra layer of security to online accounts.
  • Often resemble thumb drives or tags.
  • May include features like near-field communication (NFC) or fingerprint scanners.
  • Used for 2FA or MFA to protect against account takeover.

Soft Tokens

  • Digital security devices that generate OTPs for 2FA or MFA.
  • Typically apps installed on computers or mobile devices.
  • Used to protect sensitive data and network information.

Types of Biometrics

  • Fingerprint
  • Vein Matching
  • Retina Imaging
  • Iris Scan
  • Facial Recognition
  • Voice Recognition
  • Gait Analysis

Something You Do

  • Signature Dynamics - Analyzed for user recognition
  • Voice-Scan
  • Keyboard Dynamics - Tracks typing patterns for authentication.

Somewhere a User is (Geolocation)

  • Authenticates users based on their GPS location.

Multifactor Authentication (MFA)

  • Requires two or more authentication factors.
  • Common combinations:
    • Something you know (password) AND something you have (security key).
    • Something you know (password) AND something you are (biometrics).

Privileged Access Management (PAM)

  • Protects organizations by monitoring, detecting, and preventing unauthorized access to critical resources.
  • Also known as Privileged Identity Management (PIM) or Privileged Access Security (PAS)

Disabling and Deleting User Accounts

  • Organizations often have policies for managing user accounts, including disabling or deleting accounts.
  • Disabling is preferred over deleting, as deleting also removes encryption and security keys.

Attestation

  • Verifies and manages access to systems, applications, and resources.
  • Ensures only authorized individuals have access based on their roles and responsibilities.
  • A key component of identity governance, crucial for information security.

Comparing Authentication Services

  • Federation and Trusts (ADFS) - Defines policies for managing identities across systems and organizations. Allows access across domains.
    • Trust relationships can be:
      • One-way (child trusts parent)
      • Two-way (mutual trust)
      • Non-transitive (trust only between specific domains)
      • Transitive (trust extends to other trusted domains)

SAML (Security Assertion Markup Language)

  • An open standard for exchanging authentication and authorization data.
  • XML-based. Enables Single Sign-On (SSO).
  • Identity providers (IdP) authenticate users and pass tokens to service providers (SP) for authorization.

OAuth

  • An open standard authorization protocol. Allows applications secure access to resources.
  • Example: Allowing ESPN to access your Facebook profile without giving them your password.
  • Focuses on authorization, while SAML is designed for authentication and authorization.

Discretionary Access Control (DAC)

  • Access permissions are set by the data owner.
  • Subject's permissions can be inherited by programs they execute.

Mandatory Access Control (MAC)

  • Based on security clearance of the subject and classification of the object (resource).
  • Each user assigned a clearance level, and objects have classification labels.
  • Access decisions are made by the system, not the data owner.
  • Used in highly secure environments.
  • Typically used for classified data.

Attribute-Based Access Control (ABAC)

  • Assigns access and privileges based on attributes or characteristics.
  • Attributes include:
    • Object or Resource Attributes
    • Subject Attributes
    • Environment Attributes
  • Most flexible access control model.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Explore the concepts of Knowledge-Based Authentication (KBA) and security keys used in multi-factor authentication (MFA). Learn about secret questions, smart cards, tokens, and the latest technology like TOTP and HOTP. This quiz will enhance your understanding of user authentication methods.

More Like This

Knowledge-Based (Expert) Systems in AI
10 questions
Knowledge Based Systems Course Overview
15 questions
Knowledge-Based Agents Overview
45 questions
Use Quizgecko on...
Browser
Browser