Untitled

Questions and Answers

In a generic biometric system, what is the primary function of the feature extractor?

• To convert the raw biometric data into a usable template. (correct)
• To compare the extracted features against stored biometric templates.
• To capture the initial biometric data directly from the user.
• To manage the user interface for enrollment and authentication.

Which component is exclusively responsible for creating the initial association between a user and their biometric characteristics?

• The user interface.
• The biometric database.
• The enrollment process. (correct)
• The feature matcher.

What is the key difference between verification and identification in a biometric system?

• Verification confirms a claimed identity, while identification determines an unknown user's identity. (correct)
• Verification uses N templates, while identification uses only one.
• Verification requires a PIN, while identification does not.
• Verification identifies an unknown user, while identification confirms a claimed identity.

Consider a scenario where a user attempts to access a secure facility. The biometric system checks their fingerprint against a stored template associated with their claimed identity. Which process is the system performing?

Verification. (A)

In a biometric system designed for identifying individuals in a large database without any prior claim of identity, which of the following factors would MOST critically impact the system's performance and accuracy?

The size and diversity of the biometric database, along with the sophistication of the feature matching algorithm. (D)

In the context of eID user authentication, what is the primary role of the 'PIN' entry?

To authenticate the user and grant access to the requested service. (D)

According to the content, what is the purpose of Password Authenticated Connection Establishment (PACE)?

To ensure the contactless RF chip in the eID card cannot be read without explicit access control. (B)

Which of the following is NOT mentioned as a physical characteristic used in biometric authentication?

DNA sequence (A)

What is a key disadvantage of biometric authentication compared to passwords and tokens?

Biometric authentication is technically complex and expensive. (D)

According to the figure depicting cost versus accuracy, which biometric characteristic generally offers a balance between cost-effectiveness and accuracy?

Hand geometry (C)

For online applications, how is access established using Password Authenticated Connection Establishment (PACE)?

By entering the 6-digit PIN. (B)

In the context of eID, what is the immediate next step after the 'Service request' by the user, as illustrated?

Service request redirection. (C)

What is the Card Access Number (CAN) used for in offline applications, according to the content?

To establish access to the card instead of the MRZ. (B)

Imagine a scenario where an eID card's RF chip is successfully read without explicit access control. Which security principle has been MOST directly violated?

Confidentiality (A)

Suppose a new biometric authentication method boasts both extremely low cost and exceptionally high accuracy. What inherent technological challenge would MOST critically need to be addressed to ensure its viability?

Preventing circumvention through sophisticated spoofing techniques. (A)

According to RFC 4949, what is the primary function of user authentication?

To verify an identity claimed by or for a system entity. (D)

Which of the following is NOT a fundamental means of authenticating user identity?

Somewhere you are (B)

In the context of risk assessment for user authentication, what does the 'Assurance Level' primarily describe?

The degree of confidence in the vetting process used to establish user identity and in the user's credential. (C)

According to FIPS 199, what impact level would a security breach that causes 'a serious adverse effect' on organizational operations be classified as?

Moderate (A)

Which of the following is a primary vulnerability associated with password authentication?

Offline dictionary attacks (C)

In the UNIX password scheme, what is the purpose of the 'salt'?

To modify the encryption of the password, making dictionary attacks more difficult. (B)

Why is the original UNIX password scheme now considered inadequate?

It only supports passwords up to eight characters in length and uses a weak hashing method. (B)

Which of the following is a countermeasure against rainbow table attacks?

Using a sufficiently large salt value and a sufficiently large hash length. (D)

What is the primary goal of reactive password checking?

To proactively identify and reject guessable passwords already in use. (D)

What is a Bloom filter used for in the context of password management?

To build a table of passwords not to use, based on a dictionary of weak passwords. (A)

Which type of card used as a token includes an embedded microprocessor?

Smart card (C)

What distinguishes a memory card from a smart card?

Smart cards include an embedded microprocessor for processing data, while memory cards only store data. (B)

What are the three types of memory typically included in smart tokens?

ROM, EEPROM, RAM (C)

In the context of smart card communication, what does APDU stand for?

Application Protocol Data Unit (D)

Which of the following is a characteristic of electronic identity cards (eID)?

They function as a smart card verified by a national government and can be used for both government and commercial services. (B)

In biometric authentication, what does the decision threshold (t) primarily determine?

The point at which a presented feature is declared a match. (A)

What does a 'false nonmatch' represent in the context of biometric authentication?

A genuine user being incorrectly rejected by the system. (A)

On a biometric measurement operating characteristic curve, what is typically plotted on the x-axis?

False match rate (D)

What generally happens to the false nonmatch rate as the decision threshold (t) is increased?

It increases. (D)

Which biometric method shown tends to have a lower false match rate at higher security levels?

Fingerprint (B)

What is the primary reason for using a logarithmic scale on the axes of biometric operating characteristic curves?

To compress the range of data and show detail at both low and high error rates. (D)

In a biometric system, what is the implication of setting an extremely low decision threshold?

Increased convenience for users but a higher false match rate. (B)

An increase in security often leads to what trade-off in biometric systems?

A decrease in false match rate but an increase in false nonmatch rate. (C)

Which biometric characteristic appears to offer the best balance between false match rate and false nonmatch rate?

Iris (C)

How is the performance of a biometric system typically evaluated?

By analyzing the trade-off between false match rate and false nonmatch rate. (A)

What underlying assumption is made when comparing the 'profiles of a biometric characteristic of an imposter and an authorized user'?

The comparison between presented and reference features can be reduced to a single numeric value. (D)

If a biometric system's operating point is shifted to drastically reduce the false match rate, what is the most likely consequence for legitimate users?

Legitimate users will more frequently be falsely rejected. (C)

Consider two biometric systems: System A has a high false match rate but a low false nonmatch rate, while System B has a low false match rate but a high false nonmatch rate. In what scenario would System A be preferred over System B?

When user convenience is crucial and frequent rejections are unacceptable. (A)

A biometric system designer is tasked with developing an authentication system for a highly secure facility with limited user enrollment. Given this constraint, which adjustment strategy would minimize the risk of unauthorized access without unduly hindering legitimate users?

Implement a multi-factor authentication scheme incorporating the biometric system. (C)

An extremely advanced biometric system boasts near-zero false match and false nonmatch rates under controlled laboratory conditions. However, when deployed in a real-world, unconstrained environment, its performance degrades significantly. What is the most probable cause for this discrepancy?

The effects of environmental noise, user behavior variability, and sensor limitations were not adequately accounted for during development. (A)

Which of the following is NOT a typical defense against host attacks aimed at user authentication services?

Physically isolating user workstations. (B)

In remote user authentication, what is the primary purpose of using a challenge-response protocol?

To verify the user's identity without transmitting the actual password. (D)

What is the main vulnerability associated with password-based authentication?

The susceptibility to eavesdropping and password capture. (C)

In the context of remote user authentication, what does a 'replay attack' involve?

An attacker replaying a previously captured authentication sequence. (B)

Which protocol relies on a user providing something they have to verify their identity?

Token protocol. (B)

What is the function of the hashing function, h(), in the password authentication protocol described?

To transform the password into a non-readable format. (D)

In a dynamic biometric protocol, what additional element is incorporated to enhance security compared to a static biometric protocol?

A random sequence challenge. (B)

What is the purpose of 'password file access control'?

To limit access to the file storing password hashes. (C)

Which of the following is a primary concern regarding the 'Electronic identity cards' within token-based authentication systems?

The potential for the card to be lost or stolen. (B)

How do 'hashing' and 'salting' enhance password security?

By preventing rainbow table attacks and making pre-computed hash values useless. (A)

Which of the following attack types specifically targets the user file stored on a host?

Host Attacks. (D)

Given $f(r, h(P(U)))$ represents the expected response in a challenge-response password protocol, altering $f$ to $f(r + k, h(P(U)))$, where $k$ is a session-specific key, primarily defends against what?

Replay attacks. (B)

In the context of biometric authentication, what is a key difference between 'static' and 'dynamic' biometric characteristics?

Static characteristics are physical, while dynamic characteristics involve a time-varying element. (D)

An attacker intercepts a challenge-response sequence $(r, E())$, where $r$ is a random number, and attempts to impersonate the client. However, the attacker only has access to the public key but not the private key needed to decrypt $E()$. What kind of additional security is needed to fully prevent the attacker from successfully authenticating?

Implementing mutual authentication where the client also validates the server's identity. (A)

Consider a scenario where an iris scanner in the UAE system suffers a network disconnection from the central iris database. What is the MOST critical immediate security implication?

The system continues operating using cached biometric data, potentially allowing unauthorized access if the data is outdated. (C)

Flashcards

User Authentication

Verifying an identity claimed by or for a system entity.

Identification Step

Presenting an identifier to the security system.

Verification Step

Presenting authentication information that corroborates the binding between the entity and the identifier.

Assurance Level

The degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued

Low Potential Impact

An authentication error could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.

Moderate Potential Impact

An authentication error could be expected to have a serious adverse effect.

High Potential Impact

An authentication error could be expected to have a severe or catastrophic adverse effect.

Password Authentication

Widely used defense where user provides login and password, system matches to stored password.

Password Vulnerabilities

Exploiting easily guessable passwords or user mistakes.

Salt

Random data added to each password before hashing.

Rainbow Table Attacks

Comparing password to a pre-computed table of hash values

Dictionary attacks

Attempting to guess passwords by trying common words.

John the Ripper

Open-source password cracker using brute-force and dictionary techniques.

Password File Access Control

Denying access to encrypted passwords, blocking offline guessing attacks.

Proactive Password Checking

Checks password against a table constructed using hashes to check if it is allowable using a bloom filter.

Enrollment (Biometrics)

The process of associating a user with their biometric characteristics in a biometric system.

Biometric Sensor

A biometric system component that captures biometric data from a user.

Feature Extractor

A biometric system component that processes the biometric data to extract relevant features.

Feature Matcher

A biometric system component that compares extracted features against stored templates.

Verification (Biometrics)

Verifying a claimed identity by comparing the submitted biometric data against the template associated with that claim.

PACE

A protocol used to establish a secure connection by authenticating with a PIN.

Card Access Number (CAN)

A six-digit number printed on the front of an eID card used for authentication.

Biometric Authentication

Authentication that uses unique physical traits for identification.

Retinal/Iris Scan

Analyzing unique patterns of the eye to verify identity.

Hand Geometry

Analyzing the geometry of a person's hand for authentication.

Voice Recognition

Analyzing unique vocal characteristics to verify identity.

Facial Characteristics

Analyzing unique facial features to verify identity.

Signature Analysis

Authentication based on the way a person writes their name.

Machine Readable Zone (MRZ)

Refers to the MRZ printed on the back of a card, that can be used for offline applications requiring authentication.

Remote User Authentication

Authentication over a network with added risks: eavesdropping, replay attacks.

Eavesdropping

A security threat where an attacker intercepts private communication.

Replay Attack

Intercepting and re-submitting authentication data.

Challenge-Response Protocol

Protocols using challenges & responses to defend against security threats.

Denial-of-Service (DoS)

An attempt to make a service unavailable to legitimate users.

Trojan Horse

A deceptive program disguised as legitimate software.

Static Biometrics

Static biometric data remains constant.

Iris Scan

iris recognition.

Eavesdropping (Physical)

Attacker physically close to user to steal password.

Host Attacks

Attacks targeted at user password files on the host system.

Client Attacks

Attacker trying to authenticate without normal access.

Type I error (FRR)

The probability of incorrectly rejecting an authorized user.

Type II error (FAR)

Incorrectly accepting an unauthorized user.

Biometric Characteristics

Characteristics used for biometric identification.

ROC Curve (Biometrics)

A curve plotting False Match Rate (FMR) vs. False Non-Match Rate (FNMR) at various threshold settings.

False Match Rate (FMR)

The rate at which a biometric system incorrectly accepts an imposter.

False Non-Match Rate (FNMR)

The rate at which a biometric system incorrectly rejects a genuine user.

Decision Threshold (Biometrics)

A pre-defined value used to decide whether to accept or reject a biometric sample.

Biometric Profile

A representation of the characteristics of either genuine users or imposters, often displayed as a probability density function.

Matching Score

Input value from comparing reference and presented features produces a numeric result

Declared Match

When the matching score (s) exceeds a preassigned threshold (t) resulting in a declaration of a match.

False Nonmatch Rate Increase

Curve on a graph representing false nonmatch rate when an increase in security happens

False match rate decrease

Curve on a graph representing false match rate when a decrease in security happens

Security Increase

Curve on a graph representing security

Convenience increase

Curve on a graph representing convenience

Enlinment equality

Curve on a graph representing an enlinment equality

Single Numeric Value

Profiles are reduced to a single numeric value in this depiction.

Probability Density Function

Probability distributions representing the likelihood of different matching scores for genuine users versus impostors.

Study Notes

• Chapter 3 discusses User Authentication for computer security, lecture 2, course 23164404-3, at Umm Al-Qura University.
• RFC 4949 defines user authentication as verifying an identity claimed by or for a system entity.

Authentication Process

• Authentication is a fundamental building block and primary line of defense in computer security.
• Authentication forms the basis for access control and user accountability.
• The identification step involves presenting an identifier to the security system.
• The verification step involves presenting or generating authentication information to corroborate the binding between the entity and the identifier.
• E-Authentication uses a token and credential for authentication architecture.

Authentication Methods

• Authenticating the identity of a user can be based on three means:
• Something the user knows, like a password, personal identification number, or answers to prearranged questions.
• Something the user has, like tokens, smartcards, electronic keycards, or physical keys.
• Something the user is, defined as static biometrics, such as a fingerprint, retina, or face.
• Dynamic biometrics, which could be classified as something a user does, such as voice pattern, handwriting, or typing rhythm.

Risk Assessment

• Risk Assessment for User Authentication uses a risk assessment that has three separate concepts:
• Assurance Level.
• Potential Impact.
• Areas of Risk.

Assurance Level

• Assurance levels describe an organization's degree of certainty that a user has presented credentials that refer to their identity.
• It's defined specifically by:
• The degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued.
• The degree of confidence that the individual using the credential is the individual to whom the credential was issued.
• The Four Levels of Assurance:
• Level 1 has little or no confidence in the asserted identity's validity.
• Level 2 has some confidence in the asserted identity's validity.
• Level 3 has high confidence in the asserted identity's validity.
• Level 4 has a very high confidence in the asserted identity's validity.

Potential Impact

• FIPS 199 defines three levels of potential impact on organizations or individuals in case of a security breach:
• Low where authentication error could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals
• Moderate where authentication error could be expected to have a serious adverse effect
• High where authentication error could be expected to have a severe or catastrophic adverse effect

Potential Impact Categories

• Potential impact categories for authentication errors, and their assurance level impact profiles:
• Inconvenience, distress, or damage to standing/reputation: Low to High
• Financial loss or organization liability: None to High
• Harm to organization programs or interests: None to High
• Unauthorized release of sensitive information: None to High
• Civil or criminal violations: None to High

Password Authentication

• Password authentication is a widely used line of defense against intruders.
• Users must provide their name/login and password.
• The system compares the password with the one stored for that specified login.
• The user ID:
• Determines that the user is authorized to access the system
• Determines the user's privileges
• Is used in discretionary access control

Password Vulnerabilities

• Common password vulnerabilities include:
• Offline dictionary attack.
• Password guessing against a single user.
• Workstation hijacking.
• Electronic monitoring.
• Specific account attack.
• Popular Password attack.
• Exploiting user mistakes.
• Exploiting multiple password use.

Original UNIX Scheme

• The UNIX implementation originally involved:
• Up to eight printable characters in length.
• 12-bit salt used to modify DES encryption into a one-way hash function.
• Zero value repeatedly encrypted 25 times.
• Output translated to an 11-character sequence.
• The scheme is now regarded as inadequate.
• The scheme is still often required for compatibility with existing account management software or multi-vendor environments.

Improved Implementations

• OpenBSD uses a Blowfish block cipher-based hash algorithm called bcrypt.
• It is the most secure version of the Unix hash/salt scheme
• Uses 128-bit salt to create a 192- bit hash value
• A recommended hash function is based on MD5.
• Has a salt of up to 48-bits.
• Password length is unlimited.
• Produces 128-bit hash.
• Uses an inner loop with 1000 iterations to achieve slowdown.

Password Cracking

• Dictionary attacks involve developing a large dictionary of possible passwords and trying each against the password file.
• Each password must be hashed using each salt value and then compared to stored hash values
• Rainbow table attacks pre-compute tables of hash values for all salts.
• The attack is performed with a mammoth table of hash values.
• Can be countered by using a sufficiently large salt value and a sufficiently large hash length.
• Password crackers exploit the fact that people choose easily guessable passwords, and shorter password lengths are also easier to crack.
• John the Ripper is an open-source password cracker first developed in 1996
• Uses a combination of brute-force and dictionary techniques.

Modern Approaches

• Modern password approaches include enforcing a complex password policy.
• This forces users to pick stronger passwords.
• Password-cracking techniques have also improved.
• This is due to the processing capacity for password cracking increasing dramatically.
• Sophisticated algorithms are now being used to generate potential passwords.
• Studying examples and structures of actual passwords in use is common.

Password File Access Control

• Password File Access Control can be used to block offline guessing attacks by denying access to encrypted passwords.
• Weaknesses can include the Shadow password file, weaknesses in operating systems, accidental permissions making the file readable, users with the same password on other systems, access from backup media, and sniffing passwords in network traffic.

Password Selection Strategies

• Strategies for achieving better password selection include:
• User education, so users understand the importance of using hard-to-guess passwords.
• Computer generated passwords if users have trouble remembering them.
• Reactive password checking where the system periodically runs its own password cracker to find guessable passwords.
• Complex password policy, where users are allowed to select their own password, however the system checks to see if the password is allowable, and if not, rejects it.
• The goal is to eliminate guessable passwords while allowing the user to select a password that is memorable.

Proactive Password Checking

• Proactive Password Checking involves using:
• Password cracker.
• Rule enforcement.
• Bloom Filter.

Tokens

• Tokens come in the form of:
• Memory cards
• Smart cards
• Electronic Identity cards

Memory Cards

• Memory cards can store but not process data.
• The most common memory card is the magnetic stripe card.
• Memory cards can include an internal electronic memory.
• Memory cards rely solely on physical access.
• For example, Hotel room keycards.
• For example, ATM Debit cards.
• A special reader is required.
• Memory cards provide significantly greater security when combined with a password or PIN.
• Drawbacks of memory cards include:
• Requiring a special reader limits usefulness.
• The loss of a token compromises physical access.
• User dissatisfaction is seen because of extra authentication steps/devices.

Smart Tokens

• Physical characteristics include:
  • Embedded microprocessor.
  • A smart token that looks like a bank card.
  • The functionality is installed into calculators, keys, and small portable objects.
• Authentication protocol includes:
• Classified into three categories:
• Static.
• Dynamic password generator.
• Challenge-response.
• Smart tokens typically include three types of memory:
• Read-only memory (ROM) that stores data that doesn't change during the card's life.
• Electrically erasable programmable ROM (EEPROM) that holds application data and programs.
• Random access memory (RAM) that holds temporary data generated when applications are executed.

Electric Identity Cards

• The most advanced deployment for electronic identity cards is the German card "neuer Personalausweis"
• Use of a smart card as a national identity card for citizens:
• Such cards can provide stronger proof of identity and can be used in a wider variety of applications.
• Electronic functions and data for eID cards:
• ePass with Face image; two fingerprint images (optional), MRZ data for biometric identity verification
• Online applications read family and given names; artist name and doctrinal degree: date and place of birth; address and community, ID; for age verification
• Password Authenticated Connection Establishment (PACE) can be used.
• It ensures that the contactless RF chip in the eID card cannot be read without explicit access control
• For online applications, access is established by the user entering the 6-digit PIN (which should only be known to the holder of the card)
• For offline applications, either the MRZ printed on the back of the card or the six-digit card access number (CAN) printed on the front is used.

Biometric Authentication

• Biometric Authentication attempts to authenticate an individual based on unique physical characteristics; it is based on pattern recognition.
• Authentication is technically complex and expensive when compared to passwords and tokens.
• Physical characteristics used include:
• Facial characteristics
• Fingerprints
• Hand geometry
• Retinal pattern
• Iris
• Signature
• Voice.

Remote User Authentication

• Authentication over a network, the Internet, or a communications link is complex.
• Remote user Authentication has additional security threats such as:
• Eavesdropping, capturing a password, replaying an authentication sequence that has been observed
• Remote User Authentication relies generally on a challenge-response protocol to counter threats.

Attacks

• Common attacks include:
• Client Attack
• Host Attack.
• Eavesdropping.
• Replay.