DIFFERENTIATE BETWEEN AND EXPLAIN

AUTHENTICATION, AUTHORISATION,
ACCOUNTING AND IDENTIFICATION
When user gives username: claiming identity (identification)

User then provides authentication (such as with passwords) to prove

their identity

Authorization to resources is granted based on user’s proven

identity

EXPLAIN INDIVIDUAL ELEMENTS REQUIRED FOR

AUTHENTICATION
DIFFERENTIATE BETWEEN ONE-SIDED AND
MUTUAL AUTHENTICATION
mutual is when both sides authenticate each other (ex. both client
and server authenticate)

one sided is when one entity presents its credentials and the other
one verifies them to see if its accurate (eg. server sends
authentication credentials and client sees if it can trust it)

EXPLAIN THREE TYPES OF FACTORS OF

AUTHENTICATION AND EXAMPLES FOR EACH
Authentication divides into 3 sections:
Something you know:
-Username
-password
-Strong password:
- 8 to 10 characters and 64
- special characters
- no dictionary words
- repeated passwords big no
Something you have:
-keys (ex. YubiKey)
-tokens
-smart cards (ex. Nol cards, credit cards, SIM card) =
-Embedded certificate allows use of complex encryption key and provides
much more secure authentication than is possible through use of simple
password
-Key set is usually loaded (DES) or generated (RSA) on card at
personalization stage • With RSA we need PKI

-google/Microsoft authenticator
Something you are:
-face recognition
-fingerprint
-Voice
-Iris
-Gait detection
-signature geometry
retinal scan
 DISCUSS STRENGTHS AND LIMITATIONS OF
EACH FACTOR OF AUTHENTICATION
Something you know:
Hard to remember complex passwords
-Password-management software has three main functions
Prevents easy passwords Organizes and secures passwords Automates your
logins
Lockout Policy
Threshold • Max failed attempts
Duration • Time until unlock
Security questions: disable them
Something you have:
Tokens or Key Fobs : If attackers intercept number, it is not useful for
long
Smart cards =
Differential power analysis involves measuring precise time and
electrical current required for certain encryption or decryption
operations
This can be used to deduce on-chip private key used by public-key
algorithms, such as RSA
Some implementations of symmetric ciphers can be vulnerable to timing or
power attacks as well
Smart cards can be physically disassembled by using acid, abrasives,
solvents, or other technique to obtain unrestricted access to
microprocessor

DESCRIBE CONCEPT OF SINGLE SIGN ON IN

RELATION TO AUTHENTICATION
Ability of user to log on or access multiple systems by providing
credentials only once

Increases security, since user only needs to remember one set of

credentials and is less likely to write them down

more convenient for users

 EXPLAIN ROLE OF CRYPTO HASH FUNCTIONS IN
AUTHENTICATION AND PASSWORD STORAGE
Hash functions are used in cryptography to transform variable length
message into fixed-size hash value

Great for protecting passwords, because we want to store passwords

in form that protects them even if password file itself is
compromised, but we also need to be able to verify that user's
password is correct

Cryptographic hash functions are collision-resistant, i.e. it is

computationally infeasible to find two inputs that result in same
hash

User creates an account -> Password is hashed and stored in database

->When user attempts to login, hash of password they entered is
checked against stored hash -> If both hashes match, user is granted
access

DEFINE CAPABILITY IN RELATION TO

AUTHENTICATION
CALCULATE AND COMPARE PASSWORD KEY
SPACES
Combination of different characters in password
makes up key space, and you can calculate the
key space with the following formula:
C^N

Where C is number of possible characters, and N

is length of password (in characters)

But this is only true if truly random passwords are chosen •

Choosing words from dictionary means actual key space is much
smaller
EXPLAIN AND DIFFERENTIATE BETWEEN
DICTIONARY AND BRUTE FORCE PASSWORD
ATTACKS
Dictionary:

Guessing passwords by using list of common words (dictionary) •

Dictionary words are hashed and compared against hashed
passwords obtained

Usually does not work against complex passwords • Defense: limit

number of guesses allowed before user is locked out, i.e. for
logins • But no limit if cracker has file that contains the
passwords of target

Bruteforce:

Try all possible combination of letters, numbers, special

characters to determine target’s password • Very time consuming
and slow compared to dictionary attacks

Most effective with encrypted document or password hash file

EXPLAIN RAINBOW TABLES AND THEIR ROLE IN

ATTACKS AGAINST PASSWORDS
Lookup tables = General idea is to pre-compute hashes of passwords
in password dictionary and store them, and their corresponding
passwords, in lookup table data structure
 Rainbow tables = A space-efficient table that precomputes hash-to-
plaintext mappings, but it doesn’t store all pairs directly.
Instead, it uses reduction chains to compress data.

reverse lookup tables

Allows attacker to apply dictionary or brute-force attack to

many hashes, without having to precompute lookup table •
Attacker creates table that maps each password hash from
compromised user account database to list of users with that
hash • Attacker hashes each password guess and uses table to get
list of users whose password equals guess • Effective because
common that many users have same password

EXPLAIN MEASURES TO MAKE PASSWORD

ATTACKS HARDER, SUCH AS PASSWORD
SALTING, SLOW HASHES, LOGOUT POLICY AND
FOR EACH IDENTIFY TYPE OF ATTACK
TECHNIQUE MITIGATES
pass salting

We can randomize hashes by appending or prepending random

string, called salt, to password before hashing

To check if password is correct, we need salt, so it is usually

stored in user account database along with hash or as part of
hash string itself

The salt does not need to be secret

Attacker won't know in advance what salt will be, so they can't
pre-compute lookup table or rainbow table

If each user's password is hashed with different salt, reverse

lookup tables won’t work either

Slow hash functions

Make hash function slow enough to impede cracking, but fast

enough to avoid noticeable delay for user during authentication
 PBKDF2 takes iteration count as argument that determines how
slow it is

EXPLAIN PASS THE HASH PASSWORD ATTACKS

technique used by attackers to gain unauthorized access to systems
without needing to know the actual plaintext password. Instead, the
attacker steals and reuses the hash of a user’s password to authenticate
themselves.

What Attackers Do:

Instead of trying to crack the hash to obtain the plaintext

password, the attacker steals the hash directly.

They then use the stolen hash to impersonate the user and access
systems/services.

Exploitation:

PtH attacks commonly exploit Single Sign-On (SSO) mechanisms or

NTLM authentication in Windows environments, where the hash is
treated as a credential.

AUTHENTICATION SERVICES
Authentication Services: Kerberos
network authentication mechanism used within Windows Active Directory
domains and some UNIX environments known as realms
provides mutual authentication that can help prevent man-in-the-middle
attacks and uses tickets (capabilities)
- Key Distribution Center (KDC) issues ticket-granting ticket (TGT) in
which user can request service if user is authorized and can access
objects from service server
- Kerberos version 5 requires all systems to be synchronized and within
five minutes of each other, which supports timestamped tickets and
prevents replay attacks
Lightweight Directory Access Protocol (LDAP) specifies formats and
methods to query directories (object database)
IEEE 802.1X protocol is port-based authentication protocol
Provides authentication when user connects to specific access point or
in this context, logical port (wireless)
You can use 802.1X with wireless standards, such as Wi-Fi Protected
Access (WPA) and Wi-Fi Protected Access v2 (WPA2)
Extensible Authentication Protocol (EAP)
Extensible Authentication Protocol (EAP) is frequently used in wireless
networks and pointto-point connections
Framework for providing transport and usage of keying material and
parameters generated by EAP methods
EAP is not wire protocol, it only defines message formats
PAP/CHAP Authentication Protocols
PAP (Password Authentication Protocol) Passwords are sent in clear text
so PAP is rarely used today
CHAP (Challenge Handshake Authentication Protocol) CHAP uses handshake
process where server challenges client and client then responds with
appropriate authentication information

TRANSITIVE TRUST
Transitive trust is foundation for network security in Windows
client/server architecture Trust relationship flows throughout set of
domains, such as domain tree, and forms relationship between domain and
all other domains that trust that domain For example, if domain A trusts
domain B, and if domain B trusts domain C, then domain A trusts domain C
(transitive trust)

WINDOWS AUTHENTICATION
Security Account Manager (SAM) is database file in Windows XP, Windows
7, Windows 10 etc. that stores users' passwords and is used to
authenticate local and remote users
User passwords are stored in hashed format in registry hive either as LM
hash or as NTLM hash
File can be found in %SystemRoot%/system32/config/SAM and is mounted on
HKLM/SAM (registry)

UNIX AUTHENTICATION
Two files • Main password file (/etc/passwd) • Shadow password file
(/etc/shadow) • Both files contain user names, user IDs, home
directories etc., but only shadow password file contains hashed
passwords • Password file readable by all, shadow file readable only by
admin (root)
Pluggable Authentication Modules (PAM) handle authentication on Unix
Can authenticate using variety of services • Password file • LDAP •
Kerberos