FIT2093 Study Guide - Final Guide: Reverse Dictionary, Dictionary Attack, Argon2

Interception: intercepting the network and stealing data (attack on confidentiality) Modification: modifying the message in the transfer network (attack on integrity) Fabrication: sending a message without the receiver knowing that the sender is not the original sender (attack on authenticity) Passive attack: eavesdropping networks and monitoring information being transmitted. False negative: when an enrolled user is not verified into the system; false rejection. False positive: when an unenrolled user is verified into the system; false acceptance. Simple password authentication attacks: (cid:862)o(cid:374)li(cid:374)e(cid:863) pass(cid:449)o(cid:396)d guessi(cid:374)g: specific account guessing attack, popular password guessing attack, countermeasures: can be stopped by account locking mechanisms. Workstation hijacking: using a logged in workstation: countermeasures: can be stopped by automatic workstation logout. Ele(cid:272)t(cid:396)o(cid:374)i(cid:272) (cid:373)o(cid:374)ito(cid:396)i(cid:374)g: mo(cid:374)ito(cid:396)i(cid:374)g use(cid:396)"s pass(cid:449)o(cid:396)d e(cid:374)te(cid:396)i(cid:374)g th(cid:396)ough ele(cid:272)t(cid:396)o(cid:374)i(cid:272) de(cid:448)i(cid:272)es: countermeasures: can be stopped by encrypted network links. One-way hash functions easily transform a password to hashed password f(p) but derivatizing p from f(p) is computationally infeasible.