Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

question-3 3. In multi-factor authentication, a system may require that a user a

ID: 666822 • Letter: Q

Question

question-3 3. In multi-factor authentication, a system may require that a user authenticate using more than one method. For example, it can require both a password and a Fingerprint scan. Let us assume a two-factor authentication system that uses methods A and B in such a way that the evidence associated with both A and B must be presented to the system at the same time for it to decide if login will be allowed. Furthermore, we define the two methods to be independent if compromise of method A provides no advantage to an adversary for compromising method B. Answer the following questions with this definition of independent authentication factors. Assume that the entropy for method A is el and it is e2 for method B. (25 pts., 5 pts. for each part) a. If authentication is successful only when correct information must be simultaneously provided for both A and B, what is the entropy of the two- factor authentication method that uses both A and B. b. To enhance usability, someone suggested that the system should allow a user to login when she is able to provide correct evidence for either A or B. What will be the entropy n this case? c. In the password hardening scheme studied in class, password and keystroke dynamics can be viewed as two different factors (what you know and what you are). Do you think these are independent as defined in this question? d. In class, it was pointed out that the length of the feature vector allows an adversary to know the length of a password. This is not desirable. Is there a way to address this problem? Explain your answer. e. For all users of a certain system, every feature is distinguishing when the password hardening scheme is implemented by the system. What are the maximum and minimum possible entropy values due to hardening in this system? Explain your answer.

Explanation / Answer

a) We measure the entropy of the authentication system in bits. If the entropy of a system S is s bits, this means that after exploring 2^s possibilities the system is certainly broken. It depends. If you guess A correctly but get B incorrect, does the system tell you that A is correct? If yes, then it's A + B and the average number of guesses it takes is (A + B) / 2. If you don't see which one was wrong, the entropy is A * B and the average number of guesses is A*B/2.

Related Questions

question c Summer 2017 QM352 740 Homework: Ch 04 HW 1 Score: 0 of 25 pts x Probl
Question #3252670
question c and d 2. Jim Wilson is considering the possibility of opening his own
Question #2790731
question e Laboratory A. Com, bean and pea seedlings at various B U Procedures-A
Question #213049
question followed by an experiment of dropping a non-rotating rod on a circular
Question #2263792
question help on 7-10 7. For two n x r matrices A and B, we define the commutato
Question #3195453
question in Java 13.Define the data structures term garbage collection. 14. Desc
Question #3748718
question in java programming : Write a java program to store employee informatio
Question #658263
question is at the bottom o Cerebral functional areas Primary motor area (in pre
Question #210928

Navigate

Previous
question-1 Suppose you tried to slide the box down a ramp covered with sandpaper
Next
question. (20 points each) Tyche Inc. issued 4% bonds on October 1, 2018. The bo

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.