2.5　习题

1. 身份认证和身份验证之间有什么区别？

2. 在生物识别系统中，如何衡量无法验证的合法用户身份的比率？

3. 客户端向服务器进行身份验证和服务器向客户端进行身份验证的过程称为什么？

4. 密钥将被描述为哪种类型的身份验证因子？

5. 哪种生物识别因子特征描述了能够抵抗生物特征随时间变化的能力？

6. 如果你使用身份证作为身份验证方案的基础，在这个过程中你需要增加哪些步骤，才能够转变为多因子身份验证？

7. 如果你使用的是只包含8个小写字符的密码，那么将长度增加到10个字符是否意味着强度会有任何显著的提高？为什么？

8. 说出只使用身份证可能不是一种理想的身份验证方式的三个原因。

9. 当你为用户执行多因子身份验证时，用户登录安全环境的工作站，或登录多人使用的工作站，你会使用哪些因子？

10. 如果你正在为某个环境（如医院）开发多因子身份验证系统，在这个环境中你会发现残疾或受伤用户的数量高于平均水平，那么你希望使用或避免使用哪些身份验证因子？为什么？

---

[1]Cisco, Talos Intelligence Group. “Email & Spam Data.” Accessed July 2, 2019. https://www.talosintelligence.com/reputation_center/email_rep.

[2]Pascual, Al, Kyle Marchini, and Sarah Miller. “2018 Identity Fraud: Fraud Enters a New Era of Complexity.” Javelin Strategy, February 6, 2018. https://www.javelinstrategy.com/coverage-area/2018-identity-fraud-fraud-enters-new-era-complexity/.

[3]Linux Screenshots. “Google Authenticator on Android.” Flickr. July 5, 2014. https://www.flickr.com/photos/xmodulo/14390009579/.

[4]Jain, Anil, Arun Ross, and Karthik Nandakumar. “Introduction.” In Introduction to Biometrics, 1-49. New York: Springer, 2011.

[5]Wolf, Flynn, Ravi Kuber, and Adam J. Aviv. “How Do We Talk Ourselves into These Things? Challenges with Adoption of Biometric Authentication for Expert and Non-Expert Users.” Paper presented at the Association for Computing Machinery CHI Conference on Human Factors in Computing Systems, Montreal, Québec, April 21-26, 2018.

[6]Eberz, Simon, and Kasper B. Rasmussen. “Evaluating Behavioral Biometrics for Continuous Authentication: Challenges and Metrics.” In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. New York: ACM, 2017.

[7]Greenberg, Andy. “OPM Now Admits 5.6M Feds' Fingerprints Were Stolen by Hackers,” Wired, September 23, 2015. https://www.wired.com/2015/09/opm-now-admits-5-6m-feds-fingerprints-stolen-hackers/.

[8]Kharitonov. “File:EToken NG-OTP.jpg.” Wikimedia. August 11, 2009. https://commons.wikimedia.org/wiki/File:EToken_NG-OTP.jpg.