STUDENT ID NO

MULTIMEDIA UNIVERSITY

MULTIMEDIA UNIVERSITY

FINAL EXAMINATION
TRIMESTER 1, 2019/2020

TPB3141 — PASSWORD AUTHENTICATION AND

BIOMETRICS
( All sections / Groups )

25 OCTOBER 2019
9.00 a.in — 11.00 a.m
( 2 Hours )

INSTRUCTIONS TO STUDENTS

1. This question paper consists of 7 pages, excluding the cover page, with 5
questions only.

2. Attempt ALL questions. All questions carry equal marks and the distribution of
the marks for each question is given.

3. Please print all your answers in the Answer Booklet provided.

TPB3 141 PASSWORD AUTHENTICATION AND BIOMETRICS 25 OCTOBER 2019

Question 1:

Please attempt ALL multiple choice questions. [12 mai-ks]

1. Which of the following should be avoided when setting a password?

a. Include numerical characters only
b. Contain at least three combinations of numerical, symbol, and special
characters
c. Can be used only a certain number of days
d. Password is not composed of character strings from the username

2. The distribution, authentication and revocation of are the primary

purposes of the public key infrastructure (PKI), the system by which public
keys are distributed and authenticated.
a. digital certificate
b. storage token
c. dynamic to1‹en
d. password synchronization

3. Which of the following is NOT a common PKI use case?

a. Creating web pages without the need of SSL certificate
b. Authenticating nodes to wireless
c. Authenticating and encrypting emails
d. Validating VPN connections

4. A biometric way consist of a score which designates the degree of

similarity between the sample and the reference template.
a. match
b. enroll
c. feature extraction
d. image

5. It is a method used by identity thieves to capture information from a

cardholder, such as take digital photos of information that can be used
fraudulently.
a. Skimming
b. Mimicking
c. Spoofing
d. Threatening
Continued .......
OS Y/CSC 1/7
TPB3141 PASSWORD AUTHENTICATION AND BIOMETRICS 25 OCTOBER 2019

6. can operate through floor sensors, assessing unique patterns

associated with an individuals' footsteps.
a. Gait biometrics
b. Thumbprint biometrics
c. Fingerprint biometrics
d. Face bioiretrics

7. Most of the -based biometrics are unique and stable, thus making
them more viable in high secui'ity application, i.e. airport.
a. Behavioral
b. Psychological
c. Psychosomatically
d. Physiological

8. is a session and user authentication service that permits an end user

to enter one set of login credentials (such as a name and password) and be able
to access multiple applications.
a. Kerberos
b. Anti-virus
c. Firewall
d. Single Sign On

9 refers to the center area of a fingerprint, whereas is a

pattern of a fingerprint that resembles the Greek letter fi.
a. Core point; ridge ending
b. Delta; bifurcation
c. Bifurcation; i idge ending
d. Core point; delta

10. Which of the following is NOT TRUE about fingerprint biometrics?

a. Easily separates one individual from another
b. Possess high degree of robustness, speed, and accuracy
c. Twins are not sharing similar fingerprint patterns
d. Cannot reslst aging

Continued .......
OSY/CSC 2/7
TPB3l41 PASSWORD AUTHENTICATION AND BIOS 25 OCTOBER 2019
ETRIC8

11. The need to maintain is applicable to collected personal

information, such as medical records, financial data, criminal records, political
records, business related information or website data.
a. personal privacy
b. digital copyright
c. telecommunication privacy
d. informational privacy

12. The allows merchants to verify their customers' card information

without actually seeing it, thus protecting the customer.
a. ISO/IEC 27001
b. ISO 17799
c. Private Communication Technology
d. Secure Electronic Transaction

Continued .......
OSY/CSC 3/7
TPB3141 PASSWORD AUTHENTICATION AND BIOMETRICS 25 OCTOBER 2019

Ouestion2:

a) Fill in the blames with the most appropriate biometric terms and concepts:
i. the process of collecting a biometric sample from an
end user, converting it into a biometric reference, and storing it in the
biometric system's database for later comparison.
ii. the process by which the biometric sample captured is
transformed into an electronic representation.
iii. consists of data that represents the biometric
measurement of an enrollee, used by a biometric system for
comparison against subsequently submitted biometrlc Samples.
iv. a physical device that carries an individual's credentials.
v. the one-to-many process of comparing a submitted biometric
sample against all biometric reference templates on fiIe.

[5 marks]

b) Differentiate the technology of radio frequency identification (RFID) and near-field

communication (NFC) and provide ONE (1] example for each of them.

[5 marks]

c) Provide TWO [2] advantages of COnventional password-based and token-based

authentication systems when compared to biometi‘ic-based authentication.

[2 marks]

Continued .......
OSY/CSC
TPB3 141 PASSWORD A UTHENTICATION AND BIOMETRICS 25 OCTOBER 2019

Question 3:

a) In order to prevent password brute force attack, you used a very lengthy and
complex password of “AfKcFz"%19bc0#^” for- your online banking account.
Do you think this is feasible? Discuss your opinion.

[4 marks]

b) Diffei'entiate the false acceptance rate (FAR) and false rejection rate (FRR) in a
biometric solution. Identify and explain each of them from the figure below,
specifically with the labels of A and B.

Dcci.sion '1 lii echo lxl

[4 marks]

c) You are developing a fingerprint authentication system for an exam unit room
of Multimedia University. Design and draw a flow diagram of your system by
indicating the respective processes.

[4 marks]

Continued .......

OSY/CSC 5/7
TPB3141 PASSWORD AUTHENTICATION AND BIOMETRICS 2f OCTOBER 2019

Ouestion 4:

a) Recently, biometric authentication and 6-Digit PIN are made available on the
HSBC Malaysia Mobile Banl‹ing App. The customers can authenticate their
identity and access their mobile banking in mere seconds — all with a simple look,
Face ID* through iOS phone. Evaluate the feasibility of this deployment by
providing FOUR [4] benefits of face biomett-ics on phones.

[4 mark•l

b) Based on the Bioprivacy Technology Risk Rating, compare the positive and
negative privacy aspects of adopting it‘is and keystrol‹e in the application of
biometric applications. Table yoitr findings.

[4 marks]

c) Given two fingei-prints below, identify the components of A, B, C and D based

on a given set of fingerprint ridge characteristics. [Choose 4 from here: della;
Cof-e; ishuid; ridge ending; crossover¡ bffui-ciifion; pore; ridge Jot; or i’iJge
enclosare].

[4 marks]

Continued .......
OSY/CXC 6/7
TPB3141 PASSWORD AUTHENTICATION AND BIOMETRIC8 25 OCTOBER 2019

Ouestion 5:

a) “Nuance Communications has unveiled a new artificial intelligence tool using

fourth generation deep neural net orks (DNNs) anal combining voice
biometrics and naturcil language understanding (NLU) for more personalizeJ and
human-like experiences across voice channels. In stibsequent interactions,
Nuance says the customer’s identity is confirmed almost instantly through
natural speech, with no passwords, knowledge-based questions, or the specific
passphi-ase which has become inJustry standard for voice biometrics.”

Based on the statement given above, do you think it is text-dependent or text-

independent voice biometrics? Justify your answer.

[3 marksj

b) In May 2019, Apple patents smart fabi ic system that can sense temperature and
odor based on changes in the user. Do you think this smart fabric system can be
used as a biometric system too? Discuss your answer.

[4 marks]

c) Secure Electronic Transaction (SET) is an open specification for handling credit

card transactions over a network, with emphasis on the Web and Internet. How
does it ensuring all transferred data are encrypted and secured from sniffing
attack? Explain your answer by drawing the SET transaction flow.

[5 marks]

End of Page

OSY/CSC 7/7
IYIULTIMEDIA UNNERGITY STUDENT ID NO

MULTIMEDIA UNIVERSITY

FINAL EXAMINATION
TRIMESTER 1, 2022/2023 (TERM ID 2210)

TPB3141 — PASSWORD AUTHENTICATION AND

BIOMETRICS
( All sections / Groups )

9 FEBRUARY 2023
2.30 p.m — 4.30 p.m
( 2 Hours )

INSTRUCTIONS TO STUDENTS

1. This question paper consists of b pages, excluding the cover page, with 5
questions only.

2. Attempt ALL questions. All questions carry equal marks and the distribution of
the marks for each question is given.

3. Please print all your answers in the Answer Booklet provided.

TPB3141 PASSWORD AUTHENTICATION AND 9 FEBRUARY 2023
BfOMETRICS

Ouestion 1:

Please attempt ALL multiple-choice questions. ONE (1) mark for each question.

[10 marks}

1. An example of identification can be a(n) ; whereas an exemple of

authentication is a(n)
a. password; username
b. ID; email address
c. username; password
d. face; login device geolocation

2. biometrics is exposing to lesser privacy concerns because they are

replaceable.
a. Biological
b. Physiological
c. Behavioral
d. Geolocation

3. can find and recognize unknown faces in a photograph based on

photographs of known people
a. Face identification
b. Face verification
c. Face recognition
d. Facial expression recognition

4. A fake fmger can be made from was or Play-Doh based on an image of a

person's fingerprint, thus will be the best option to be implemented.
a. rolled impressions
b. simultaneous plain impressions
c. live finger detection
d. inked fingerprints

5. requires the speaker saying exactly the enrolled or given password.

a. Text-filtered speaker verification
b. Text-independent speaker verification
c. Text-dependent speaker verification
d. Text-prompted speaker verification

Continued .......

OSY 1/6
TPB3141 PASSWORD AUTHENTICATION AND BIOMETRICS 9 FEBRUARY 2023

6. Facial recognition can be used in a application, such as a face image

captured by surveillance cameras.
a. overt
b. habituated
c. covert
d. non-attended

7. In , there is no guarantee that a record of the individual's biometrics

is contained in the existing set of biometric within the organization's database.
a. open-set verification
b. closed-set verification
c. closed-set identification
d. open-set identification

8. Examples of can be found in various access control methods, like two-

factor authentication, passwordless sign-on, and other access controls, but it's
not just about letting authorized users in, it's also about keeping certain files
inaccessible. One of the popular techniques used is
a. confidentiality; hashing
b. integrity; biometrics
c. non-repudiation; electronic signature
d. confidentiality; encryption

9. An consists of policies, procedures and other controls involving

people, processes, and technology related to information security management.
a. HIPAA compliance
b. Sarbanes—Oxley Act of 2002
c. Digital Millennium Copyright Act
d. ISO/IEC 27001

10. is nickname of the Defense Department's Trusted Computer System

Evaluation Criteria, a book published in 1985.
a. Transport Layer Security (TLS)
b. Secure Sockets Layer (SSL)
c. Secure Electronic Transaction (SET)
d. The Orange Book

Continued .......

OSY 2/6
TPB5141 PASSWORD AUTHENTICATION AND BIOMETRIC8 9 FEB RUARY
2023

Question 2:

a) Fill in the blanks with the most appropriate basic criteria for biometric security
system:
twins will have two different sets of fingerprints.
: retina remains unchanged throughout the life.
face images can be easily collected with any types of cameras.
iv. : users usually feel more comfortable to provide their
signatures instead of DNA.
V. : * 96% of human populations will have valid fingerprints.

b) “Effective 1 July 2017, all Credit and Charge card payments at point-of-sale
terminals and cash advance withdrawal facility in Malaysia must be authorized
with a 6-digit Personal Identification Number (PIN) as signature will no longer
be accepted.”

In your opinion, why PIN is used to replace a biometric (signature) in this new
implementation?

3 marks]

c) Do you think the MMU CAMSYS System is an example of Single Sign-On

(SSO)? Defend your answer.

[2 marksj

Continued .......

OSY 3/6
TPB 3141 PAS8WORD AUTHENTICATION AND BIOMETRICS 9 FEBRUARY 2023

Question 3:

a) How identification, authentication, and authorization differ? Explain each of

them by using GMAIL login process as an example.

[6 marks]

b) Refer to the ftgure below, what do you understand about passwoTd strength?

SiH-chsrac¢er minimum 'ich n o spaces

Learn hal to create a stran . memorable assuord.

Password strength:

Password:
&xchuarer mirimum uch n o spacw
Man kom to crea:e a scro» rnemoraMe ass»od.

Password:
Sin-<J4raccer micimam +čh ne spac°.s
LA.arn hal eo creace a stran m ow orabte

Password strangth:

[2 marks]

c) Apply an encryption algorithm on a retina template can tackle the issue of

personal privacy. Is it true?

[2 marks]

Continued .......

OSY 4/6
TPB314 I PASSWORD AUTHENTICATJON'AND BIOMETRICS 9FEBRUARY2023

Question 4:

a) Livestock farmers in Kenya are set to benefit from a technology meant to tame
cattle rustling in Kenya with the introduGtion of an electronic tracing chip
(RFID) at a time when reports indicating that the vice claims over 600 lives and
displaces thousands annually.

Why it is effective? Use a picture illustration or diagram flow to explain your

answer.
[6 marks]

b) Define and calculate the Equal Error Rate (EER) and best threshold based on the
figure below.

[4 marks]

Continued .......

OSY 5/6
TPB3141 PASSWORD AUTHENTICATION AND BIOMETRIC8 9 FEBRUARY 2023

Ouesfion 5:

a) Being introduced since 2019, WhatsApp users can now rely on the mic feature
in their Android or iOS keyboard to dictate messages and send to contacts. This
means WhatsApp users do not have to type messages, though they will need to
manually press send in order to push the messages across. Alio, this feature can
be used for other apps too, like typing a mail on Gmail.

Is this a voice recognition? Explain your answer.

[4 marks]

b) Continuous authentication works by assessing user behavior patterns on an

ongoing basis. Unlike traditional authentication, which evaluates users just once
at login, continuous authentication considers changing risk factors such as
location, device posture, and other behavioral data.

Suggest a biometric modal which you think fit to be used for continuous
authentication in a mobile phone. Justify your answer.

[3 marks]

c) In November 2021, Facebook announced that it will end its use of facial
recognition software and delete facial data on more than a billion people, a
sudden reversal for one of the Internet's biggest face-scanning systems that could
reinvigorate scrutiny about the software's expanding prevalence around the
world.

Discuss your opinions on this decision made by Facebook, from the perspective of
privacy continuum.

[3 marks]

OSY 6/6
TPB3141 PASSWORD AUTHENTICATION AND BIOMETRIC8 9 FEBRUARY 2023

End of Page

OSY 7/6