Back in January, NIST's Applied Cybersecurity Division hosted the “Applying Measurement Science in the Identity Ecosystem” workshop. Among the knotty issues under consideration, 220+ participants discussed the concept of measuring the strength of authentication.
Through a combination of input from that workshop and analysis performed by experts (both internal and external to NIST) we have developed a proposed framework that can be used to quantify the security of authentication solutions - and now, we want to hear from you again. I'm happy to announce that the Strength of Function for Authenticators - Biometrics (SOFA-B) Discussion Draft is now open for comment.
SOFA is a proposed framework to evaluate and compare the strength of authentication solutions. SOFA-B is the strength of function for biometric authentication. This was our initial focus due to increased availability of biometric sensors in the consumer space. The SOFA model incorporates three aspects, explained further in the draft: matching performance, presentation attack detection (aka spoof detection), and effort (to break a system).
Ready to get involved? NIST plans for the initial input period to run for 60 days, from October 17th to December 16th. Due to the great success we’ve had with GitHub in the recent past, we are excited to use it again! Direct suggestions or comments can be submitted to GitHub as issues following the directions on the SOFA page or via emails sent to sofa [at] nist.gov (sofa[at]nist[dot]gov). Comments will likely be added to GitHub to maximize transparency and collaboration, so please note that emailed feedback will be made public.
We can’t wait to hear from you, and thank you for your ongoing participation and contributions in developing the framework. Happy commenting!