Authentication assurance level taxonomies that have been specified in many real-world smart identity token deployments do not fully reflect all the security properties associated with their underlying authentication mechanisms. In this paper we describe the development and application of a new methodology called SID-AAM (where the abbreviation stands for Smart Identity Token - Authentication Assurance Level Methodology) that identifies a new set of authentication factors appropriate for this technology, identifies all the security properties that need to be verified based on bindings between various entities involved in the authentication processes and then derives an authentication assurance level taxonomy based on the set of security properties verified in the various authentication modes specified in the deployment. An application of the SID-AAM methodology to a large scale real world smart identity token deployment is illustrated as well as its superior characteristics compared to the current approaches outlined.
Proceedings Title: Data and Applications Security and Privacy XXIV (Lecture Notes in Computer Science)
Conference Dates: June 21-23, 2010
Conference Location: Rome, -1
Conference Title: 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2010)
Pub Type: Conferences
authentication, assurance levels, smart identity tokens, taxonomies