U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Determining Authentication Strength for Smart Card-based Authentication Use Cases

Published

Author(s)

Ramaswamy Chandramouli

Abstract

Smart cards are now being extensively deployed for identity verification(smart identity tokens) for controlling access to Information Technology (IT) as well as physical resources. Depending upon the sensitivity of the resources and the risk of wrong identification, different authentication uses are being deployed. Assignment of authentication strength for each of the use cases is often based on: (a) the total number of three common orthogonal authentication factors - What You Know, What You Have and What You are - used in the particular use case and (b) the entropy associated with each factor chosen. The objective of this paper is to analyze the limitation of this approach and present a new methodology for assigning authentication strengths based on the strength of pair wise bindings between the four entities involved in smart card based authentications - the card (token), the token secret, the card holder and the identifier stored in the card. The use of the methodology for developing an authentication assurance level taxonomy for a real world smart identity token deployment is also illustrated.
Proceedings Title
Proceedings of Sixth International Conference on Digital Society (ICDS 2012)
Conference Dates
January 30-February 4, 2012
Conference Location
Valencia
Conference Title
Sixth International Conference on Digital Society (ICDS 2012) January 30-February 4, 2012, Valencia Spain
Pub Type
Conferences

Download Paper

Local Download

Keywords

authentication strength, identity verification, smart identity token
Information technology and Cybersecurity

Citation

Chandramouli, R. (2012), Determining Authentication Strength for Smart Card-based Authentication Use Cases, Proceedings of Sixth International Conference on Digital Society (ICDS 2012), Valencia, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=908626 (Accessed April 26, 2024)

Created January 30, 2012, Updated February 19, 2017