As part of E-Government and security initiatives, smart cards are now being increasingly deployed as authentication tokens. The existing classification of authentication factors into What you Know, What You Have and What You Are- does not provide a good framework for characterizing the strength and robustness of authentication processes involved in smart card-based authentications. The purpose of this paper is to identify the entities involved in this type of authentication processes, study the threats to those processes in terms of these entities involved, and then determine the list of properties associated with these entities that need to be verified to detect exploitation of these threats. A new taxonomy called Smart Card-based Authentication Taxonomy (SBCA) has been developed by classifying the property verification approaches under three authentication classes. The authentication profiles specified in two well-known recent government smart card specifications have been analyzed using the taxonomy to determine the relative strengths and assurances provided by these profiles.
Conference Dates: October 7-11, 2007
Conference Location: Merrillville, IN
Conference Title: International Conference on Information Society (i-Society 2007)
Pub Type: Conferences