Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Authentication Assurance Level Taxonomies for Smart Identity Token Deployments - A New Approach

Published

Author(s)

Ramaswamy Chandramouli

Abstract

Authentication assurance level taxonomies that have been specified in many real-world smart identity token deployments do not fully reflect all the security properties associated with their underlying authentication mechanisms. In this paper we describe the development and application of a new methodology called SID-AAM (where the abbreviation stands for Smart Identity Token - Authentication Assurance Level Methodology) that identifies a new set of authentication factors appropriate for this technology, identifies all the security properties that need to be verified based on bindings between various entities involved in the authentication processes and then derives an authentication assurance level taxonomy based on the set of security properties verified in the various authentication modes specified in the deployment. An application of the SID-AAM methodology to a large scale real world smart identity token deployment is illustrated as well as its superior characteristics compared to the current approaches outlined.
Proceedings Title
Data and Applications Security and Privacy XXIV (Lecture Notes in Computer Science)
Volume
6166
Conference Dates
June 21-23, 2010
Conference Location
Rome
Conference Title
24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2010)

Keywords

authentication, assurance levels, smart identity tokens, taxonomies

Citation

Chandramouli, R. (2010), Authentication Assurance Level Taxonomies for Smart Identity Token Deployments - A New Approach, Data and Applications Security and Privacy XXIV (Lecture Notes in Computer Science), Rome, -1, [online], https://doi.org/10.1007/978-3-642-13739-6_26 (Accessed December 3, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created June 21, 2010, Updated November 10, 2018