1 / 17

Gartner Authentication Methods Evaluation Scorecards (GAMES)

Gartner Authentication Methods Evaluation Scorecards (GAMES). Ant Allan Twitter: @ G_ant. Why GAMES?. To assist Gartner clients in evaluating (and choosing) new authentication methods

chaney
Télécharger la présentation

Gartner Authentication Methods Evaluation Scorecards (GAMES)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Gartner Authentication Methods Evaluation Scorecards (GAMES) Ant AllanTwitter: @G_ant

  2. Why GAMES? • To assist Gartner clients in evaluating (and choosing) new authentication methods • Published guidelines (eg NIST SP800-63-1) focus on authentication strength (assurance, risk, or trust levels) • GAMES also considers UX and TCO • Published guidelines might rank some available methods, but with little transparency • Why does X provide greater assurance than Y? • How can I rank P, Q,… that aren’t explicitly mentioned? • Why is Gartner doing this? Because no-one else is!

  3. GAMES Timeline • First iteration • Gartner Authentication Method Evaluation Scorecards, 30 Sep 2008 • Toolkit: Gartner Authentication Method Evaluation Scorecards, 8 Sep 2009 • Second iteration • Gartner Authentication Method Evaluation Scorecards, 2011: Overview, 7 Mar 2011 • : Total Cost of Ownership, 7 Mar 2011 • : User Experience, 23 May 2011 • : Assurance and Accountability 5 Mar 2012 [sic] • Third iteration… ?

  4. Changes in GAMES • General discussion of TCO elements  chart of accounts • Ease of use  UX • Authentication strength … multiple changes: • V2 has explicit discussion of accountability, not completely orthogonal to assurance • Scrapped complex, effortful quantitative approach (implying a precision that is really unattainable in this kind of evaluation) for a simpler, more qualitative approach • Two parts: • A1: The method's resistance to attack — that is, how difficult is it for an attacker to directly compromise or undermine the authentication method (without the user's knowing collusion)? • A2: The method's resistance to willful misuse — that is, how difficult is it for a user to deliberately allow colleagues and others to share his or her account?

  5. Basic GAMES Framework for Evaluating Assurance and Accountability 1 2 4 Particularity (Uniqueness  Mapping) Binding Raw resistance to masquerade attack • People, processes and compensating controls 3 5 Accountability Effective resistance to masquerade attack Address weaknesses 6 Assurance The guiding principle of the evaluation of authentication strength is to find weaknesses in the authentication method: How could users share credentials? What vulnerabilities are there, and how could an attacker exploit them? What user behaviors increase those vulnerabilities or make exploitation easier? How can we break this?

  6. Combining Characteristics ( Operations) 5

  7. Particularity  Binding  Accountability • Particularity: To what degree are the authentication attributes — and the authentication information derived from them: • Unique? • Uniquely mapped to the user? • Binding: How difficult is it for the user to willingly share authentication attributes with others? • Or: How tightly are the authentication attributes bound to the user? • Accountability: An expression of resistance to willful misuse. (A2) 6

  8. How Difficult Is it For an Attacker to Execute a Masquerade Attack? (A1) This decomposes into four more-granular questions, each of which addresses a different attack mode: • B1: How difficult is it for an attacker to gain possession of (a copy of) the authentication attributes the user possesses? • B2: How difficult is it for an attacker to capture and successfully reuse the authentication information? • B3: How difficult is it for an attacker to directly or indirectly modify the stored authentication attributes? • B4: How difficult is it for an attacker to directly or indirectly modify an authentication decision or how a decision is enforced? Any chain is only as strong as its weakest link! 7

  9. Evaluating the Attack Mode Questions Consider the following*: • C1: The attack vector — Where does an attacker have to be to execute the attack? If it's local (that is, physically present), the difficulty is high; if on a local network, medium; if on the Internet, minimal. • C2: The access complexity — What level of effort is required? This can be directly expressed as minimal to high. • C3: The novelty** — How unusual is the attack? If this is seen in the wild, the novelty is minimal; if it exists as a proof of concept, low; if it is unproven, medium. * Much simplified version from the Common Vulnerability Scoring System ** Note that this replaces "exploitability of the attack" used in the original GAMES research, in order to have the scoring in the "right direction.") 8

  10. Evaluating an Authentication Method's Effective Resistance to Attack A method's inherent or "raw" resistance to masquerade attack can be modified — strengthened or weakened — by external considerations that will vary from one implementation to another: • D1: How can user behavior facilitate or mitigate an attack? • D2: How can administrative processes and administrator behavior facilitate or mitigate an attack? • D3: How can additional compensating controls mitigate an attack? 9

  11. Example of a Summary Scorecard 10

  12. Example of a Scorecard Evaluating Resistance to Attacks of the Second Kind 11

  13. Basic GAMES Framework, Redux 1 2 4 Particularity (Uniqueness  Mapping) Binding Raw resistance to masquerade attack • People, processes and compensating controls 3 5 Accountability Effective resistance to masquerade attack Address weaknesses 6 Assurance

  14. UX Considerations • Learnability • Usability • Utility • Aesthetic appeal • Privacy concerns* Universal Design Principles • Equitable use • Flexibility in use • Simple and intuitive • Perceptible information • Tolerance for error • Low physical effort • Size and space for approach and use * Not in published research. h/t Mary Ruddy A person's perceptions and responses impact security and risk, TCO, corporate image and business outcomes. 13

  15. TCO Considerations (High Level!) • Authentication infrastructure components: • Hardware • Software • Services • IT operations • Implementation • Support • Identity administration • Logistics • Target system components • End-user and endpoint components • Administration • Management • Training • End users • Training • Downtime 14

  16. Q&A

  17. Gartner Authentication Methods Evaluation Scorecards (GAMES) Ant AllanTwitter: @G_ant

More Related