1 / 28

Authentication Trustworthiness

Authentication Trustworthiness . The Next Stage in Identity-Based Access and Security Tom Board, NUIT. Overview. What is authentication trustworthiness and why is it important? Can it be quantified? Can it be categorized? How should business processes use it? Summary Next steps.

shamus
Télécharger la présentation

Authentication Trustworthiness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT

  2. Overview • What is authentication trustworthiness and why is it important? • Can it be quantified? • Can it be categorized? • How should business processes use it? • Summary • Next steps

  3. What is Authentication? • From a Business Viewpoint • Authentication is a fundamental part of security • Authentication automatically associates a person with his or her actions • If everyone were trustworthy, then authentication would not be necessary • From a Technical Viewpoint • There is a range of techniques available

  4. What is Authentication Trustworthiness? • Authentication trustworthiness quantifies the combined confidence in: • The identification of the principal • The issuance of the credential • The secure management of the credential • The management of the principal’s standing

  5. Trustworthiness is Important • To enable federated relationships with external entities such as: • Research or academic partners • Governmental agencies • Suppliers and vendors • To secure information for the use of those intended to see or change it.

  6. How is Authentication Trustworthiness Established? • Identification of the principal • What proofs are needed? • How can proofs be checked? • Issuance of the credential • Is the credential delivered in-person, through the U.S. mail or otherwise? • Does distributed management increase security?

  7. Proofs of Existence & Identity

  8. What Factors Affect Authentication Trustworthiness Over Time? • Management of the principal’s standing • How are assertions of the principal’s existence and affiliation refreshed? • What subtleties of attribute change can be detected and thereby affect business processes? • Management of the credential • Is the credential inherently vulnerable? Can the credential be used without the principal’s knowledge? • Can administrative staff compromise the credential? • Is the credential automatically disabled for a principal with an unknown status?

  9. Northwestern’s Identity Structure

  10. Terms

  11. Can AuthenticationTrustworthiness be Quantified? Trustauthentication( ) = Confidenceidentity( ) * Confidencecredential( ) Confidenceidentity ( ) = (1-Pmisidentification( )) * (1-Pmisstanding( )) Confidencecredential ( ) = (1-Pmisissuance( )) * (1-Pmismanagement( )) * (1-Pmisuse( )) * (1-Pspoofing( )) * (1-Precent tampering( ))

  12. Example: NetID (All figures are for illustration purposes only and do not reflect controlled measurements)

  13. Improving Trustworthiness– Multi-factor Authentication • The improved trustworthiness of two-factor authentication comes from multiplying the sirk probabilities for the independent credential technologies. E.g. for two factors A and B: Pspoofing(A&B) = Pspoofing(A) * Pspoofing(B) • If management processes are independent, then this multiplicative property would apply to both Pmisidentification( ) and Pmisissuance( ) • But, Pmisuse(A&B) = min(Pmisuse(A), Pmisuse(B))

  14. Example: NetID & OTP (All figures are for illustration purposes only and do not reflect controlled measurements)

  15. Could Trustworthiness by Classified? • Federal government is using “some”, “high”, and “very high” confidence levels • EduCause and Internet2 are looking at classifications • Local definitions could be created and recorded in the LDAP Registry

  16. Example Trustworthiness Classifications • NONE – self-created identity • LOW – Third-party manual assertion • NORMAL – Authoritative assertion • HIGH – In-person, photo-id check • VERY HIGH – HIGH plus further background checks • An internal system of “notaries” could serve to raise trustworthiness to HIGH

  17. Probability Profiles for Classifications >> 0 much greater than zero > 0 greater than zero  0 approximately zero  0 arbitrarily close to zero 0 exactly zero

  18. Probability Profiles for Classifications >> 0 much greater than zero > 0 greater than zero  0 approximately zero  0 arbitrarily close to zero 0 exactly zero

  19. Services Based Upon Classification

  20. How Should Business Processes Use Trustworthiness? • All security frameworks balance University business risks against user convenience and management costs • Requiring high levels of trustworthiness will require added management effort and cost – requirements should be targeted • Sensitivity to the recent history of the credential will affect trustworthiness and avoid fraudulent use

  21. How Should Business Processes Use Trustworthiness? • Sensitivity to authentication trustworthiness reduces business risk • Processes to provision access should consider trustworthiness • Identities able to grant access must be trustworthy • Identities granted access must be trustworthy • Multi-factor authentication will be necessary for some set of applications

  22. How Should Business Processes Use Trustworthiness? • Sensitivity to authentication trustworthiness can assist with compliance • The initial identification and granting of credentials may need to be bolstered to ensure compliance • It will be necessary to create means to increase the trustworthiness of an identity and credential to transition users from high-convenience to compliance

  23. Authentication Should Not Be Authorization • Authorization is a separate step taken with knowledge of identity attributes • Applications must determine which operations or access are authorized for an authenticated principal • Coarse-grained authorization takes place within the network or access control systems • Fine-grained authorization takes place within the application

  24. Authentication Should Not Be Authorization • Applications may choose to examine both trustworthiness and other attributes of the principal when making authorizing decisions • Affiliation to school or department • Changes in affiliation • Manually-asserted versus authority-asserted

  25. Practical Outcomes • For any University function, there is an implied trustworthiness requirement. These should be made explicit. • Higher levels of trustworthiness will require face-to-face identification, proofs, and perhaps validation of proofs. Can we make this convenient? Should we? • If multi-factor authentication is desirable, how should it be funded?

  26. Summary • Trustworthiness reflects our attention to process and will be important for compliance and federation • Classes of trustworthiness can be defined and form the basis for new business policies • Software must be modified to consider it • People must be prepared for some dislocation because of it

  27. Community Action Steps • Convene a group to address identity policies. • Define trustworthiness categories • Match business function requirements and convenience to trustworthiness • Define methods of raising trustworthiness • Implement categories in IdM infrastructure • Modify systems to • Require appropriate trustworthiness • Separate authorization from authentication

  28. Questions? Q & A

More Related