Home // ICDS 2012, The Sixth International Conference on Digital Society // View article

Determining Authentication Strength for Smart Card-based Authentication Use Cases

Authors:
Ramaswamy Chandramouli

Keywords: Identity Verification, Smart Identity Token, Authentication Strength

Abstract:
Smart cards are now being extensively deployed for identity verification(smart identity tokens) for controlling access to Information Technology (IT) resources as well as physical resources. Depending upon the sensitivity of the resources and the risk of wrong identification, different authentication use cases are being deployed. Assignment of authentication strength for each of the use cases is often based on: (a) the total number of three common orthogonal authentication factors – What You Know, What You Have and What You are – used in the particular use case and (b) the entropy associated with each factor chosen. The objective of this paper is to analyze the limitation of this approach and present a new methodology for assigning authentication strengths based on the strength of pair wise bindings between the five entities involved in smart card based authentications – the card (token), the token secret, the card holder, the card issuer and the person identifier stored in the card The use of the methodology for developing an authentication assurance level taxonomy for a real world smart identity token deployment is also illustrated.

Pages: 153 to 158

Copyright: Copyright (c) The Government of USA, 2012. Used by permission to IARIA.

Publication date: January 30, 2012

Published in: conference

ISSN: 2308-3956

ISBN: 978-1-61208-176-2

Location: Valencia, Spain

Dates: from January 30, 2012 to February 4, 2012