Download presentation
Presentation is loading. Please wait.
Published byRussell Perry Modified over 9 years ago
1
1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT
2
2 Overview What is authentication trustworthiness and why is it important? Can it be quantified? Can it be categorized? How should business processes use it? Summary Next steps
3
3 What is Authentication? From a Business Viewpoint –Authentication is a fundamental part of security –Authentication automatically associates a person with his or her actions –If everyone were trustworthy, then authentication would not be necessary From a Technical Viewpoint –There is a range of techniques available
4
4 What is Authentication Trustworthiness? Authentication trustworthiness quantifies the combined confidence in: –The identification of the principal –The issuance of the credential –The secure management of the credential –The management of the principal’s standing
5
5 Trustworthiness is Important To enable federated relationships with external entities such as: –Research or academic partners –Governmental agencies –Suppliers and vendors To secure information for the use of those intended to see or change it.
6
6 How is Authentication Trustworthiness Established? Identification of the principal –What proofs are needed? –How can proofs be checked? Issuance of the credential –Is the credential delivered in-person, through the U.S. mail or otherwise? –Does distributed management increase security?
7
7 Proofs of Existence & Identity
8
8 What Factors Affect Authentication Trustworthiness Over Time? Management of the principal’s standing –How are assertions of the principal’s existence and affiliation refreshed? –What subtleties of attribute change can be detected and thereby affect business processes? Management of the credential –Is the credential inherently vulnerable? Can the credential be used without the principal’s knowledge? –Can administrative staff compromise the credential? –Is the credential automatically disabled for a principal with an unknown status?
9
9 Northwestern’s Identity Structure
10
10 Terms IdentificationEstablishing that the principal is, in fact, the exact entity being represented StandingAssertion by an authority which reflects ongoing affiliations IssuanceConveying an assigned credential to the exact principal – and only that principal ManagementContinuing assertion by authority which controls attributes MisuseIntentional use of the credential by the principal to gain access for a third party TamperingUsing administrative functions to gain control of the credential and fraudulently represent the principal SpoofingIntentional misguidance of the authentication system into believing that a valid credential has been presented and thus fraudulently represent the principal
11
11 Can Authentication Trustworthiness be Quantified? Trust authentication ( ) = Confidence identity ( ) * Confidence credential ( ) Confidence identity ( ) = (1-P misidentification ( )) * (1-P misstanding ( )) Confidence credential ( ) = (1-P misissuance ( )) * (1-P mismanagement ( )) * (1-P misuse ( )) * (1-P spoofing ( )) * (1-P recent tampering ( ))
12
12 Example: NetID (All figures are for illustration purposes only and do not reflect controlled measurements)
13
13 Improving Trustworthiness – Multi-factor Authentication The improved trustworthiness of two-factor authentication comes from multiplying the sirk probabilities for the independent credential technologies. E.g. for two factors A and B: P spoofing (A&B) = P spoofing (A) * P spoofing (B) If management processes are independent, then this multiplicative property would apply to both P misidentification ( ) and P misissuance ( ) But, P misuse (A&B) = min(P misuse (A), P misuse (B))
14
14 Example: NetID & OTP (All figures are for illustration purposes only and do not reflect controlled measurements)
15
15 Could Trustworthiness by Classified? Federal government is using “some”, “high”, and “very high” confidence levels EduCause and Internet2 are looking at classifications Local definitions could be created and recorded in the LDAP Registry
16
16 Example Trustworthiness Classifications NONE – self-created identity LOW – Third-party manual assertion NORMAL – Authoritative assertion HIGH – In-person, photo-id check VERY HIGH – HIGH plus further background checks An internal system of “notaries” could serve to raise trustworthiness to HIGH
17
17 Probability Profiles for Classifications >> 0much greater than zero >0greater than zero 0 approximately zero 0 arbitrarily close to zero 0exactly zero
18
18 Probability Profiles for Classifications >> 0much greater than zero >0greater than zero 0 approximately zero 0 arbitrarily close to zero 0exactly zero
19
19 Services Based Upon Classification
20
20 How Should Business Processes Use Trustworthiness? All security frameworks balance University business risks against user convenience and management costs Requiring high levels of trustworthiness will require added management effort and cost – requirements should be targeted Sensitivity to the recent history of the credential will affect trustworthiness and avoid fraudulent use
21
21 How Should Business Processes Use Trustworthiness? Sensitivity to authentication trustworthiness reduces business risk –Processes to provision access should consider trustworthiness Identities able to grant access must be trustworthy Identities granted access must be trustworthy –Multi-factor authentication will be necessary for some set of applications
22
22 How Should Business Processes Use Trustworthiness? Sensitivity to authentication trustworthiness can assist with compliance –The initial identification and granting of credentials may need to be bolstered to ensure compliance –It will be necessary to create means to increase the trustworthiness of an identity and credential to transition users from high- convenience to compliance
23
23 Authentication Should Not Be Authorization Authorization is a separate step taken with knowledge of identity attributes Applications must determine which operations or access are authorized for an authenticated principal –Coarse-grained authorization takes place within the network or access control systems –Fine-grained authorization takes place within the application
24
24 Authentication Should Not Be Authorization Applications may choose to examine both trustworthiness and other attributes of the principal when making authorizing decisions –Affiliation to school or department –Changes in affiliation –Manually-asserted versus authority-asserted
25
25 Practical Outcomes For any University function, there is an implied trustworthiness requirement. These should be made explicit. Higher levels of trustworthiness will require face-to-face identification, proofs, and perhaps validation of proofs. Can we make this convenient? Should we? If multi-factor authentication is desirable, how should it be funded?
26
26 Summary Trustworthiness reflects our attention to process and will be important for compliance and federation Classes of trustworthiness can be defined and form the basis for new business policies Software must be modified to consider it People must be prepared for some dislocation because of it
27
27 Community Action Steps Convene a group to address identity policies. –Define trustworthiness categories –Match business function requirements and convenience to trustworthiness –Define methods of raising trustworthiness Implement categories in IdM infrastructure Modify systems to –Require appropriate trustworthiness –Separate authorization from authentication
28
28 Questions? Q A &
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.