280 likes | 398 Views
Authentication Trustworthiness . The Next Stage in Identity-Based Access and Security Tom Board, NUIT. Overview. What is authentication trustworthiness and why is it important? Can it be quantified? Can it be categorized? How should business processes use it? Summary Next steps.
E N D
Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT
Overview • What is authentication trustworthiness and why is it important? • Can it be quantified? • Can it be categorized? • How should business processes use it? • Summary • Next steps
What is Authentication? • From a Business Viewpoint • Authentication is a fundamental part of security • Authentication automatically associates a person with his or her actions • If everyone were trustworthy, then authentication would not be necessary • From a Technical Viewpoint • There is a range of techniques available
What is Authentication Trustworthiness? • Authentication trustworthiness quantifies the combined confidence in: • The identification of the principal • The issuance of the credential • The secure management of the credential • The management of the principal’s standing
Trustworthiness is Important • To enable federated relationships with external entities such as: • Research or academic partners • Governmental agencies • Suppliers and vendors • To secure information for the use of those intended to see or change it.
How is Authentication Trustworthiness Established? • Identification of the principal • What proofs are needed? • How can proofs be checked? • Issuance of the credential • Is the credential delivered in-person, through the U.S. mail or otherwise? • Does distributed management increase security?
What Factors Affect Authentication Trustworthiness Over Time? • Management of the principal’s standing • How are assertions of the principal’s existence and affiliation refreshed? • What subtleties of attribute change can be detected and thereby affect business processes? • Management of the credential • Is the credential inherently vulnerable? Can the credential be used without the principal’s knowledge? • Can administrative staff compromise the credential? • Is the credential automatically disabled for a principal with an unknown status?
Can AuthenticationTrustworthiness be Quantified? Trustauthentication( ) = Confidenceidentity( ) * Confidencecredential( ) Confidenceidentity ( ) = (1-Pmisidentification( )) * (1-Pmisstanding( )) Confidencecredential ( ) = (1-Pmisissuance( )) * (1-Pmismanagement( )) * (1-Pmisuse( )) * (1-Pspoofing( )) * (1-Precent tampering( ))
Example: NetID (All figures are for illustration purposes only and do not reflect controlled measurements)
Improving Trustworthiness– Multi-factor Authentication • The improved trustworthiness of two-factor authentication comes from multiplying the sirk probabilities for the independent credential technologies. E.g. for two factors A and B: Pspoofing(A&B) = Pspoofing(A) * Pspoofing(B) • If management processes are independent, then this multiplicative property would apply to both Pmisidentification( ) and Pmisissuance( ) • But, Pmisuse(A&B) = min(Pmisuse(A), Pmisuse(B))
Example: NetID & OTP (All figures are for illustration purposes only and do not reflect controlled measurements)
Could Trustworthiness by Classified? • Federal government is using “some”, “high”, and “very high” confidence levels • EduCause and Internet2 are looking at classifications • Local definitions could be created and recorded in the LDAP Registry
Example Trustworthiness Classifications • NONE – self-created identity • LOW – Third-party manual assertion • NORMAL – Authoritative assertion • HIGH – In-person, photo-id check • VERY HIGH – HIGH plus further background checks • An internal system of “notaries” could serve to raise trustworthiness to HIGH
Probability Profiles for Classifications >> 0 much greater than zero > 0 greater than zero 0 approximately zero 0 arbitrarily close to zero 0 exactly zero
Probability Profiles for Classifications >> 0 much greater than zero > 0 greater than zero 0 approximately zero 0 arbitrarily close to zero 0 exactly zero
How Should Business Processes Use Trustworthiness? • All security frameworks balance University business risks against user convenience and management costs • Requiring high levels of trustworthiness will require added management effort and cost – requirements should be targeted • Sensitivity to the recent history of the credential will affect trustworthiness and avoid fraudulent use
How Should Business Processes Use Trustworthiness? • Sensitivity to authentication trustworthiness reduces business risk • Processes to provision access should consider trustworthiness • Identities able to grant access must be trustworthy • Identities granted access must be trustworthy • Multi-factor authentication will be necessary for some set of applications
How Should Business Processes Use Trustworthiness? • Sensitivity to authentication trustworthiness can assist with compliance • The initial identification and granting of credentials may need to be bolstered to ensure compliance • It will be necessary to create means to increase the trustworthiness of an identity and credential to transition users from high-convenience to compliance
Authentication Should Not Be Authorization • Authorization is a separate step taken with knowledge of identity attributes • Applications must determine which operations or access are authorized for an authenticated principal • Coarse-grained authorization takes place within the network or access control systems • Fine-grained authorization takes place within the application
Authentication Should Not Be Authorization • Applications may choose to examine both trustworthiness and other attributes of the principal when making authorizing decisions • Affiliation to school or department • Changes in affiliation • Manually-asserted versus authority-asserted
Practical Outcomes • For any University function, there is an implied trustworthiness requirement. These should be made explicit. • Higher levels of trustworthiness will require face-to-face identification, proofs, and perhaps validation of proofs. Can we make this convenient? Should we? • If multi-factor authentication is desirable, how should it be funded?
Summary • Trustworthiness reflects our attention to process and will be important for compliance and federation • Classes of trustworthiness can be defined and form the basis for new business policies • Software must be modified to consider it • People must be prepared for some dislocation because of it
Community Action Steps • Convene a group to address identity policies. • Define trustworthiness categories • Match business function requirements and convenience to trustworthiness • Define methods of raising trustworthiness • Implement categories in IdM infrastructure • Modify systems to • Require appropriate trustworthiness • Separate authorization from authentication
Questions? Q & A