Title :
Quantifying authentication Levels of Assurance in grid environments
Author :
Yao, Li ; Zhang, Ning
Author_Institution :
Sch. of Comput. Sci., Univ. of Manchester, Manchester, UK
Abstract :
We envisage a fine-grained access control solution that allows a user´s access privilege to be linked to the assurance level in identifying the user. Such a solution would be particularly attractive to a large-scale distributed resource-sharing environment, where resources are likely to be more diversified and may have varying levels of sensitivity and resource providers may wish to adjust security protection levels in adaptation to resource sensitivity levels or the risk levels in the underlying environment. However, existing electronic authentication systems largely identify users through the verification of their electronic identity (ID) credentials. They take into account neither assurance levels of the credentials, nor any other factors that may affect the assurance level of an authentication process. This binary approach to access control may not provide cost-effective protection to resources with varying sensitivity levels. To realise the vision of assurance level linked access control, there is a need for an authentication algorithm that is able to capture the assurance level in identifying a user, expressed as an authentication Level of Assurance (LoA), and link this LoA value to authorisation decision-making. This paper investigates the feasibility of estimating a user´s LoA at run-time by designing and evaluating an authentication algorithm that derives a LoA value, based upon not only users´ ID credentials, but also other factors such as access location, system environment and authentication protocol used.
Keywords :
authorisation; decision making; grid computing; message authentication; authentication assurance; decision making; distributed resource- sharing; electronic identity; fine grained access control; grid environment; user identification; Access control; Additives; Aggregates; Algorithm design and analysis; Authentication; NIST; Protocols; Grid Security; adaptive authentication; authentication; fined-grained access control; levels of assurance;
Conference_Titel :
Information Assurance and Security (IAS), 2010 Sixth International Conference on
Conference_Location :
Atlanta, GA
Print_ISBN :
978-1-4244-7407-3
DOI :
10.1109/ISIAS.2010.5604042