National Authentication Framework Implementation Study

reportActive / Technical Report | Accession Number: ADA514358 | Open PDF

Abstract:

The move towards e-government has seen many institutions put special focus on the need for security, especially that of authentication. Single-factor password-based systems have been proven inadequate in safeguarding online financial and e-government service transactions. Industry adoption of Two-Factor Authentication 2FA has also been piecemeal. To mitigate these deficiencies, the Singapore Government, in 2008, put forth a Call-for-Collaboration CFC seeking industry and academic participation in defining a National Authentication Framework NAF, with the dual aim of providing for a national-level 2FA system and broadening the market for authentication services, and, in so doing, provide the user with a better authentication experience. This thesis will detail, discuss, and compare the various token types and identity frameworks PKI, SAML, WS-F, OpenID, and Infocard that make up an authentication system, and make recommendations on the best combination of technologies, protocols, and standards that, when implemented, would not only fulfill the requirements of the CFC, but also position it well for future enhancement.

Author(s):
Chuan-hao, Mok
Author Organization(s):
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Descriptive Note:
Master's thesis
Supplementary Note:
The original document contains color images.
Pagination:
0084

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:
Approved For Public Release
Distribution Statement:
Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR
Identifying Numbers
Monitor Series:
NPS
 Subject Terms
Joint Capability Areas:
JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_6.1.2_Wireless Transmission; JCA_6.1_Information Transport; JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_7_Protection; JCA_4.6_Engineering; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_4.6.1_General Engineering; JCA_5_Command and Control; JCA_1_Force Support; JCA_6.2.3_Core Enterprise Services; JCA_6.2_Enterprise Services; JCA_1.2_Force Preparation; JCA_5.3_Planning; JCA_1.2.3_Educating; JCA_1.3_Human Capital Management
Modernization Areas:
Cyber
Communities of Interest:
Cyber
Descriptor(s):
*INFORMATION SECURITY, *ONLINE SYSTEMS, *COMMAND AND CONTROL SYSTEMS, *FINANCE, ASYMMETRY, USER NEEDS, SIGNATURES, HOMING, DECODERS, SINGAPORE, INFRASTRUCTURE, THESES, CRYPTOGRAPHY, INDUSTRIES, REQUIREMENTS, DIGITAL SYSTEMS
Field(s)/Group(s):
Economics and Cost Analysis, Numerical Mathematics, Radio Communications
Keyword(s):
AUTHENTICATION, IDENTITY, OPENID, INFOCARD, SAML, WS FEDERATION, PKI, NATIONAL AUTHENTICATION FRAMEWOR, 2FA(TWO FACTOR AUTHENTICATION), CFC(CALL FOR COLLABORATION), NAF(NATIONAL AUTHENTICATION FRAMEWORK)
Report Date:
2009 Dec 01
Creation Date:
2010 Mar 03