Since the dawn of computing, operating systems and applications have
used many schemes to identify and authenticate entities accessing
resources within computers. While the technologies and schemes have
varied, there appears to have been little attempt to classify them
based on their ability to resist attacks from unauthorized entities.
With
the proliferation of identity management technologies in the market
today, it is becoming increasingly difficult to assess and compare them
with each other. As the threat level continues to rise on the
internet, and regulations governing information technology continue to
grow, risk managers need a more objective mechanism to assign risk to
their systems so they may apply appropriate mitigating controls.
This
paper attempts to describe a classification scheme that will permit the
comparison of seemingly different identification and authentication
(I&A) technologies on the basis of their vulnerability to
attacks. With a better understanding of related authentication
technologies, companies can determine the appropriate technology to use
for mitigating authentication risks.
About the Presenter
Arshad Noor is the Chief Technology Officer of StrongAuth, Inc., a Sunnyvale, California-based company that specializes in Enterprise Key Management, Identity Management and Compliance Work-flow Management.
He is the architect and lead developer of StrongKeyTM, an open-source implementation of a Symmetric Key Management System (SKMS), whose protocol is the basis for the Symmetric Key Services Markup Language (SKSML) standard being formalized by the OASIS EKMI Technical Committee; StrongAuth donated the SKSML protocol to OASIS on a royalty-free basis for the standardization effort.
Arshad is also the current Chair of the OASIS EKMI TC that currently has 28 members on its committee, including Visa, Wells Fargo, Red Hat, the US Dept. of Defense and many other companies and individuals in the security industry. He has spoken at many international conferences on EKMI, including the OASIS Adoption Forum 2007 in San Diego, ISSE/SECURE 2007 in Warsaw, Poland and the ISACA International Conference 2007 in Singapore.
Workshop logistics
Venue: Gaithersburg, MD
Date: March 4 - March 6, 2008
For more information: info(AT)strongauth.com