Regardless of the type of token that is employed, there needs to be a process to manage it over its lifetime. Th is would include the initial distribution of tokens, replacing lost or expired tokens, and collecting tokens from employees who are leaving the enterprise. Th ese processes generally make use of a database to manage the tokens during their life cycle. It is also important that the distribu- tion and replacement processes use appropriate authentication methods to verify that the correct person is receiving the token. If these processes can be subverted then any subsequent authentica- tions will be compromised, as someone other than the appropriate person may be able to obtain a token in his or her name. Th ese processes may use trusted security offi cers to verify an identity or may be tied into the methods used to issue credentials for physical access to the enterprise. As a part of the procedure for issuing the token an alternate method of identifi cation can and should be established. One method is to set up a series of challenge-and-response questions that can be used over the phone or through a self-service Web site to request actions like replacements or resets. It is important that these questions do not ask for easily obtainable information and are diverse enough not to be easily guessed. In general three to fi ve questions chosen out of a pool of twenty are suffi - cient for this purpose. Th ese questions should be used only for this purpose and should not be used for day-to-day authentication. Th is will reduce the likelihood that they could be intercepted.
Th e distribution and management of tokens can add a lot of overhead to the total cost of own- ership of the token. Th is is especially true if tokens need to be shipped individually to end users. If they are handled via a centralized process, people would need to be paid to assign the tokens and actually pack them individually for shipping. Th e method of shipping would also need to give reasonable assurance that the token is delivered only to the person to whom it is assigned. Th is can add cost to the process especially if the enterprise is at multiple geographic sites. Th is cost can be reduced by using automation that will assign tokens from a pool of unassigned tokens that is kept at various sites within the enterprise and distributed as needed. A Web portal can be used by individuals to assign themselves a token, provided that they can be authenticated in a satisfactory manner. In enterprises that require more assurance that tokens are assigned to the appropriate individuals, on-site security offi cers or other trusted individuals can verify the identity of a person before assigning him or her a token. In all cases, detailed audit trails should be kept to document the process in case there is any question in the future about who was assigned the token.
Th ere is also the potential to combine the physical access control of an employee badge with that of the smart card by using the same form factor. Th is is done by printing the badge informa- tion, usually a name, photograph, and, possibly, some other enterprise information, on the smart card itself. Th is gives the enterprise the option of using the smart card authentication information to control building access. Th is also makes it easier to remove access; when an employee leaves an
CRC_AU6708_Ch011.indd 159
organization and the badge or smart card is turned in, it will not only prevent them from entering the building but also prevent them from accessing any electronic systems or applications utilizing the smart card.
Conclusion
Authentication schemes that use static passwords are increasingly being compromised by attackers using network monitoring, viruses that install keyloggers on workstations, password guessing, and phishing that spoofs the end user into supplying the credentials to a third party. Th ese attacks are becoming more and more common. Other methods of authentication need to be implemented to reduce the ability of attackers to compromise those systems and applications that use static pass- words. Biometric schemes that implement the authentication factor “what you are” would also be eff ective but solutions are still somewhat immature and remain diffi cult to implement, especially with legacy systems. Token authentication schemes that implement two of the three factors of authentication, “something you know” (a PIN) and “something you have” (the token device), seem to be the best solution to prevent these types of attacks. Token authentication would be easier for an enterprise to implement and would greatly reduce the risk of the authentication scheme being compromised within the enterprise.
References
1. Schuckers, S. (2002). Spoofi ng and Anti-Spoofi ng Measures, Clarkson and West Virginia University. http:// citer.wvu.edu/members/publications/fi les/15-SSchuckers-Elsevior02.pdf
2. Tipton, H. F., and Krause, M. (2004). Information Security Handbook, Fifth Edition, Boca Raton, FL, CRC Press LLC.