Skip to main content
SpringerLink
Log in
Book cover

International Conference on Research in Security Standardisation

SSR 2015: Security Standardisation Research pp 203–217Cite as

A Practical Trust Framework: Assurance Levels Repackaged Through Analysis of Business Scenarios and Related Risks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9497))

Abstract

In cyberspace, standards for the expression of the trustworthiness of identities have been developed by various parties. This trustworthiness is often referred to as entity authentication assurance, and its degree is often called LoA (levels of assurance, or assurance levels). There are two prominent LoA standards: NIST SP800-63-2 and ISO/IEC 29115:2013. LoAs are designed to express different levels of assurance. Multiple viewpoints are set in assessment, and related assessment criteria for each viewpoint are packaged into one LoA. For deployment of LoAs in enterprise business scenarios, the choice of assessment criteria in a given LoA must match the specific business requirements. We perform a field survey on business scenarios in which trust in identities is a major problem. In the survey, we focus on two key factors of assessment: identity proofing and authentication process. In addition, we observe the overall fit and gap in business scenarios. Results indicate that raising the assurance of the authentication process is effective for raising the overall assurance level. Based on the investigations performed, we repackage light weight identity proofing and LoA 2 equivalent credential management and usage into a new assurance level, LoA 1+, for the “right” cost benefit balance.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Horse Racing Law (in Japanese) http://law.e-gov.go.jp/htmldata/S23/S23HO158.html.

References

  1. Akerlof, G.A.: The market for “lemons”: quality uncertainty and the market mechanism. Q. J. Econ. 84(3), 488–500 (1970)

    Article  Google Scholar 

  2. Baldwin, A., Mont, M.C., Beres, Y., Shiu, S.: On Identity assurance in the presence of federated identity management systems. In: Proceedings of the International ACM Workshop on Digital Identity Management 2007, pp. 27–35 (2007)

    Google Scholar 

  3. Burr, W.E., Dodson, D.F., Newton, E.M., Perlner, R.A., Polk, W.T., Gupta, S., Nabbus, E.A.: Electronic Authentication Guidance. NIST SP 800–63-2 (2013)

    Google Scholar 

  4. Cabinet of Japan: Guideline for Risk Analysis, Digital Signing, and Authentication for On-line Applications and Processing (2010) (in Japanese). http://www.kantei.go.jp/jp/singi/it2/guide/guide_line/guideline100831.pdf

  5. Coats, B., Acharya, S.: The forecast for electronic health record access: partly cloudy. In: Proceedings of the IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, pp. 937–942 (2013)

    Google Scholar 

  6. Federal Identity, Credential, and Access Management Trust Framework Solutions: Trust Framework Provider Adoption Process (TFPAP) For All Levels of Assurance (2014). http://www.idmanagement.gov/sites/default/files/documents/FICAM_TFS_TFPAP_0.pdf

  7. GOV.UK: Introducing GOV.UK Verify (2015). https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify

  8. InCommon: The inCommon Assurance Program. http://www.incommon.org/assurance/

  9. ISO: ISO/IEC 29115:2013, Entity authentication assurance framework (2013)

    Google Scholar 

  10. ITU-T: Recommendation X.1254, Entity authentication assurance framework (2012)

    Google Scholar 

  11. Japanese Bankers Association: FY2013 Financial Statements of All Banks (2014)

    Google Scholar 

  12. Kantara: Identity Assurance. https://kantarainitiative.org/idassurance/

  13. Noor, A.: Identity protection factor (IPF). In: Proceedings of the IDtrust 2008, pp. 8–18 (2008)

    Google Scholar 

  14. NSTIC: National Strategy for Trusted Identities in Cyberspace. http://www.nist.gov/nstic/

  15. OASIS: Electronic Identity Credential Trust Elevation Framework V 1.0 (2014). http://docs.oasis-open.org/trust-el/trust-el-framework/v1.0/trust-el-framework-v1.0.pdf

  16. Office of Management and Budget: M-04-04: E-Authentication Guidance for Federal Agencies (2003)

    Google Scholar 

  17. Sato, H.: N \(\pm \epsilon \): reflecting local risk assessment in LoA. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2009, Part II. LNCS, vol. 5871, pp. 833–847. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  18. Sato, H.: A formal model of LoA elevation in online trust. ASE Sci. J. 1(4), 166–178 (2012)

    Google Scholar 

  19. Slomovic, A.: Privacy issues in identity verification. IEEE Secur. Priv. 12, 71–73 (2014)

    Article  Google Scholar 

  20. The General Insurance Association of Japan: Income Statement (2015) (in Japanese)

    Google Scholar 

  21. The Life Insurance Association of Japan: Life Insurance Fact Book 2014 (2014) (in Japanese)

    Google Scholar 

  22. The Ministry of Economy, Trade and Industry: 2013 Survey of Selected Service Industries (2014) (in Japanese)

    Google Scholar 

  23. The Ministry of Economy, Trade and Industry: Digital Content White Paper 2014 (2014) (in Japanese)

    Google Scholar 

  24. The Ministry of Economy, Trade and Industry: Market Research on Electronic Commerce 2015 (2015) (in Japanese). http://www.meti.go.jp/press/2015/05/20150529001/20150529001-3.pdf

  25. The Ministry of Internal Affairs and Communications: White Paper on Information and Communications in Japan (2014) (in Japanese)

    Google Scholar 

  26. The Ministry of Internal Affairs and Communications and the Ministry of Economy, Trade and Industry: 2012 Economic Census for Business Activity (2012) (in Japanese)

    Google Scholar 

  27. The National Police Agency (2010–2015) (in Japanese). https://www.npa.go.jp/cyber/statics/h2\(\{\)2-6\(\}\),/pdf041.pdf

    Google Scholar 

  28. Third Networks Co.: JOGA Security System for On-line Games and Smartphone Games (2011) (in Japanese). http://www.jssec.org/dl/111117_4_amemiya.pdf

  29. Thomas, I., Meinel, C.: An attribute assurance framework to define and match trust in identity attributes. In: Proceedings of the 2011 IEEE International Conference on Web Services, pp. 580–587 (2011)

    Google Scholar 

  30. Yong, J., Bertino, E.: Digital identity enrolment and assurance support for VeryIDX. In: Proceedings of the 14th International Conference on Computer Supported Cooperative Work in Design, pp. 734–739 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. JIPDEC, Tokyo, Japan

    Masatoshi Hokino, Yuri Fujiki, Sakura Onda & Takeaki Kaneko

  2. Nomura Research Institute, Tokyo, Japan

    Natsuhiko Sakimura

  3. The University of Tokyo, Tokyo, Japan

    Hiroyuki Sato

Authors
  1. Masatoshi Hokino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuri Fujiki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sakura Onda
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Takeaki Kaneko
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Natsuhiko Sakimura
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hiroyuki Sato
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hiroyuki Sato .

Editor information

Editors and Affiliations

  1. Hewlett Packard Laboratories, Bristol, United Kingdom

    Liqun Chen

  2. NICT, Tokyo, Japan

    Shin'ichiro Matsuo

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Hokino, M., Fujiki, Y., Onda, S., Kaneko, T., Sakimura, N., Sato, H. (2015). A Practical Trust Framework: Assurance Levels Repackaged Through Analysis of Business Scenarios and Related Risks. In: Chen, L., Matsuo, S. (eds) Security Standardisation Research. SSR 2015. Lecture Notes in Computer Science(), vol 9497. Springer, Cham. https://doi.org/10.1007/978-3-319-27152-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27152-1_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27151-4

  • Online ISBN: 978-3-319-27152-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation