Alliance Activities : Publications : Logical Access Security Report
Logical Access Security: The Role of Smart Cards in Strong Authentication
Publication Date: October 2004
Organizations of all sizes and in all industries are anxious to improve the process used to identify users to their networked systems. With the growing use of wired and wireless networks to access information resources and the increasing occurrence of identity theft and attacks on corporate networks, password-based user authentication is increasingly acknowledged to be a significant security risk. Passwords are typically controlled by the password owner, who can use easily guessed passwords, share passwords with others, write passwords down, or use the same password to access multiple systems. In addition, storing password data on corporate networks introduces additional vulnerability to attackers who gain network access.
Password management is a significant cost to organizations. Industry statistics show that 30% to 50% of information technology (IT) help desk resources are consumed by managing and resetting passwords.
Both enterprises and government agencies are moving to replace simple passwords with stronger, multi-factor authentication systems that strengthen information security, respond to market and regulatory conditions, and lower support costs.
Technologies for User Authentication
Technologies used to authenticate individuals for logical access include passwords (with a number of variations–cleartext, encrypted, one-time), symmetric keys, asymmetric public/private keys, and biometric data. Individuals typically prove their identity using a single authentication factor. However, strong identity authentication requires the use of two or three factors, such as something you have (a physical item or token in your possession), something you know (information only you know), or something you are (a unique physical quality or behavior that differentiates you from all other people).
Smart cards support all of the authentication technologies, storing password files, public key infrastructure certificates, one-time password seed files, and biometric image templates, as well as generating asymmetric key pairs. A smart card used in combination with one or more authentication technologies provides stronger multi-factor authentication and significantly strengthens logical access security. Smart card technology also provides the flexibility for including all authentication factors in a single smart card, improving the security and privacy of the overall authentication process.
Smart Card Technology Advantages for Stronger Authentication
Smart card technology significantly strengthens security, protecting both the electronic credential used to authenticate an individual for logical access and the physical device. Since the credential is permanently stored on the card, it is never available in software or on the network for an unauthorized user to steal. Smart cards build protection into the physical device by supporting tamper-resistant features and active security techniques for encrypting communications.
Smart cards are becoming the preferred method for logical access, not only for their increased security, but also for their ease of use, broad application coverage, ease of integration with the IT infrastructure, and multi-purpose functionality. Both Microsoft ® Windows ® and Unix ® operating systems offer a significant level of smart-card-related support and functionality, through either built-in (out-of-the-box) support or commercial add-on software packages. Smart-card-based logical access allows organizations to issue a single ID card that supports logical access, physical access, and secure data storage, along with other applications. By combining multiple applications on a single ID card, organizations can reduce cost, increase end-user convenience, and provide enhanced security for different applications.
Smart card technology provides organizations with cost-effective logical access. Smart cards deliver a positive business case for implementing any authentication technology. Improved user productivity, reduced password administration costs, decreased exposure to risk, and streamlined business processes all contribute to a significant positive return on investment.
About This Report
This report was developed by the Smart Card Alliance to provide a primer on the authentication technologies used for logical access and to describe how smart cards strengthen authentication processes.
Designed as an educational overview for decision-makers, the report provides answers to commonly asked questions about the use of smart cards for logical access, such as:
- Why are organizations looking for strong authentication solutions for logical access to networked resources?
- What authentication technologies are available and how do they compare to each other?
- How are smart cards used for authentication and what benefits do they bring to an organization?
- How are smart cards integrated into the IT infrastructure?
- What is the business case for using smart cards for logical access?
- What other applications can be supported using smart card technology, and how does a multi-function card benefit the organization?
The report includes profiles of organizations currently using smart ID cards for logical access, including Boeing, Microsoft, Rabobank, Shell, Sun Microsystems, U.S. Department of Defense, and U.S. Department of State.
This report was developed by the Smart Card Alliance Secure Personal Identification Task Force, with individuals from 22 member organizations involved in the development of the report. Lead contributors included representatives from Axalto, CardLogix, Datakey, Gemplus, Honeywell Access Systems (OmniTek), IBM, Identix, Litronic/SAFLink, Lockheed Martin, MartSoft Corporation, Northrop Grumman Information Technology, SCM Microsystems, Smart Commerce, Inc., Sun Microsystems, VeriSign, XTec, Incorporated.
If you would like to join the task force, please contact firstname.lastname@example.org.