Enhancing Identity and Access Management in the U.S. Navy Via Migration to More Modern Standards of Authentication

Abstract

This thesis investigated the current digital authentication methods used by the U.S. Navy, reviewed new and alternative methods, and then offered suggestions regarding how the Navy could improve the robustness of its digital authentication ecosystem. Digital authentication is a critical security control useful for reducing operational risks to computer networks. Digital authentication entails any of various standards by which an entity (human or machine) can provide corroboration of its proclaimed identity in a manner and form that can be processed in a digital environment. The suggested authentication methods were ranked according to the strength of security and usability within the DoN infrastructure. From this research, a set of tables was established to tabulate useful metrics that were identified to determine the strengths and weaknesses of each authentication method when compared with the others. This facilitated a more granular analysis of the selected authentication methods. Our recommendation articulates a four-tier approach based on risk-management principles; with Tier 1 being the most secure, yet most costly and least usable, and Tier 4 being the least secure, yet least costly and most usable. The four tiers articulated are Tier 1CAC-based PKI method, Tier 2FIDO2-based PKI method, Tier 32FA method, and Tier 4password-only method.

Document Details

Document Type

Technical Report

Publication Date

Jun 01, 2020

Accession Number

AD1114659

Entities

Tags