A Strong Three-Factor Authentication Device: Trusted DAVE and the New Generic Content-Based Information Security (CBIS) Architecture
Abstract
This report has three objectives. The first objective is to provide a description/analysis of the Trusted DAVE activity performed by DRDC Ottawa and its contractors. The second is to describe different systems where the demonstrator produced under this activity could be used. The last is to analyse, study, and compare different types of network/system architectures. The activity involved the development of three elements: A secure design for a three-factor Trusted Device for Authentication and VErification (Trusted DAVE), a device demonstrator implementing some of those design elements, and an authentication and verification demonstration system that utilises the device demonstrator. The purpose of the device is to provide the user interface component to be used as a part of a strong Verification and Authentication (V&A) capability for systems used to process classified or sensitive data. Four possible systems that could use Trusted DAVE are presented. Two of them are related to the CBIS (Content-Based Information Security) concepts and one integrates CBIS and Kerberos. Finally, three architectures for network systems are presented with their advantages and their limitations. A Generic CBIS architecture covering the one specified in the US CBIS ACTD is defined and compared with the two others. The purpose of the Generic CBIS architecture is threefold: (1) provide an architecture for systems generalizing the US ACTD one, (2) illustrate the architecture's fundamental aspects, and (3) introduce an architecture where Trusted DAVE could be useful.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 2004
- Accession Number
- ADA436362
Entities
People
- J. Savoie
Organizations
- Defence Research and Development Canada