National authentication framework implementation study
Fulp, J. D.
MetadataShow full item record
The move toward e-government has seen many institutions put special focus on the need for security, especially that of authentication. Single-factor password-based systems have been proven inadequate in safeguarding online financial and e-government service transactions. Industry adoption of Two-Factor Authentication (2FA) has also been piecemeal. To mitigate these deficiencies, the Singapore Government, in 2008, put forth a Call-for-Collaboration (CFC) seeking industry and academic participation in defining a National Authentication Framework (NAF), with the dual aim of providing for a national-level 2FA system and broadening the market for authentication services, and, in so doing, providing the user with a better authentication experience. This thesis will detail, discuss, and compare the various token types and identity frameworks (PKI, SAML, WS-F, OpenID, and Infocard) that make up an authentication system, and make recommendations on the best combination of technologies, protocols, and standards that, when implemented, would not only fulfill the requirements of the CFC, but also position it well for future enhancement.
Approved for public release, distribution unlimited
Showing items related by title, author, creator and subject.
Chia, Wan Yin. (Monterey, California. Naval Postgraduate School, 2009-12);Authentication is a fundamental aspect of information security in enabling the authenticity of the source of information to be determined. Among several electronic authentication mechanisms available today, deploying the ...
Thulasiraman, Preetha (Naval Postgraduate School, Monterey, California, 2017-04-11);The global presence of the Navy’s unmanned systems makes it increasingly vulnerable to outside threats. Cybersecurity must be addressed. A continuation of work stated in FY16, the research established baseline encryption ...
Beedenbender, Mark G. (Monterey, California. Naval Postgraduate School, 1990-03);A widely used access control mechanism is the password. Passwords are normally composed of a meaningful detail, such as a name of a person or a sequence of numbers such as birthdate. Any person attempting to gain unauthorized ...