Privacy and security threat analysis of the federal employee personal identity verification (PIV) program

Paul A. Karger
2006 Proceedings of the second symposium on Usable privacy and security - SOUPS '06  
This paper is a security and privacy threat analysis of new Federal Information Processing Standard for Personal Identity Verification (FIPS PUB 201). It identifies some problems with the standard, and it proposes solutions to those problems, using standardized cryptographic techniques that are based on the Internet Key Exchange (IKE) protocol [16] . When the standard is viewed in the abstract, it seems to effectively provide security and privacy, because it uses strong cryptographic
more » ... However, when you examine the standard in the context of potential user scenarios regarding its use; security, privacy, and usability problems can be identified. User scenarios are employed to provide the context for the identification of these problems, and the technical solutions are described to address the issues raised.
doi:10.1145/1143120.1143135 dblp:conf/soups/Karger06 fatcat:xtp3pf6hpbehzmgrruspyi5kgq