Machines Have Identities Too! Extending NIST’s SP 800-63 for Device Identity

Machines Have Identities Too! Extending NIST’s SP 800-63 for Device Identity

연구 분야: Verification

학회: International Workshop on Security and Trust Management

User authentication has evolved from simple password-based procedures to phishing-resistant biometric methods. NIST, in special publication 800-63, provides definitions and requirements for digital identities. However, there is a growing need to also identify and authenticate the device in use. Such information can be included in fine-grained policy decisions to further enhance an enterprise’s security posture. In addition, device authentication has been described in the literature as a significant factor in zero trust architectures. Despite the adoption of this security architecture by major stakeholders, device authentication remains lacking. Therefore, we propose extensions to SP 800-63 that cover device identity aspects. In addition, we present a best-of-breed solution using FIDO2 and an extension for OpenID Connect. Our results demonstrate that the integration of device identity aspects is feasible and aligns well with the existing guidelines. The proposed scheme can pave the way for a future where device authentication will become the norm in enterprise networks.