Nist Aal Adaptive Security Framework

Authors

  • Valentin N’DOUBA Change Healthcare

DOI:

https://doi.org/10.53469/jrse.2024.06(10).08

Keywords:

NIST AAL Framework, Adaptive Security, Multi - Factor Authentication (MFA), Enterprises Security, Real - Time Risk Analysis

Abstract

In our digitally evolving security world, adaptive and risk - based authentication methods are the key countermeasures responding to the current rising cyber risks. The National Institute of Standards and Technology (NIST) Authenticator Assurance Levels (AAL) framework offers a specific guidance on the implementation of adaptive security measures. The study is designed to put the "NIST AAL Adaptive Security Framework" into practice by using technologies such as Ping Federate and Ping Davinci systems for the timely risk analysis of IT environments and advanced MFA approaches against emerging threats. AAL model can define authentication procedures customized as per the level of risk, requirements and compliance regulations of the organization. It is essential to classify authentication into separate assurance level (AAL1, AAL2 and AAL3) as it helps to make modifications according to contextual factors like perceived risk and user's behaviour. This is vital as it enhances security while it optimizes user experience. This study examines the proposed framework’s efficacy in reducing cyber - threats and strengthening security posture of organizations.

References

S. AlJanah, N. Zhang, and S. W. Tay, “A Multifactor Multilevel and Interaction Based (M2I) Authentication Framework for Internet of Things (IoT) Applications, ” IEEE Access, vol.10, pp.47965–47996, 2022, doi: https: //doi. org/10.1109/access.2022.3170844.

S. AlJanah, N. Zhang, and S. W. Tay, “A Survey on Smart Home Authentication: Toward Secure, Multi - Level and Interaction - Based Identification, ” IEEE Access, vol.9, pp.130914–130927, 2021, doi: https:

//doi. org/10.1109/access.2021.3114152.

U. Saritac, X. Liu, and R. Wang, “Assessment of Cybersecurity Framework in Critical Infrastructures, ” IEEE Xplore, Feb.01, 2022. https: //ieeexplore. ieee. org/abstract/document/9753250/

G. B. White and N. Sjelin, “The NIST Cybersecurity Framework,” Research Anthology on Business Aspects of Cybersecurity, 2022. https: //www.igi - global. com/chapter/the - nist - cybersecurity - framework/288672 (accessed Nov.03, 2021).

A. Henricks and H. Kettani, “On Data Protection Using Multi - Factor Authentication, ” Proceedings of the 2019 International Conference on Information System and System Management, Oct.2019, doi: https: //doi. org/10.1145/3394788.3394789.

D. Maclean, “The NIST Risk Management Framework: Problems and recommendations, ” Cyber Security: A Peer - Reviewed Journal, vol.1, no.3, pp.207–217, Jan.2017, Available: https: //www.ingentaconnect. com/content/hsp/jcs/2017/00000001/00000003/art000 03

T. Hardjono, “Federated Authorization over Access to Personal Data for Decentralized Identity Management, ” IEEE Communications Standards Magazine, vol.3, no.4, pp.32–38, Dec.2019, doi: https: //doi. org/10.1109/mcomstd.001.1900019

J. H. Addae, X. Sun, D. Towey, and M. Radenkovic, “Exploring user behavioral data for adaptive cybersecurity, ” User Modeling and User - Adapted Interaction, vol.29, no.3, pp.701–750, May 2019, doi: https: //doi. org/10.1007/s11257 - 019 - 09236 - 5.

J. Zhang, L. Yang, W. Cao, and Q. Wang, “Formal Analysis of 5G EAP - TLS Authentication Protocol Using Proverif, ” IEEE Access, vol.8, pp.23674– 23688, 2020, doi: https: //doi. org/10.1109/access.2020.2969474.

M. A. Rashid and H. H. Pajooh, “A Security Framework for IoT Authentication and Authorization Based on Blockchain Technology, ” IEEE Xplore, Aug.01, 2019. https: //ieeexplore. ieee. org/abstract/document/8887316/ (accessed Jan.27, 2023).

A. Bumiller, Stéphanie Challita, Benôıt Combemale, Olivier Barais, N. Aillery, and Gaël Le Lan, “On Understanding Context Modelling for Adaptive Authentication Systems, ” ACM Transactions on Autonomous and Adaptive Systems, vol.18, no.1, pp.1– 35, Mar.2023, doi: https: //doi. org/10.1145/3582696.

H. Omotunde and M. Ahmed, “A Comprehensive Review of Security Measures in Database Systems: Assessing Authentication, Access Control, and Beyond, ” Mesopotamian Journal of CyberSecurity, vol.2023, pp.115–133, Aug.2023, doi: https: //doi. org/10.58496/MJCSC/2023/016.

D. Preuveneers, S. Joos, and W. Joosen, “AuthGuide: Analyzing Security, Privacy and Usability Trade - Offs in Multi - factor Authentication, ” Trust, Privacy and Security in Digital Business, pp.155–170, 2021, doi: https: //doi. org/10.1007/978 - 3 - 030 - 86586 - 3_11.

“PingOne Protect, ” www.pingidentity. com. https: //www.pingidentity. com/en/platform/capabilities/threat - protection/pingone - protect. html (accessed Feb.21, 2024).

Downloads

Published

2024-10-30

How to Cite

N’DOUBA, V. (2024). Nist Aal Adaptive Security Framework. Journal of Research in Science and Engineering, 6(10), 35–40. https://doi.org/10.53469/jrse.2024.06(10).08

Issue

Vol. 6 No. 10 (2024): JRSE-Volume 6 Issue 10

Section

Articles

License

Copyright (c) 2024 Valentin N’DOUBA

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.