Privacy and Security Threat Analysis of the Federal Employee Personal Identity Verification (PIV) Program
This paper is a security and privacy threat analysis of new Federal Information Processing Standard for personal identity verification (FIPS PUB 201). It identifies some problems with the standard, and it proposes solutions to those problems, using standardized cryptographic techniques that are based on the Internet Key Exchange (IKE) protocol . When the standard is viewed in the abstract, it seems to effectively provide security and privacy, because it uses strong cryptographic algorithms. However, when you examine the standard in the context of potential user scenarios regarding its use; security, privacy, and usability problems can be identified.