User Authentication Policy

Users of the Argonne production systems are required to use a CRYPTOCard one time password, multifactor authentication system.

This document explains the policies users must follow regarding CRYPTOCard tokens for accessing the Argonne resources.

MultiFactor Authentication

"Authentication systems are frequently described by the authentication factors that they incorporate. The three factors often considered as the cornerstone of authentication are: Something you know (for example, a password); Something you have (for example, an ID badge or a cryptographic key); and Something you are (for example, a voice print or other biometric measurement)." -- NIST iTL Bulletin, Aug 2004

By the NIST guidelines for identification and authentication (NIST 800-53, Revision 3, Control IA-2), ALCF aims for a Moderate level of security controls. All production systems in ALCF require multifactor authentication for users with network and local (privileged and non-privileged accounts) using the CRYPTOCard tokens.

CRYPTOCard Tokens

ALCF provides every user of the production resources a key fob token called a CRYPTOCard Token. This is named after the company that developed this key fob (the organization is now called SafeNet). "The [CRYPTOCard Token] uses AES-256 bit encryption to generate OTPs [One Time Passwords] comprised of digits, digits and letters or digits, letters and special characters..."

When you receive your token, it will be initialized, but it will have no access privileges until you have contacted us to verify your identity and that you have received the correct token.

At the end of your account or project lifecycle, please return the token to the ALCF help desk:

ALCF Service Desk
Argonne National Laboratory
9700 South Cass Avenue
Building 240
Argonne, IL 60439

Protect Your CRYPTOCard

Your CRYPTOCard token should be protected by you as carefully as your credit cards or house keys. If your token is lost, stolen, or damaged, please contact us immediately so that we can deactivate the token and prevent unauthorized access. Sharing of tokens is strictly forbidden. Please do not mark on the token or alter it in any way.

More information

New User Guide - http://www.alcf.anl.gov/user-guides/new-user-guide

Using CRYPTOCards - http://www.alcf.anl.gov/user-guides/using-cryptocards

References

http://www.itl.nist.gov/lab/bulletns/bltnaug04.htm

http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf

http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf

http://www2.safenet-inc.com/sas/keyfob-tokens.htm