modeling an intelligent continuous authentication system to protect financial information resources...
Post on 19-Dec-2015
214 views
TRANSCRIPT
Modeling an Intelligent Continuous Authentication
System to Protect Financial Information
Resources
Thomas G. CalderonAkhilesh Chandra
John J. ChehThe University of Akron
Symposium on Information Systems AssuranceIntegrity, Privacy, Security & Trust in an IT Context
October 20-22, 2005
Objective
1. Examine fundamental principles of CA
2. Propose a four-tier framework for CA
3. Discuss implementation issues
CA defined
CA is a process that verifies the identity of an information systems user continuously for the entire duration of an authorized session.
Motivation
• Current IT environment feeds insecurity
• Controls vulnerable to threats
• Existing solutions are static
• Need for an alternate, robust and dynamic solution
• CA fits the bill !
Implications
• Systems design• Internal controls design• Audit models and techniques• Organizational learning• Behavioral repercussions• Integration with existing solutions & models• Alternative technology based solutions
Fundamental CA Issues
• Traditional Authentication Models
• CA: Network versus User
Duration of a Single Work Session
Enrollment
Evaluation
Presentation
Authentication outcome
Figure 1A: Static Authentication
Enrolment
Evaluation
Presentation
PermitAccess
DenyAccess
DYNAMIC MODEL
Conceptual Model of Authentication
Enrollment(interval 1)
Evaluation
Presentation
Authentication outcome
AutonomousEnrollment
Update(interval 2)
AutonomousEvaluation
AutonomousPresentation(Interval 2)
Authentication outcome
AutonomousEnrollment
Update (interval n)
AutonomousEvaluation
AutonomousPresentation(Interval n)
Authentication outcome
Duration (T) of a Single Work Session
t=1 t=nt=2
Dynamic Environment
Figure 1B: Continuous Authentication
Changes in User Profile
])[1
n
iitT
Intelligent key stroke recognition
deviceIdentify patterns
Autonomous agent
Artificial Intelligence
Software
Transactions log
Intelligent key stroke recognition
device
Captured keystrokes
Monitor evaluate
Presented keystrokes
Authentication outcome
En
rollm
ent
Pre
sen
tati
on
Eva
luat
ion
Figure 2: Physical model of a continuous authentication system
Table 1Summary of Four CA Levels
Level Probability Statement Thresholds Fundamental Principles and Authentication Factors
1 P(User) ptu
Principles: Continuously assesses and verifies presence at a fixed locationFactors: knowledge, possession, and biometrics
2 P(User/Resource) ptu/R
Principles: Continuously assesses and verifies presence and access to a resource. Does not attempt to verify the identities of entities that use specific privileges. Level 1 CA conditions are also satisfied.Factors: knowledge, possession, biometrics, and resources used
3 P(User/Workstation) ptu/W
Principles: Continuously assesses and verifies presence at disparate locations. Does not attempt to verify the identities of entities that use specific privileges. Level 2 CA conditions are also satisfied.Factors: knowledge, possession, biometrics, resources used, and workstations
4 P(User/Transaction or Action) ptu/A
Principles: Continuously assesses and verifies presence at all access points and monitors the identity of entities that use specific privileges. Level 3 CA conditions are also satisfied.Factors: knowledge, possession, biometrics, resources used, workstations, transactions profile and actions
Model Fundamentals
• Authentication confidences and thresholds– Probabilistic values
Versus
• Deterministic or binary authentication
Levels of CA
Level 1 CA: user authentication Level 2 CA: user-resource authentication Level 3 CA: user-resource-system
authentication Level 4 CA: user-resource-system-
transaction authentication
Model Implementation:with Swarm Technology
Swarm Intelligence
Self-Organizing in Social Insects Spatiotemporally Organized Networks of
Pheromone Trails (Bonabeau, Dorigo, and Theraulaz, 1999)
Positive Feedback (Amplification) Recruitment and Reinforcement Trail Laying and Trail Following
Negative Feedback Stabilization of Collective Patterns
Amplification of Fluctuations Random Walks, Errors, Random Task-Switching Continuous Optimization
Multiple Interactions Minimum Density of Mutually Tolerant Agents
Level 1 CA
Level 2 CA
Level 3 CA
Level 4 CAC
A L
eve
l
User TransactionWorkstationResource
Dynamic Conflict Resolution Rules
Figure 3: CAS and Swarm Technology
Local Autonomous Agent Local Autonomous Agent
Local Autonomous Agent
Local Autonomous Agent
Global Autonomous Agent
Virt
ual C
A
tran
sact
ion
log
Application of Swarm Intelligence to Continuous Authentication
Self-Organizing of Multiple Ant-like Monitoring Computer Agents
Spatiotemporally Organized Networks of Profile-based Trails
Positive Feedback (Amplification) Local Autonomous Agents User, Resources, Workstation, and Transaction Transition Rules Local Updates
Negative Feedback Global Autonomous Agent Dynamic Conflict Resolution Rules Global Updates
Ta
ble
2Im
ple
men
tati
on
Su
mm
ary
of
Fo
ur
CA
Lev
els
Level Learning Level Tasks* Intelligent/Predetermined Class Corresponding Intelligent Technologies
1 Minimal
Single comparison of a user’s signature in each time interval t. The medium of signature can be either a knowledge factor (e.g., a password) or biometrics (e.g., biometric finger image). For special cases, CAS’s intelligent key stroke recognition agent recognizes a user’s keystroke latencies.
Predetermined class in most cases, except for special cases like key stroke recognition. As a user ages, his unique biometric signature can gradually change. Multiple patterns can be used over times. This depends on special health conditions or other special situations.
A simple database query engine: A user ID, and password stored in a database as long as iteration processes in Figure 1 exist. For the special cases of key stroke recognition, low level of swarm intelligence is used in coupled with database technology.
2 Modest
Additional profile creates a well-marked trail or pheromone as significance of a particular habit for accessing sensitive information through resource utilization
Intelligent Class in Continuous Model: Enrollment is dynamic, and CAS not only authorizes access but also monitors and updates a user’s profile for future evaluation and continuous authorization in Levels 2, 3, and 4.
Modest level of swarm intelligence-based technology that can handle the additional dimension of resource utilization in relation to privileged information
3 Complex
A user’s information about his/her movement is added to his/her previous profiles in Levels 1 and 2, using a workstation profile. This new dimensional information is an addition to information in Level 2 processes.
Intelligent Class in Continuous Model:CAS with this additional dimension monitors and evaluates a user’s access to various computers in globally networked IT environments.
More complex swarm intelligence technology that can handle two additional dimensions—resource use profile and workstation access profile.
4 Highest
In this highest level, a user’s transaction profile given his/her job and task responsibilities are added to Level 3 CA processes
Intelligent Class in Continuous Model: this class performs similar processes with additional profile management
Most sophisticated swarm intelligence-based technology that can handle four classes of profiles.
Challenges
1. Mobile computing dynamics2. Technical constraints3. Prevention vs. Detection4. Biometric related issues5. Access control types and Location signatures6. Security layer7. Privacy concerns8. Legal issues9. Audit trail management