to Protect Financial Information

licoricebedsΑσφάλεια

22 Φεβ 2014 (πριν από 3 χρόνια και 3 μήνες)

68 εμφανίσεις

Modeling an Intelligent Continuous
Authentication System

to Protect Financial Information
Resources

Thomas G. Calderon

Akhilesh Chandra

John J. Cheh

The University of Akron


Symposium on Information Systems Assurance

Integrity, Privacy, Security & Trust in an IT Context

October 20
-
22, 2005

Objective

1.
Examine fundamental principles of CA

2.
Propose a four
-
tier framework for CA

3.
Discuss implementation issues

CA defined



CA is a process that verifies the identity of
an information systems user continuously
for the entire duration of an authorized
session.

Motivation


Current IT environment

feeds insecurity


Controls vulnerable to threats


Existing solutions are static


Need for an alternate, robust and dynamic
solution


CA fits the bill !

Implications


Systems design


Internal controls design


Audit models and techniques


Organizational learning


Behavioral repercussions


Integration with existing solutions & models


Alternative technology based solutions

Fundamental CA Issues


Traditional Authentication Models


CA: Network versus User

Duration of a Single Work Session
Enrollment
Evaluation
Presentation
Authentication
outcome
Figure
1
A
:
Static Authentication
Enrolment
Evaluation
Presentation
Permit
Access
Deny
Access
STATIC MODEL
DYNAMIC MODEL
Successive
/
iterative evaluation during
the currency of a session on
a random or systematic
(
e
.
g
.
need
)
basis
Conceptual Model of Authentication
Enrollment
(
interval
1
)
Evaluation
Presentation
Authentication
outcome
Autonomous
Enrollment
Update
(
interval
2
)
Autonomous
Evaluation
Autonomous
Presentation
(
Interval
2
)
Authentication
outcome
Autonomous
Enrollment
Update
(
interval n
)
Autonomous
Evaluation
Autonomous
Presentation
(
Interval n
)
Authentication
outcome
Duration
(
T
)
of a Single Work Session
t
=
1
t
=
n
t
=
2
Dynamic Environment
Sub
-
Processes
Figure
1
B
:
Continuous Authentication
Changes in User Profile
]
)
[
1



n
i
i
t
T
Intelligent key
stroke recognition
device
Identify patterns
Autonomous agent
Artificial
Intelligence
Software
Transactions
log
Intelligent key
stroke recognition
device
Captured
keystrokes
Monitor
evaluate
Presented
keystrokes
Authentication
outcome
Enrollment
Presentation
Evaluation
Figure
2
:
Physical model of a continuous authentication system
Table 1

Summary of Four CA Levels


Level

Probability Statement

Thresholds

Fundamental Principles and Authentication Factors

1

P(User)


p
tu

Principles:

Continuously assesses and verifies presence at a
fixed location

Factors:

knowledge, possession, and biometrics

2

P(User/Resource)


p
tu/R

Principles:

Continuously assesses and verifies presence and
access to a resource. Does not attempt to verify the identities
of entities that use specific privileges. Level 1 CA
conditions are also satisfied.

Factors:

knowledge, possession, biometrics, and resources
used

3

P(User/Workstation)


p
tu/W

Principles:

Continuously assesses and verifies presence at
disparate locations. Does not attempt to verify the identities
of entities that use specific privileges. Level 2 CA
conditions are also satisfied.

Factors:

knowledge, possession, biometrics, resources used,
and workstations

4

P(User/Transaction

or

Action)

p
tu/A

Principles:
Continuously assesses and verifies presence at
all access points and monitors the identity of entities that use
specific privileges. Level 3 CA conditions are also satisfied.

Factors:

knowledge, possession, biometrics, resources used,
workstations, transactions profile and actions

Model Fundamentals


Authentication confidences and thresholds


Probabilistic values


Versus



Deterministic or binary authentication

Levels of CA


Level 1 CA: user authentication


Level 2 CA: user
-
resource authentication


Level 3 CA: user
-
resource
-
system
authentication



Level 4 CA: user
-
resource
-
system
-
transaction authentication



Model Implementation:

with Swarm Technology

Swarm Intelligence

Self
-
Organizing in Social Insects



Spatiotemporally Organized Networks of

Pheromone Trails (Bonabeau, Dorigo, and

Theraulaz, 1999)



Positive Feedback (Amplification)




剥捲畩瑭敮琠慮搠剥楮景牣敭敮i




呲慩氠䱡L楮朠慮搠呲慩氠䙯F汯w楮g


Negative Feedback




却慢楬楺慴楯渠潦o䍯汬散瑩C攠偡瑴敲湳


Amplification of Fluctuations




剡湤潭 坡汫猬W䕲牯牳E 剡湤潭⁔慳
-
Sw楴c桩湧




䍯湴楮畯畳u佰瑩浩穡t楯i


Multiple Interactions




䵩湩n畭u䑥湳楴n 潦o䵵瑵慬汹 呯汥牡湴T䅧A湴n

Level
1
CA
Level
2
CA
Level
3
CA
Level
4
CA
CA Level
User
Transaction
Workstation
Resource
Dynamic Conflict Resolution Rules
Figure
3
:
CAS and Swarm Technology
Local Autonomous Agent
Local Autonomous
Agent
Local Autonomous
Agent
Local Autonomous
Agent
Global Autonomous Agent
Virtual CA
transaction log
Application of Swarm Intelligence to
Continuous Authentication

Self
-
Organizing of Multiple Ant
-
like Monitoring
Computer Agents


Spatiotemporally Organized Networks of Profile
-
based Trails



Positive Feedback (Amplification)




䱯捡L 䅵瑯湯A潵猠䅧敮瑳A




啳敲Ⱐ剥獯畲捥sⰠ坯牫W瑡瑩潮t 慮搠呲慮獡捴楯i




呲慮獩瑩潮T創汥R




䱯捡氠啰摡U敳



Negative Feedback




䝬潢慬 䅵A潮潭潵猠䅧敮o




䑹湡浩挠䍯湦汩捴 剥獯汵瑩潮s創汥R




䝬潢慬 啰摡U敳e

Table 2

Implementation Summary of Four CA Levels


Level

Learning Level

Tasks*

Intelligent/Predetermined Class

Corresponding Intelligent Technologies

1

Minimal

Single comparison of a user’s
signature in each time interval
t.

The medium of signature can be
either a knowledge factor (e.g., a
password) or biometrics (e.g.,
biometric finger image). For
special cases, CAS’s intelligent
key stroke recognition agent
recognizes a user’s keystroke
latencies.

Predetermined class in most cases, except
for special cases like key stroke
recognition. As a user ages, his unique
biometric signature can gradually change.
Multiple patterns can be used over times.
This depends on special health conditions
or other special situations.

A simple database query engine: A user ID,
and password stored in a database as long as
iteration processes in Figure 1 exist. For the
special cases of key stroke recognition, low
level of swarm intelligence is used in coupled
with database technology.

2

Modest

Additional profile creates a well
-
marked trail or pheromone as
significance of a particular habit
for accessing sensitive information
through resource utilization

Intelligent Class in Continuous Model:
Enrollment is dynamic, and CAS not only
authorizes access but also monitors and
updates a user’s profile for future
evaluation and continuous authorization
in Levels 2, 3, and 4.

Modest level of swarm intelligence
-
based
technology that can handle the additional
dimension of resource utilization in relation to
privileged information

3

Complex

A user’s information about his/her
movement is added to his/her
previous profiles in Levels 1 and
2, using a workstation profile.
This new dimensional information
is an addition to information in
Level 2 processes.

Intelligent Class in Continuous Model:

CAS with this additional dimension
monitors and evaluates a user’s access to
various computers in globally networked
IT environments.

More complex swarm intelligence technology
that can handle two additional dimensions

resource use profile and workstation access
profile.

4

Highest

In this highest level, a user’s
transaction profile given his/her
job and task responsibilities are
added to Level 3 CA processes

Intelligent Class in Continuous Model:
this class performs similar processes with
additional profile management

Most sophisticated swarm intelligence
-
based
technology that can handle four classes of
profiles.

Challenges

1.
Mobile computing dynamics

2.
Technical constraints

3.
Prevention vs. Detection

4.
Biometric related issues

5.
Access control types and Location signatures

6.
Security layer

7.
Privacy concerns

8.
Legal issues

9.
Audit trail management