Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modeling an Intelligent Continuous Authentication System to Protect Financial Information Resources Thomas G. Calderon Akhilesh Chandra John J. Cheh The.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Modeling an Intelligent Continuous Authentication System to Protect Financial Information Resources Thomas G. Calderon Akhilesh Chandra John J. Cheh The."— Presentation transcript:

1 Modeling an Intelligent Continuous Authentication System to Protect Financial Information Resources Thomas G. Calderon Akhilesh Chandra John J. Cheh The University of Akron Symposium on Information Systems Assurance Integrity, Privacy, Security & Trust in an IT Context October 20-22, 2005

2 Objective 1.Examine fundamental principles of CA 2.Propose a four-tier framework for CA 3.Discuss implementation issues

3 CA defined CA is a process that verifies the identity of an information systems user continuously for the entire duration of an authorized session.

4 Motivation Current IT environment feeds insecurity Controls vulnerable to threats Existing solutions are static Need for an alternate, robust and dynamic solution CA fits the bill !

5 Implications Systems design Internal controls design Audit models and techniques Organizational learning Behavioral repercussions Integration with existing solutions & models Alternative technology based solutions

6 Fundamental CA Issues Traditional Authentication Models CA: Network versus User

7

8

9

10

11 Table 1 Summary of Four CA Levels LevelProbability StatementThresholdsFundamental Principles and Authentication Factors 1P(User)p tu Principles: Continuously assesses and verifies presence at a fixed location Factors: knowledge, possession, and biometrics 2P(User/Resource)p tu/R Principles: Continuously assesses and verifies presence and access to a resource. Does not attempt to verify the identities of entities that use specific privileges. Level 1 CA conditions are also satisfied. Factors: knowledge, possession, biometrics, and resources used 3P(User/Workstation)p tu/W Principles: Continuously assesses and verifies presence at disparate locations. Does not attempt to verify the identities of entities that use specific privileges. Level 2 CA conditions are also satisfied. Factors: knowledge, possession, biometrics, resources used, and workstations 4P(User/Transaction or Action)p tu/A Principles: Continuously assesses and verifies presence at all access points and monitors the identity of entities that use specific privileges. Level 3 CA conditions are also satisfied. Factors: knowledge, possession, biometrics, resources used, workstations, transactions profile and actions

12 Model Fundamentals Authentication confidences and thresholds –Probabilistic values Versus Deterministic or binary authentication

13 Levels of CA  Level 1 CA: user authentication  Level 2 CA: user-resource authentication  Level 3 CA: user-resource-system authentication  Level 4 CA: user-resource-system- transaction authentication

14 Model Implementation: with Swarm Technology

15 Swarm Intelligence Self-Organizing in Social Insects  Spatiotemporally Organized Networks of Pheromone Trails (Bonabeau, Dorigo, and Theraulaz, 1999)  Positive Feedback (Amplification)  Recruitment and Reinforcement  Trail Laying and Trail Following  Negative Feedback  Stabilization of Collective Patterns  Amplification of Fluctuations  Random Walks, Errors, Random Task-Switching  Continuous Optimization  Multiple Interactions  Minimum Density of Mutually Tolerant Agents

16

17 Application of Swarm Intelligence to Continuous Authentication Self-Organizing of Multiple Ant-like Monitoring Computer Agents  Spatiotemporally Organized Networks of Profile- based Trails  Positive Feedback (Amplification)  Local Autonomous Agents  User, Resources, Workstation, and Transaction  Transition Rules  Local Updates  Negative Feedback  Global Autonomous Agent  Dynamic Conflict Resolution Rules  Global Updates

18 Table 2 Implementation Summary of Four CA Levels LevelLearning LevelTasks*Intelligent/Predetermined ClassCorresponding Intelligent Technologies 1Minimal Single comparison of a user’s signature in each time interval t. The medium of signature can be either a knowledge factor (e.g., a password) or biometrics (e.g., biometric finger image). For special cases, CAS’s intelligent key stroke recognition agent recognizes a user’s keystroke latencies. Predetermined class in most cases, except for special cases like key stroke recognition. As a user ages, his unique biometric signature can gradually change. Multiple patterns can be used over times. This depends on special health conditions or other special situations. A simple database query engine: A user ID, and password stored in a database as long as iteration processes in Figure 1 exist. For the special cases of key stroke recognition, low level of swarm intelligence is used in coupled with database technology. 2Modest Additional profile creates a well- marked trail or pheromone as significance of a particular habit for accessing sensitive information through resource utilization Intelligent Class in Continuous Model: Enrollment is dynamic, and CAS not only authorizes access but also monitors and updates a user’s profile for future evaluation and continuous authorization in Levels 2, 3, and 4. Modest level of swarm intelligence-based technology that can handle the additional dimension of resource utilization in relation to privileged information 3Complex A user’s information about his/her movement is added to his/her previous profiles in Levels 1 and 2, using a workstation profile. This new dimensional information is an addition to information in Level 2 processes. Intelligent Class in Continuous Model: CAS with this additional dimension monitors and evaluates a user’s access to various computers in globally networked IT environments. More complex swarm intelligence technology that can handle two additional dimensions— resource use profile and workstation access profile. 4Highest In this highest level, a user’s transaction profile given his/her job and task responsibilities are added to Level 3 CA processes Intelligent Class in Continuous Model: this class performs similar processes with additional profile management Most sophisticated swarm intelligence-based technology that can handle four classes of profiles.

19 Challenges 1.Mobile computing dynamics 2.Technical constraints 3.Prevention vs. Detection 4.Biometric related issues 5.Access control types and Location signatures 6.Security layer 7.Privacy concerns 8.Legal issues 9.Audit trail management

Download ppt "Modeling an Intelligent Continuous Authentication System to Protect Financial Information Resources Thomas G. Calderon Akhilesh Chandra John J. Cheh The."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.
Information Security Policies and Standards

Information Security Policies and Standards
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Database Design

Chapter 9 Database Design
Biometrics Kyle O'Meara April 14, 2008. Contents Introduction Specific Types of Biometrics Examples Personal Experience Questions.

Biometrics Kyle O'Meara April 14, Contents Introduction Specific Types of Biometrics Examples Personal Experience Questions.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
A Framework for Detection of Anomalous and Suspicious Behavior from Agent’s Spatio-Temporal Traces Boštjan Kaluža Depratment of Intelligent Systems, Jožef.

A Framework for Detection of Anomalous and Suspicious Behavior from Agent’s Spatio-Temporal Traces Boštjan Kaluža Depratment of Intelligent Systems, Jožef.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Security Issues Report.

National Smartcard Project Work Package 8 – Security Issues Report.

Similar presentations

Ads by Google