Modeling an Intelligent Continuous Authentication System to Protect Financial Information Resources Thomas G. Calderon Akhilesh Chandra John J. Cheh The University of Akron Symposium on Information Systems Assurance Integrity, Privacy, Security & Trust in an IT Context October 20-22, 2005
Objective 1.Examine fundamental principles of CA 2.Propose a four-tier framework for CA 3.Discuss implementation issues
CA defined CA is a process that verifies the identity of an information systems user continuously for the entire duration of an authorized session.
Motivation Current IT environment feeds insecurity Controls vulnerable to threats Existing solutions are static Need for an alternate, robust and dynamic solution CA fits the bill !
Implications Systems design Internal controls design Audit models and techniques Organizational learning Behavioral repercussions Integration with existing solutions & models Alternative technology based solutions
Fundamental CA Issues Traditional Authentication Models CA: Network versus User
Table 1 Summary of Four CA Levels LevelProbability StatementThresholdsFundamental Principles and Authentication Factors 1P(User)p tu Principles: Continuously assesses and verifies presence at a fixed location Factors: knowledge, possession, and biometrics 2P(User/Resource)p tu/R Principles: Continuously assesses and verifies presence and access to a resource. Does not attempt to verify the identities of entities that use specific privileges. Level 1 CA conditions are also satisfied. Factors: knowledge, possession, biometrics, and resources used 3P(User/Workstation)p tu/W Principles: Continuously assesses and verifies presence at disparate locations. Does not attempt to verify the identities of entities that use specific privileges. Level 2 CA conditions are also satisfied. Factors: knowledge, possession, biometrics, resources used, and workstations 4P(User/Transaction or Action)p tu/A Principles: Continuously assesses and verifies presence at all access points and monitors the identity of entities that use specific privileges. Level 3 CA conditions are also satisfied. Factors: knowledge, possession, biometrics, resources used, workstations, transactions profile and actions
Model Fundamentals Authentication confidences and thresholds –Probabilistic values Versus Deterministic or binary authentication
Levels of CA Level 1 CA: user authentication Level 2 CA: user-resource authentication Level 3 CA: user-resource-system authentication Level 4 CA: user-resource-system- transaction authentication
Model Implementation: with Swarm Technology
Swarm Intelligence Self-Organizing in Social Insects Spatiotemporally Organized Networks of Pheromone Trails (Bonabeau, Dorigo, and Theraulaz, 1999) Positive Feedback (Amplification) Recruitment and Reinforcement Trail Laying and Trail Following Negative Feedback Stabilization of Collective Patterns Amplification of Fluctuations Random Walks, Errors, Random Task-Switching Continuous Optimization Multiple Interactions Minimum Density of Mutually Tolerant Agents
Application of Swarm Intelligence to Continuous Authentication Self-Organizing of Multiple Ant-like Monitoring Computer Agents Spatiotemporally Organized Networks of Profile- based Trails Positive Feedback (Amplification) Local Autonomous Agents User, Resources, Workstation, and Transaction Transition Rules Local Updates Negative Feedback Global Autonomous Agent Dynamic Conflict Resolution Rules Global Updates
Table 2 Implementation Summary of Four CA Levels LevelLearning LevelTasks*Intelligent/Predetermined ClassCorresponding Intelligent Technologies 1Minimal Single comparison of a user’s signature in each time interval t. The medium of signature can be either a knowledge factor (e.g., a password) or biometrics (e.g., biometric finger image). For special cases, CAS’s intelligent key stroke recognition agent recognizes a user’s keystroke latencies. Predetermined class in most cases, except for special cases like key stroke recognition. As a user ages, his unique biometric signature can gradually change. Multiple patterns can be used over times. This depends on special health conditions or other special situations. A simple database query engine: A user ID, and password stored in a database as long as iteration processes in Figure 1 exist. For the special cases of key stroke recognition, low level of swarm intelligence is used in coupled with database technology. 2Modest Additional profile creates a well- marked trail or pheromone as significance of a particular habit for accessing sensitive information through resource utilization Intelligent Class in Continuous Model: Enrollment is dynamic, and CAS not only authorizes access but also monitors and updates a user’s profile for future evaluation and continuous authorization in Levels 2, 3, and 4. Modest level of swarm intelligence-based technology that can handle the additional dimension of resource utilization in relation to privileged information 3Complex A user’s information about his/her movement is added to his/her previous profiles in Levels 1 and 2, using a workstation profile. This new dimensional information is an addition to information in Level 2 processes. Intelligent Class in Continuous Model: CAS with this additional dimension monitors and evaluates a user’s access to various computers in globally networked IT environments. More complex swarm intelligence technology that can handle two additional dimensions— resource use profile and workstation access profile. 4Highest In this highest level, a user’s transaction profile given his/her job and task responsibilities are added to Level 3 CA processes Intelligent Class in Continuous Model: this class performs similar processes with additional profile management Most sophisticated swarm intelligence-based technology that can handle four classes of profiles.
Challenges 1.Mobile computing dynamics 2.Technical constraints 3.Prevention vs. Detection 4.Biometric related issues 5.Access control types and Location signatures 6.Security layer 7.Privacy concerns 8.Legal issues 9.Audit trail management