مرکز منطقه ای اطلاع رساني علوم و فناوري - Keystroke Dynamics for Continuous Access Control Enforcement

DocumentCode :

2575691

Title :

Keystroke Dynamics for Continuous Access Control Enforcement

Author :

Ferreira, João ; Santos, Henrique

Author_Institution :

Aeronaut., Space & Defense Unit, Critical Software S.A., Coimbra, Portugal

fYear :

2012

fDate :

10-12 Oct. 2012

Firstpage :

216

Lastpage :

223

Abstract :

The weak connection between human users and their digital identities is often the target vulnerability explored by attacks to information systems. Currently, authentication mechanisms are the only barrier to prevent those attacks. Traditional password-based authentication is efficient (especially from the user point of view), but not effective -- the lack of continuous verification is a severe access control vulnerability. To overcome this issue, continuous identity monitoring is needed, operating in similar fashion to that of Intrusion Detection Systems (IDSs). However, traditional host-based IDSs are system-centric -- they monitor system events but fail on flagging malicious activity from intruders with access to the legitimate user´s credentials. Therefore, extending the IDS concept to the user authentication level appears as a promising security control. The need to distinguish human users (user-centric anomaly-based detection) leads to the use of biometric features. In this paper we present a secure, reliable, inexpensive and non-intrusive technique for complementing traditional static authentication mechanisms with continuous identity verification, based on keystroke dynamics biometrics.

Keywords :

authorisation; message authentication; access control vulnerability; continuous access control enforcement; continuous identity monitoring; digital identities; host-based IDS concept; human users; information systems; keystroke dynamics biometrics; legitimate user credentials; malicious activity; non-intrusive technique; password-based authentication; security control; static authentication mechanisms; user-centric anomaly-based detection; Access control; Authentication; Databases; Humans; Intrusion detection; Keyboards; access control; authentication; biometrics; identity theft; intrusion detection; keystroke dynamics; security;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2012 International Conference on

Conference_Location :

Sanya

Print_ISBN :

978-1-4673-2624-7

Type :

conf

DOI :

10.1109/CyberC.2012.43

Filename :

6384970

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2575691