Now Offering a 20% Discount When a Minimum of Five Titles in Related Subject Areas are Purchased TogetherAlso, receive free worldwide shipping on orders over US$ 395.(This offer will be automatically applied upon checkout and is applicable to print & digital publications)Browse Titles

Special Offers
- All IGI Global Scholarly Journals Shift to "Digital Preferred" Format
  In response to the overwhelming demand for electronic content coupled with the mission to decrease the overall environmental impacts of print production and distribution, all IGI Global journals will shift into a digital preferred model for the 2022 volume year. Under this model, journals will become primarily available under electronic format and articles will be immediately available upon acceptance. Print subscriptions and print + electronic subscriptions will still be available, but for the print version, all articles that are published during the volume year will become available at the end of the year in a single (1) printed volume.
  Learn More
- IGI Global’s New DEI e-Book Collection
  Acquire Over 320+ E-Books on Diversity, Equity, and Inclusivity from a publisher that has been dedicated to DEI since its inception over 30 years ago. Now, benefit from a collection of all of our DEI e-Books at a 90% Discount.
  Learn More
- Receive a 20% Discount When a Minimum of Five Titles are Purchased Together
  This 20% discount is automatically applied upon checkout and is only applicable when five or more reference books and scholarly journals are ordered. Discount valid on purchases made directly through IGI Global’s Online Bookstore (www.igi-global.com) and cannot be combined with any other discount. It may not be used by distributors or book sellers and the offer does not apply to databases. Exclusions of select titles may apply.
  Browse Titles
- Reduced Research Anthology Pricing
  Based on the increased interest in our Research Anthologies line from last year and understanding current budgetary limitations, IGI Global is reducing the price of our multi-volume Research Anthologies up to 50%. These publications are ideal for accommodating library budgets, as they contain hand-selected research content of the highest quality.
  Learn More
- Receive Complimentary Electronic Access to the First, Second, Third, and Fourth Edition of the
  Encyclopedia of Information Science and Technology with the Purchase of the Fifth Edition
  For a limited time, receive the complimentary e-books for the first, second, third, and fourth editions with the purchase of the Encyclopedia of Information Science and Technology, Fifth Edition e-book*. Offer is only valid when purchasing the fifth edition’s hardcover + e-book or e-book only option directly through IGI Global’s Online Bookstore (www.igi-global.com/books) and is not intended for use by book distributors or wholesalers. Contact Customer Service, cust@igi-global.com, for details. Offer expires July 1, 2021.
  Learn More
- Offering a 5% Pre-Publication Discount on
  All Reference Books Ordered Through IGI Global’s Online Bookstore*
  To support customers with accessing the latest research, IGI Global is offering a 5% pre-publication discount on all hardcover, softcover, e-books, and hardcover + e-books titles.
  *5% discount offer is eligible on hardcover, softcover, e-books, and hardcover + e-books titles and is automatically applied directly to the shopping cart. Discount offer only valid on purchases made directly through IGI Global’s Online Bookstore and offer expires 30 days after the publication’s release. This automatic discount is not intended for use by book distributors or wholesalers.
  Browse Titles
- Receive Free Shipping on Orders Over US$ 395.00
  Free shipping will be automatically applied to shopping cart orders over US$ 395.00 or more before tax, which can include a combination of print and non-shippable products (i.e. e-books, e-journals, and articles/chapters). It is only available when you order directly through IGI Global’s Online Bookstore and is only valid on standard U.S. and international shipping. There will be additional charges for express shipping and limitations may apply.
  Browse Titles
- Create a Free IGI Global Library Account to Receive an Additional 10% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 10% discount on single all titles, as well as the award-winning e-Book and e-Journal Collections.
  Sign Up Now!
Books
Journals
- - Journals
  - Open Access Journals
e-Collections
- - e-Collections
  - Open Access Read & Publish
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
Catalogs
About Us
Newsroom

Continuous Authentication in Computers

Harini Jagadeesan (Virginia Tech, USA) and Michael S. Hsiao (Virginia Tech, USA)

Source Title: Continuous Authentication Using Biometrics: Data, Models, and Metrics

DOI: 10.4018/978-1-61350-129-0.ch003

OnDemand PDF Download:

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

In the Internet age, identity theft is a major security issue because contemporary authentication systems lack adequate mechanisms to detect and prevent masquerading. This chapter discusses the current authentication systems and identifies their limitations in combating masquerading attacks. Analysis of existing authentication systems reveals the factors to be considered and the steps necessary in building a good continuous authentication system. As an example, we present a continual, non-intrusive, fast and easily deployable user re-authentication system based on behavioral biometrics. It employs a novel heuristic based on keyboard and mouse attributes to decipher the behavioral pattern of each individual user on the system. In the re-authentication process, the current behavior of user is compared with stored “expected” behavior. If user behavior deviates from expected behavior beyond an allowed threshold, system logs the user out of the current session, thereby preventing imposters from misusing the system. Experimental results show that the proposed methodology improves the accuracy of application-based and application independent systems to 96.4% and 82.2% respectively. At the end of this chapter, the reader is expected to understand the dimensions involved in creating a computer based continuous authentication system and is able to frame a robust continual re-authentication system with a high degree of accuracy.

Chapter Preview

Top

Introduction

Security is a key concern in the internet age where an increasing number of transactions are made over an unsecured network and there is a greater chance for sensitive data to be misused. Authentication mechanisms usually form the first line of defense in an electronic system’s security. They can be used for both initial authentication (verifying if a user is genuine) and re-authentication (continually verifying if the current user is the same as the logged-in user). Specifically, re-authentication or continuous authentication (CA) technologies are becoming more prevalent due to continued login into systems like laptops, netbooks, mobile devices, etc. For example, if an authenticated user temporarily leaves a system unattended without exiting the application or webpage completely, the session can still be in use. These sessions can be used by intruders to gain access to sensitive information. Also, if traditional authentication mechanisms are broken via stolen passwords, PINs, hardware keys, etc., the computer system currently has no way to distinguish the hacker from the authentic user. This, in turn, would compromise the entire system’s security if the authentication mechanisms consist only of traditional authentication methods.

Authentication of a user is generally performed at the beginning of a user session and during subsequent logout-logins. Although sufficient for one-time validation, it is ineffective in preventing masquerade attacks. Unlike user authentication, which attempts to determine if the person trying to enter the system via a controlled setting (e.g., typing of a password) matches the expected behavior, we try to determine if the user’s uncontrolled behavior matches the expected behavior. Thus, a user re-authentication system aims to continuously check if the current-user is the logged-in user. The logged-in user refers to the user whose initial login information authenticated the session. The current user refers to the person who is presently using the system. In general, we expect that the current-user and the logged-in user are the same. However, imposters can intercept the system and become the current user. In such scenarios, the current user is not the same as logged-in user and should be identified. In computer system authentication, this scenario is known as Masquerading.

Identity thefts due to masquerading cannot be successfully prevented by traditional methods since the intruder has already broken the authentication system. Two major factors in masquerading effort are:

•
Accessibility to a user’s session: This is possible by stolen passwords, PINs, unsecure session exits, etc. and can be prevented by using a second (and possibly, third) layer of authentication which is accurate and has a high cost of cryptoanalysis. A search for such a layer of authentication points towards mechanisms that involve characteristics which are unique to a user. A user’s biometric characteristics and to a certain extent, to her behavioral characteristics satisfy this requirement. For example, biometric characteristics like the iris print, finger print, DNA, etc. are unique and cannot be replicated easily. Similarly, a user’s behavioral characteristics are very hard to imitate. Research shows that it is impossible for a person to demonstrate a set of behavioral characteristics that are different from her own. Such an exercise usually results in a mixed set of behavioral characteristics that borrows from both the original set and the new set. If a system is sensitive enough to identify the subtle differences in a user’s behavior, it can easily identify the intruder despite masquerade attempts.
•
Time of access: Gaining access to a user’s session when it is in use by a genuine user (if the authentic user is away temporarily – without securely locking the system) is a common example for the time of access factor in masquerading efforts. As a security measure against this possibility, it is necessary for the authentication system to ensure that at any point of logged-in time, the current user is the same as the logged in user. This need is satisfied by continuous authentication of the user which ensures that the logged-in user’s profile matches the current user’s profile. When done periodically, they help mitigate the time of access factor in masquerading.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

Continuous Authentication in Computers

Abstract

Introduction

Complete Chapter List