Professional Documents
Culture Documents
BehavioMetrics
A Paradigm Shift in Computer Security
Abstract
Behaviometrics, or behavioral biometrics, is
a measurable behavior used to recognize or
verify the identity of a person. Behaviometrics
focuses on behavioral patterns rather than
physical attributes. Almost all interaction
with a computer is carried out via a keyboard
and a mouse for input, and with the display
for visual feedback. Behaviometrics utilizes
the characteristics of the users input and
how they navigate through the interface to
create virtual fingerprints of their behavior.
Behaviometrics can efficiently prevent intrusions
on laptops or workstations by continuously
verifying that it is the authorized user that
is accessing the computer. Behaviometrics
can continuously monitor the user during the
whole working session to create an ongoing
authentication process. The behavioral pattern
which is the base for the ongoing verification
of the user profile is complex mix of mouse
dynamics, keystroke dynamics, the users GUI
interaction and advanced behavioral algorithms.
Contents
Abstract 2
A changing market
Finance 6
Healthcare
Governmental organizations
Private Enterprises
Features
Administration 9
Architecture 9
About BehavioSec
10
10
10
10
A changing market
More and more voices strongly declare that
the password is no longer a reliable IT security
measure and must be replaced by more efficient
systems for protecting the computer contents.
At the same time, laptops are getting more
mobile by the year with increasing thefts as
a result. The ways of accessing confidential
information has also increased with for example
increasing use of web access and advanced
mobile phones. Statistics also show that
the amount of targeted attacks and planned
financial frauds are increasing globally.
The IT security business is flooded with different
solutions, both technical and organizational, for
securing the information in computers. Regarding
the technological development, most efforts have
been developing and designing security solutions
that are focused on increasing the efficiency of
the authentication phase, rather than increasing
the security of the actual
usage of the computer.
47% of computer
security professionals
surveyed reported a
laptop theft over the
past twelve months
Behaviometrics a paradigm
shift in information security
Behaviometrics offers a new generation of
information security solutions simply by using
the individual itself as its core asset. An asset
that is extremely hard to replicate which makes
it the ultimate solution against identity theft.
By covering the previously unprotected
period of time between login and logout,
Behaviometrics becomes a very powerful
weapon in the fight against computer intrusions.
Any unauthorized user that previously could
access a computer with confidential information,
either by hacking the password, logging in
with stolen credentials or accessing a logged
on computer, can now be stopped and the
intrusion is prevented while it is happening.
Login
Computer in use
Initial Authentication
by password, smartcards
or biometric solutions.
Logout
Continuous Authentication
with behaviometric software
Finance
Banks and other financial institutions that store
monetary assets has always been a target for
intrusions. Loss of information that derives
from these intrusions can be devastating and
have a long term impact on customer trust.
Additionally, bank personnel have the means
to access and execute changes to their clients
accounts, thus make it crucial to verify that it
is the correct user accessing the system.
A recent incident in Sweden, where an
unauthorized user remotely hijacked a
computer that was left unattended and started
transferring money, shows the vulnerability of
todays security systems. Luckily, the intrusion
was disrupted when an employee saw the
mouse being moved on the screen although
no one were present and pulled the plug at
the last second which stopped the attempt.
Healthcare
Hospitals and other care related institutions store
private information about its clients in journals,
registers and records. This information can be
very sensitive and access is only given to the
persons responsible for the patient. The last
years have provided lots of examples of integrity
violations when confidential information such
as medical records, has ended up in media
and newspapers. Meanwhile, public debates
have been widespread and the demands for
both legal actions and other ways of protecting
personal integrity have been raised.
An example of this was when Swedish foreign
minister Anna Lindh died in hospital after
being attacked in central Stockholm, in 2003.
Media afterwards published confidential
information that derived from her medical
records. Later it was established that a large
number of employees not involved with the
direct care had been accessing confidential
records through another users account.
Governmental organizations
Keeping the nation states information intact
from abuse and intrusions is crucial to be
able to protect its borders and citizens. The
attempts of intrusions are most likely to be
Private Enterprises
Protecting company information is of the highest
importance to all private enterprises. There is a
great deal of responsibility as to how sensitive
information and communication should be
handled to protect intellectual property assets
such as pharmaceutical research, software
development, launch plans and other key
resources. A large amount of external resources
can also often access critical and sensible
information, for examples accountants has direct
often access to their customers financial data
which is only intended for the auditing. This
information can easily be acquired by stealing
a laptop and then accessing the sensitive
content through known or hacked credentials.
Recently, the problem of insider abuse has been
accelerating in companies where workstations
can be accessed by non authorized users inside
the premises of the organization. An insider can
gain access to a user account either at a logged
on computer or through known passwords or
stolen credentials. Also, since 2002, regulatory
compliance for public companies has stressed
security as a key issue for the companys liability.
Features
Filter
User Profile
E4
E5
Detection
Network
E1
E3
n
n
E +
i=1 i
i=1
Ei
n
i=1
(1 Ei )
E6
System
Desktop
Start
Behaviometric
Wait for new
session
Login
Hook
Monitor
thread
Session
Data stream
Close
Logout
Monitor
E2
Time
[E2]
[E3]
[E4]
[E5]
[E6]
62%
78%
64%
52%
48%
51%
Administration
The Behavio Management Server is
administrated through a web interface which
is with any modern browser. Users and groups
can be imported from LDAP sources.
Architecture
10
About BehavioSec
Discovering the potential of the human
behavior
In 2004, the founders of BehavioSec started
to look into the data security market in order
to find an interesting angle for their masters
thesis at Lule University of Technology, in the
north of Sweden. What they found out was that
most economical and developmental efforts at
that time were focused on either strengthening
the physical safety systems or refining login
procedures for access authentication. They also
found out that there was no software products on
the market were targeting the time after login.
There was a gigantic security gap between
the time of login and the time of logout from a
software point of view. This insight led the two
researchers to focus on the characteristics of
this period in order to find the key asset to new
data protection software. And what they found
was the potential of the human behavior!
11
BehavioSec is a
registered trademark
12