Page 53 - index
P. 53
Physical biometrics has the additional complication that it requires that an individual has the
necessary technology to allow their physical biometrics to be recognized, and this presents
several challenges such as the requisite technology, and the legal challenges related to data
protection and privacy. Additionally once we have shared our physical biometrics, then our data
is on the internet and can be stolen.
Behavioral biometrics are another thing entirely. Our behavior is virtually as unique as our
fingerprint, and in independent analysis has proven to have a higher accuracy of detecting the
individual than fingerprint technology due to fingerprint being very susceptible to the quality of
the technology being used.
Additionally what behavior biometrics provides is continuance verification. In other words it is
comparable to a user having their finger on a fingerprint reader through the duration of a
session. MITB attacks become much harder to perpetrate because any significant change of the
user’s behavior during a session will result in the anomaly being immediately recognized. And
behavior is not something that we are able to copy. Everything a user does on the phone,
browser or computer consists of user patterns. Behavioral biometrics identifies these patterns
by collecting information, not on what the user is doing but rather how they are doing it. As a
result it prevents unauthorized access by authenticating user patterns of typing, swiping,
mousing, or switching between applications.
According to Bruce Schneier , “The idea — and I think this is a good one — is that the computer
can continuously authenticate people, and not just authenticate them once when they first start
using their computers.”
What Behavioral Biometrics offers is the ability to ensure that an individual’s “credentials”
cannot be stolen or hijacked. And as more devices are being modified to “know their users”, the
devices will be qualified to confirm their identities. By combining this confirmation with a
traditional password, it will be possible to authenticate users more effectively and in a manner
that will be transparent to them. Additionally it provides an organization with the ability to use
passwords in combination with behavior to provide extremely high levels of accuracy in
identifying the real user as opposed to an impostor, without the need to deploy any software or
technology to the user!
Behavioral biometrics has a unique side property that solves a security problem where
traditional security solutions fall short. A scenario where the user has an incentive to be part of
the fraud - by sharing account details or disregarding the need to protect the security token. For
example, software licensing of SaaS services where users share credentials to access hosted
ERP and CRM, as well as to pay walls for news and media services.
Such credential abuse is commonplace and an issue in ‘desktop sharing’ environments such as
trader floors and inside health/government services. In the healthcare sector convenient
authentication is a must-have in all clinical situations and the push to electronic health records is
driving a need for both patient-level and clinician-level strong authentication. Behavioral
biometrics can determine not only if there is abuse of privileges, but who the person using the
credentials actually is.
53 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
