Ian L Paterson, CEO of Plurilock based in Canada, participates in Risk Roundup to discuss “Behavioral Biometric Risks Based Authentication.”
Behavioral Biometric Risks Based Authentication
Risk-based authentication, a non-static authentication system that considers the profile of digital users requesting access to the computer system to determine the risk score in real-time, has been getting a lot of attention. Moreover, a trend is emerging of integrating biometric data with real-time authentication processes. While many different models are emerging for biometric identification, digital users’ integration of machine learning brings significant potential to human user identification and authentication process.
While there are two significant forms of biometrics: those based on physiological attributes and those based on behavioral characteristics that are being applied, each class of biometrics brings its own set of risks and rewards. As a result, it is crucial to understand and evaluate different modes and mechanisms of biometrics.
Biometric Authentication
Biometric authentication is commonly understood to be the process of verifying human identity using body measurements or other unique characteristics of the human body that would allow logging in digital service, any digital application, a connected device, and so on. Biometric identification verifies individuals based on their body measurements and mechanisms and is further divided into two major groups.
- Physiological biometrics integrates the measurement of focused physiological features of a human body. It can be the face, fingerprints, human retina, blood vessel patterns, hand geometry, iris patterns, and more into an automated authentication process.
- Behavioral biometrics extract and integrate relevant information about human behavior and patterns such as variations in speech, keystroke, posture, and the way we do things into the human user authentication process.
It seems that the current trends are leaning towards physiological biometrics. While they are generally perceived to be extremely robust and secure, the emerging reports indicate that fingerprints can be spoofed and so on. As a result, there is a need to understand that any biometric solution that is to be used in cyberspace must be effective and yet very unobtrusive.
In comparison, while behavioral biometrics are unobtrusive – they are perceived to be frailer than physiological techniques. The reason is that the signatures can be forged, speech can be replicated, postures can be built through moderately sophisticated speech synthesis machinery, and so on.
Building Digital User Profile
Depending on the selected behavioral attribute, type, timing, and movement direction, along with mouse clicking actions and more, are commonly used to build a profile of a digital user. This user profile information is then used for authentication purposes.
It seems that most emerging system relies on a continuous user monitoring process. As a result, they require the user to interact continuously to derive enough statistical information regarding their mouse dynamics or any behavioral attribute selected. Individually and collectively, the results seem to be dependent on the number of individuals involved in the process and their characteristics. This means that, even with a large amount of data collected, the results can be vastly different if we change the group being evaluated and enrolled.
The reason is, it is challenging to obtain an accurate sample representative of the user population since it is difficult to characterize the population. This means there can only be two algorithms compared using the same test data and groups. The results also seemingly vary according to the final use. Any system used to identify an individual is less accurate than an operation used just to authenticate the user. Besides, the system that computes the risk profile and risk scores must be diligently maintained and updated as new threats emerge faster than humans can comprehend. Since many ways can lead to unauthorized access, it is important to have a structured analysis before these systems can be commercially used.
Computational Resources
It seems that while behavioral biometrics has great potential, to create an identification and authentication system that is trustable, scalable, and secure needs a lot more work. Further studies are necessary to evaluate the performance of the behavior biometric algorithm and its security. The time is now to assess behavioral biometric trends for user identification and authentication.
For more, please watch the Risk Roundup Webcast or hear Risk Roundup Podcast
About the Guest
Ian is a serial entrepreneur; Ian was the founder and CEO of Exapik, a data monetization marketplace. Before that, he led the enterprise data science division at venture-backed analytics firm Terapeak, later acquired by eBay.
About the Host of Risk Roundup
Jayshree Pandya (née Bhatt), Ph.D., is a leading expert at the intersection of science, technology, and security and is the Founder and Chief Executive Officer of Risk Group LLC. She has been involved in a wide range of research, spanning security of and from science and technology domains. Her work is currently focused on understanding how converging technologies and their interconnectivity across cyberspace, aquaspace, geospace, and space (CAGS), as well as individuals and entities across nations: their governments, industries, organizations, and academia (NGIOA), create survival, security, and sustainability risks. This research is pursued to provide strategic security solutions for the future of humanity. From the National Science Foundation to organizations from across the United States, Europe, and Asia, Dr. Pandya is an invited speaker on emerging technologies, technology transformation, digital disruption, and strategic security risks. Her work has contributed to more than 100 publications in the areas of science and commerce. She is the author of the books, Geopolitics of Cybersecurity and The Global Age. She writes about Artificial Intelligence on Forbes.
About Risk Roundup
Risk Roundup, a global initiative launched by Risk Group, is a security risk reporting for risks emerging from existing and emerging technologies, technology convergence, and transformation happening across cyberspace, aquaspace, geospace, and space. Risk Roundup is released in both audio (Podcast) and video (Webcast) format. It is available for subscription at Risk Group Website, iTunes, Google Play, Stitcher Radio, Android, and Risk Group Professional Social Media.
About Risk Group
Risk Group is a Strategic Security Risk Research Platform and Community. Risk Group’s Strategic Security Community and Ecosystem is the first and only cross-disciplinary and collective community that is made of top scientists, security professionals, thought leaders, entrepreneurs, philanthropists, policymakers, and academic institutions from across nations collaborating to research, review, rate and report strategic security risks to protect the future of humanity.
Copyright Risk Group LLC. All Rights Reserved