BehavioSec participation in the DARPA AA Phase 2

Transcription

1 BehavioSec participation in the DARPA AA Phase 2 A case study of Behaviometrics authentication for mobile devices Distribution Statement A (Approved for Public Release, Distribution Unlimited) 1

2 This paper is an overview about BehavioSec s participation in DARPA s Active Authentication Program Phase 2 in 2013/

3 Contents Introduction... 4 DARPA s Active Authentication Program... 5 DARPA s Active Authentication Program Phase Trust Metrics... 6 DARPA s Active Authentication Program Phase Keyboard/keystroke... 7 Touch... 7 Work packages... 8 Working with CAC card

4 Introduction The word Behaviometrics derives from the terms behavioral and biometrics. Behavioral refers to the way a human person behaves and biometrics, in an information security context, refers to technologies and methods that measure and analyzes biological characteristics of the human body for authentication purposes; for example fingerprints, eye retina and voice patterns. In other words Behaviometrics, or behavioral biometrics, is a measurable behavior, used to recognize or verify the identity of a person. Behaviometrics focus on behavioral patterns rather than physical attributes. After a user is verified with traditional security techniques, such as passwords, Behaviometrics can enhance the protection even after the user has logged in. It can continuously monitor the user during the whole working session to create an ongoing authentication process. A biometric authentication system can check if a user is accepted into a system. If a user is accepted that should not be, it is called a false accept. If a user that should be accepted is not, it is called a false reject. The ratio between users that falsely attempts to enter and users falsely accepted, is called false accept rate (FAR). While the ratio between correct users being accepted and rejected is called false reject rate (FRR). A behavioral continuous authentication system uses a set of behavioral traits to calculate a similarity ratio between the current user s behavior and the expected. The similarity can be combined with a threshold, so that if the similarity drops below the set threshold, the user will be detected as an imposter. 4

5 DARPA s Active Authentication Program The current standard method for validating a user s identity for authentication on an information system requires humans to do something that is inherently unnatural: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console. The Active Authentication program seeks to address this problem by developing novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software based biometrics. Biometrics is defined as the characteristics used to uniquely recognize humans based on one or more intrinsic physical or behavioral traits. This program focuses on the behavioral traits that can be observed through how we interact with the world. Just as when you touch something your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a cognitive fingerprint. The first phase of the program will focus on researching biometrics that do not require the installation of additional hardware sensors, rather the program will look for research on biometrics that can be captured through the technology we already use looking for aspects of this cognitive fingerprint. These could include, for example, how the user handles the mouse and how the user crafts written language in an or document. A heavy emphasis will be placed on validating any potential new biometrics with empirical tests to ensure they would be effective in large scale deployments. The later phases of the program will focus on developing a solution that integrates any available biometrics using a new authentication platform suitable for deployment on a standard a Department of Defense desktop or laptop. The combinatorial approach of using multiple modalities for continuous user identification and authentication is expected to deliver a system that is accurate, robust, and transparent to the user s normal computing experience. [1] [1] 5

6 DARPA s Active Authentication Program Phase 1 In phase one we used the behavioral data of 100 voluntary users for 3 months on standard windows office PCs, to extend current biometrical measurement definitions to better fit the unique characteristics of continuous behaviometrics. We sampled the following modalities: Fig 1. Modalities Trust Metrics To use the behavior of users for continuous authentication we decided to develop the concept of Trust. The trust is defined by Biometric systems have been defined by the US National Institute of Standards and Technology (NIST) as systems exploiting automated methods of recognizing a person based on physiological or behavioral characteristics 6

7 DARPA s Active Authentication Program Phase 2 Keyboard/keystroke We are looking for how a person is typing, not what a person is typing. We use keystroke dynamics (press, flight and sequence) and combine this with pressure, accelerometer and gyro information as well as the position of the touch on the pressed key. Touch For touch gestures we use all the available modalities of the touch, like distance and time travelled, as well as the points when entering or leaving measurement points together with the pressure. Start Stop 7

8 Work packages WP 2 Continuous Trust on Mobile Devices Realize a Continuous Authentication for mobile devices with our Trust Metrics from Phase 1 using: Keystroke dynamics Pressure Touch Gestures Accelerometer Gyro GPS WP 3 Differences of keystroke on mobile and desktop We study the possibility of reusing the information from profiles between desktop and mobile devices We compare the reliability of an user authentication for self-chosen vs. predetermined passwords WP 4 USMA metrics We plan to present different metric s according to the USMA metrics based on our data (FTE, FTA, FAR, FRR, EER, MTTE, MTTD, ROC) WP 5 Open Data Format We plan to propose an Open Data Format for interoperability for behaviometric data for keystroke dynamics, mouse movements, application usage and mobile modalities like Keystroke position, Pressure, Touch, Gyro, Accelerometer and GPS. WP 6 Gesture Based Input Model gestures to be used for authentication Fusion of gestures into our continuous trust system Stability of Predetermined and self-chosen gestures WP 7 PIN entry on mobile devices We are using data from anonymous users 4-8 digit pin to generate statistically significant results for user authentication. Differences between self-chosen and random PIN Results from gathered data will be presented showing the stability of user behavior for self-chosen and random PIN. Working with CAC card To show the possibility of tying a user to an issued credential, we intend to research, how this can be done on mobile devices using standard CAC card with NFC. 8

9 A temporary behavioral profile on the mobile would be generated This would be signed with the CAC card via NFC and encrypted using a supplied server key Send to server The server is decrypting the profile and checking the signature The server polls the user profile from the database, based on user signature The temporary profile of the user would be compared and based on the results a score trust value will be reported Workflow Temporary profile Secured with user specific CAC card Poll user profile, based on user credentials Compare to profile and maintain trust value 9

10 For more information please contact sales at BehavioSec, Jakobs torg 3, SE Stockholm, Sweden 10