User Behaviour Analytics



Similar documents
Modern two-factor authentication: Easy. Affordable. Secure.

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Entrust IdentityGuard

Guide to Evaluating Multi-Factor Authentication Solutions

BioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

Improving Online Security with Strong, Personalized User Authentication

XYPRO Technology Brief: Stronger User Security with Device-centric Authentication

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

Multi-Factor Authentication of Online Transactions

RSA Adaptive Authentication For ecommerce

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

Alternative authentication what does it really provide?

The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device

Multi-factor authentication

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

ACI Response to FFIEC Guidance

How To Comply With Ffiec

REPORT. Next steps in cyber security

WHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

WHITE PAPER. Let s do BI (Biometric Identification)

Securing Internet Payments across Europe. Guidelines for Detecting and Preventing Fraud

WHITE PAPER. Credit Issuers. Stop Application Fraud at the Source With Device Reputation

WHITE PAPER Moving Beyond the FFIEC Guidelines

Voice biometrics. Advait Deshpande Nuance Communications, Inc. All rights reserved. Page 1

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

VoiceTrust Whitepaper. Employee Password Reset for the Enterprise IT Helpdesk

Endpoint Threat Detection without the Pain

WHITE PAPER Usher Mobile Identity Platform

expanding web single sign-on to cloud and mobile environments agility made possible

A strategic approach to fraud

TrustDefender Mobile Technical Brief

Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Marquee

Advanced Biometric Technology

Voice Authentication On-Demand: Your Voice as Your Key

Strengthen security with intelligent identity and access management

CA Arcot RiskFort. Overview. Benefits

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Token Security or Just Token Security? A Vanson Bourne report for Entrust

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

French Justice Portal. Authentication methods and technologies. Page n 1

IDENTITY & ACCESS. Providing Cost-Effective Strong Authentication in the Cloud. a brief for cloud service providers

IDRBT Working Paper No. 11 Authentication factors for Internet banking

An Innovative Two Factor Authentication Method: The QRLogin System

Biocryptology is an encryption-based. entry to a network or the Internet that. are vulnerable to third parties through

the challenge our mission our advisors

Remote Access Securing Your Employees Out of the Office

WHITE PAPER. Internet Gambling Sites. Expose Fraud Rings and Stop Repeat Offenders with Device Reputation

Top 5 Reasons to Choose User-Friendly Strong Authentication

Multi-factor Authentication Security Enhancement

Virtual desktops in hospitals: streamlining clinical workflows

White paper. Implications of digital certificates on trusted e-business.

Recognize the many faces of fraud

Fraud Solution for Financial Services

Internet threats: steps to security for your small business

A brief on Two-Factor Authentication

SANS Top 20 Critical Controls for Effective Cyber Defense

BehavioSec participation in the DARPA AA Phase 2

ADVANCE AUTHENTICATION TECHNIQUES

End-user Security Analytics Strengthens Protection with ArcSight

Protect Your Customers and Brands with Multichannel Two-Factor Authentication

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Case Study SMS Two Factor Authentication. Contact us Infracast Ltd, Merlin House Brunel Road, Theale, Berkshire, RG7 4AB

Getting a Secure Intranet

IBM Security QRadar Vulnerability Manager

Understanding It s Me 247 Security. A Guide for our Credit Union Clients and Owners

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

Authentication Solutions Through Keystroke Dynamics

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Stay ahead of insiderthreats with predictive,intelligent security

SUPPORTSOFT ACCOUNT MANAGER

Strong Authentication for Secure VPN Access

Security aspects of e-tailing. Chapter 7

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

An Analysis of Keystroke Dynamics Use in User Authentication

Understanding Digital Signature And Public Key Infrastructure

Mobile E-Commerce: Friend or Foe? A Cyber Security Study

WHITE PAPER Fighting Banking Fraud Without Driving Away Customers

Protecting Online Gaming and e-commerce Companies from Fraud

Knowledge Based Authentication [KBA] is not just for onboarding new customers

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Transcription:

User Behaviour Analytics How do they know its really you? White Paper Sept 2015 Ezmcom Inc. 4701 Patrick Henry Drive BLDG 7, Santa Clara, CA, 95054, US

Executive Summary Authentication has traditionally relied on users producing one or more of something you know (such as a passwords or PIN), something you have (such as a number from an hard token key) or something you are (such as your fingerprints or face.). Behaviour-based biometrics, adds another factor to the mix: ( something you do ). DARPA of U.S. (the Defence Advanced Research Projects Agency) is currently working on the next generation authentication, which it calls Cognitive Authentication first phase of the active authentication program will focus on biometrics that can be captured through existing technology, such as analysing how the user handles a mouse or how they craft the language in an email or document 1. If they're effective, cognitive fingerprints could offer significant advantages over existing forms of authentication. Unlike biometrics they don't require specialist hardware and unlike password authentication they don t rely on users being good at something they're naturally bad at. This technology is also known as User Behavior Analytics ("UBA"). UBA as defined by Gartner, is about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns - anomalies that indicate potential threats 2. The space is evolving pretty rapidly, and there are some fairly significant differences in approach from one solution provider to the other. But the fact that user activity and behavior are being increasingly paid attention to is being welcomed. While there are various types of User Behaviour Analytics tools e.g Cloud Security Analytics, Data Ex-Filtration Prevention, Insider Threat Analytics and so on, the scope of this white paper is to look into Keyboard Profiling UBA also referred to as Periodicity or Keystroke dynamics, It is a technology of mapping a user s keyboard typing behaviors. When users type their username and password, an algorithm can calculate how long it takes to type it, including how long each key is depressed (dwell time) and how long it takes to move from one key to another (gap time). This whitepaper aims to present Ezmcom s approach with Keystroke dynamics and how it is moving beyond simple password/id logins towards multi-modal solutions in an effort to bolster security.

The Technology & The Market Behavioral biometrics offers a tool, which may enhance the security of user authentication and intrusion detection applications, in some cases with very low impact on the system users. They are most useful in multimodal systems (those using more than one type of biometric at the same time) as a complement to more robust methods largely because most behavioral biometrics is highly sensitive to the means of implementation. E.g. keystroke dynamics depend on the keyboard hardware used, blinking behavior depends on illumination etc Some behavioral biometrics, require specialised and sometimes highly obtrusive equipment which may be off-putting to users, while other behavioral biometrics on the other hand offer a completely unobtrusive technique to identify or classify individuals. Such unobtrusiveness may be challenging from the point of view of collecting user consent, as required by law in many jurisdictions. According to a Gartner research paper Market Guide for UBA over the past decade, the UBA market has evolved into three main phases as vendors from different corners of the market largely the security, fraud, business intelligence and database space started solving fraud and security problems with big data analytics. Phase 1 (10 years ago): The first vendors to emerge in this space more than 10 years ago were those that enabled entity link analysis or social network analysis across structured data. In Phase 2: (past 3 to 7 years ago), UBA vendors started packaging more canned intelligence for repeatable use cases, mainly to solve fraud in many of the areas tackled in Phase 1 (e.g., credit card bust-out, account takeover, new account fraud, loan origination, insurance claims, healthcare fraud, tax refund fraud, government benefit programs and more). In Phase 3:(past two years), vendors continue to refine their canned analytics for fraud use cases so that they are easier and faster to implement. In the scope of this paper, User Behaviour Analytics has been addressed in the context of Keyboard Dynamics. Profiling users or other entities under this method essentially means building up a history of the user or entity (such as a peer group or application) by monitoring each relevant action taken and then summarizing those actions so that the profile system knows what constitutes normal or typical behavior for that user or entity. Profiling is also referred to as "baselining," which is the same activity of creating a baseline for a user or other entity, which represents its normal or typical behavior. So far UBA has been successfully deployed for three main purposes: finding the "bad guys," improving alert management and streamlining alert investigations.

What is Keystroke dynamics? Keystroke rhythm is a natural choice for computer security. This concept stems from observations that similar neurophysiological factors that make written signatures unique are also exhibited in a user s typing pattern. When a person types, the latencies between successive keystrokes, keystroke durations, finger placement and applied pressure on the keys can be used to construct a unique signature (i.e., profile) for that individual. For well-known, regularly typed strings, such signatures can be quite consistent. Furthermore, recognition based on typing rhythm is not intrusive, making it quite applicable to computer access security as users will be typing at the keyboard anyway. Application of such technology not only can be used in authenticating users but also to revolutionize insider-threat detection. Insiders accessing backdoors, using shared accounts, or masquerading as other users would be exposed by their unique typing rhythms. Sequence Time Time History of Keystroke Dynamics Keystroke-dynamics research was inspired by much older work that distinguished telegraph operators by their keying rhythms. This capability was allegedly quite useful during World War II for identifying radio operators and tracking troop movements. Keyboard typing rhythms were first considered as a means of distinguishing typists in the mid 1970s. Spillane (1975) suggested in an IBM technical bulletin that typing rhythms might be used for identifying the user at a computer keyboard. That bulletin described keystroke dynamics in concept. Much of the work on in-session authentication has been done by Bergadano et al. (2002, 2003) and Gunetti and Picardi (2005). They developed an algorithm for comparing the similarity of two typing samples based on the typing times. The algorithm compared the relative speeds at which different digraphs were typed. Flight Time Time Press Time Time Press Flight Sequence Score Synthesize Times

Privacy - Keystroke dynamics: not what you type, but how you type Keystroke dynamics is the process of analysing the way a user types at a terminal by monitoring the keyboard inputs thousands of times per second in an attempt to identify users based on habitual typing rhythm patterns. Moreover, unlike other biometric systems, which may be expensive to implement, keystroke dynamics is extremely cost effective the only hardware required is the keyboard. However because the system monitors all the events, keeps log of the time stamp data, there are concerns of privacy with Keystroke dynamics. With such a scheme, during an authentication, the technology verifies two issues: (i) are the credential correct? (ii) is the way of typing it similar? this In turn raises privacy questions such as, are the user s username and password being stored during authentication? Second more importantly, is the user s keystroke behaviour i.e chronological data of user s time stamp of keystrokes, which could translate to his behaviour, also stored during the session? Only waiting to fall in wrong hands defeating the purpose of this technology. EZMCOM s Keystroke Dynamic Authentication Introduction: Customers embrace online banking and online shopping because of their convenience factor. Adding security hardware such as card readers for twofactor authentication provides a frustrating barrier to an otherwise smooth transaction process. Behavioural biometrics appeals to conveniencefocused banking and retail consumers, as it sits in the background of technology devices, rather than proactively asking the user to pass through any additional authentication processes. Understanding Risks associated with User Behavior: Man-in-the-Browser Detection of Aggregators and Bots at login New Account Set-up and e- commerce Fraud Detection Detection of Account Takeover Fraud at Login While the risks are obvious and increasing, failed login attempts, especially with 2-factor authentication can result in frustrated customers. Inconvenience and consistent frustrations might force customers, now, to expensive mediums such as phone call or going to a branch. Sometime, these events might result in loss of customer to another convenient bank, offering better experience.

UBA Business Drivers Reduce Operation Costs while increasing revenue: Customers adopt digital channels for ease of use. Growing competitions do not inhibit customers to switch if banks and e-commerce companies do not keep up pace with technology advancement. While increasing revenues, the firms should balance customer convenience with appropriate security measures. A right authentication solution would reduce the tussle associated with failed authentication and increase end user satisfaction and drive customer base growth, retention and high conversion rates. An acceptable customer satisfaction can, also, reduce customer support calls (A single customer call can cost as much as $4). Cost of Sales: Banks and retail players can fulfill a transaction through multiple sale channels. Banks can leverage right from online payment to calling a bank support executive to address a need of a customer. Similarly, retail firms can allow their customers to shop online to walk in and buy from brick and mortar shops. Time has proven, now, that online medium serves a better and costeffective medium compared to conventional mediums of sales. Cost of Hack: Hacking can have disastrous effect on the reputation and business of a firm. 2013 Target breach resulted in loss of money, reputation and people in the form of employees and partner firms. Business Drivers ROI Cost of Sales Cost of Hack

EZMCOM Solution Ezmcom UBA biometric analysis is transparent to the user. It requires a simple user enrollment and the, instead of secondary passwords and extra verification codes, UBA engine transparently authenticates the user by verifying that the current session behavior matches up with the established user profile created earlier. By comparing a login behavior in a current session with that of the registered one earlier, Ezmcom assess the likelihood of a login originating from a specific user with a certain threshold of acceptance. Ezmcom can behaviorally authenticate user logins, which drives down the number of failed step-up authentications, declined transactions and manual reviews, thereby, eliminating the need for users struggling to login or transact online to contact call centers. Additionally, we enable our customers increase their end user satisfaction which helps retain and grow the customer base. Ezmcom is at the cutting edge of the technology innovation and relies on the user specific subconscious patterns of behavior that emerge through repetitive human actions such as total sequence time (time it takes for the user to key in the whole string), flight times (time elapsed between 2 key downs) and key depressed times (time elapsed between key down and key up). With a reliable set of data to use and an acceptable threshold as a standard for each user, Ezmcom can then detect unusual behavior and identify it as a security risk. Relying on sophisticated machine learning and security algorithms, the Ezmcom technology builds up a unique profile of the user based on how they key in their passwords on the web. Now, user authentication attempts that fall outside established behavior patterns can be denied or stepped up to Two-Factor authentication. Conclusion Simple security solutions such as passwords will always be undermined by simple hacking techniques. As such it s important that industries and in particular the financial and ecommerce industry take a layer on top of solutions such as passwords with additional security yet user convenient solutions such as behavioral biometrics. By adding innovative security layers, banks and e-commerce firms can reduce risks. Finding the right balance between sophisticated security and ease of use for the customer would be key to the growing trend of consumers banking and shopping online.

Some Data Points 1. The HP 2015 Cyber Risk Report finds that 86 percent of web applications tested had serious issues with authentication, access control, and confidentiality, an increase over the previous year s rate of 72 percent. 2. Gartner s Online Fraud Detection Market Guide states that by 2017 Passive Biometrics will become a standard feature for fraud detection. 3. NuData observed over 270 million fraudulent or high-risk behavior events by analyzing about 191 million IP addresses, 388 million email addresses, 9.3 billion clicks, and 32.8 billion keystrokes between May, 2015 and July, 2015. References: 1 https://uk.finance.yahoo.com/news/military-signs-deal-next-gen-032935608.html 2 https://www.gartner.com/doc/2831117/market-guide-user-behavior-analytics 3 http://findbiometrics.com/nudata-behavioral-analytics-28265/ EZMCOM is a security access provider for innovative and easy-to-use technology that can be deployed to protect users, data, and applications from credential theft, account takeover and breaches. EZMCOM is working with companies worldwide to change the way we authenticate and authorize across mobile devices, servers, workstations within enterprise and cloud services. If you have questions, or would like a demo of EZMCOM s authentication solutions, talk to an EZMCOM representative today! U.S : +1 (510) 396-3894 Malaysia : +60 (0) 12 570-1114 l India : +91 77 608 25225 I Australia : +61 04300 93677

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information