Distributed internet services involve multiple heterogeneous applications that communicate with each other. Guaranteeing their security is in general both mandatory and complex. Amongst the many security requirements that have to be guaranteed, secure user authentication is one of the most fundamental. Authentication is traditionally executed only at login phase, based on username and password. However, a single authentication point may not always guarantee a sufficient degree of security, especially in the context of critical systems. In a previous work we proposed a continuous authentication protocol that applies multiple biometric traits to continuously compute its trust in the user. This paper analyzes the security provided by such solution through a qualitative risk assessment, focusing on both threats related to transmission and specific of the biometric system level. Applying a NIST-compliant threat analysis, we identify the main threats and we assess their impact. Finally, we define the required countermeasures which allow us improving the security of our authentication solution.
Risk assessment of a biometric continuous authentication protocol for internet services / Schiavone, Enrico; Ceccarelli, Andrea; Bondavalli, Andrea. - ELETTRONICO. - 1816:(2017), pp. 53-65. (Intervento presentato al convegno Italian Conference on Cybersecurity (ITASEC17) tenutosi a Venezia nel 17 - 20 Gennaio, 2017).
Risk assessment of a biometric continuous authentication protocol for internet services
SCHIAVONE, ENRICO;CECCARELLI, ANDREA;BONDAVALLI, ANDREA
2017
Abstract
Distributed internet services involve multiple heterogeneous applications that communicate with each other. Guaranteeing their security is in general both mandatory and complex. Amongst the many security requirements that have to be guaranteed, secure user authentication is one of the most fundamental. Authentication is traditionally executed only at login phase, based on username and password. However, a single authentication point may not always guarantee a sufficient degree of security, especially in the context of critical systems. In a previous work we proposed a continuous authentication protocol that applies multiple biometric traits to continuously compute its trust in the user. This paper analyzes the security provided by such solution through a qualitative risk assessment, focusing on both threats related to transmission and specific of the biometric system level. Applying a NIST-compliant threat analysis, we identify the main threats and we assess their impact. Finally, we define the required countermeasures which allow us improving the security of our authentication solution.File | Dimensione | Formato | |
---|---|---|---|
paper-06.pdf
accesso aperto
Tipologia:
Pdf editoriale (Version of record)
Licenza:
Creative commons
Dimensione
211.08 kB
Formato
Adobe PDF
|
211.08 kB | Adobe PDF |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.