In our society, nowadays pervaded by ICT, security services as authentication and non-repudiation play a very important role. In some critical systems and applications, in fact, it is mandatory that only authorized users are allowed to have services and functionalities at their disposal, especially in working environments where operators are in charge of analyzing sensitive data. Moreover, it is also essential that once users or entities make use of critical services, taking decisions for which they are directly responsible and which may have serious implications on company’s assets or even citizen’s safety, cannot subsequently deny their involvement. Nevertheless, in order to avoid possible intrusions, it is fundamental that these two services are provided continuously, that is for the whole session duration. In addition, they have to preserve usability and to avoid disturbing the user activity, otherwise they may result ineffective or even counter-productive. This Thesis aims to provide a solution to the problem of continuous authentication and describes the architecture design, protocol definition, prototyping and implementation of a multi-biometric system meant for this purpose. A risk assessment supports its design process from a security point of view, while an extensive and sound testing campaign, conducted with the involvement of real users, validates it from the usability perspective. This work also coins the term continuous non-repudiation, and proposes three alternative approaches for the seamless provision of this service. All of them share a common multi-biometric identity verification core, while they differ in terms of the way they technically address non-repudiation, as well as in the architectures and protocols. In particular, each solution introduces an improvement constituted by digital signature, biometric signature, and blockchain technology respectively. The latter, called Block-CNR, has been designed and implemented after having evaluated the usefulness of distributed ledgers for our purposes and takes into account also risks and common issues of adopting this technology.
Design and evaluation of multi-biometric approaches for continuous authentication and non-repudiation in critical services / enrico schiavone. - (2019).
Design and evaluation of multi-biometric approaches for continuous authentication and non-repudiation in critical services
enrico schiavone
2019
Abstract
In our society, nowadays pervaded by ICT, security services as authentication and non-repudiation play a very important role. In some critical systems and applications, in fact, it is mandatory that only authorized users are allowed to have services and functionalities at their disposal, especially in working environments where operators are in charge of analyzing sensitive data. Moreover, it is also essential that once users or entities make use of critical services, taking decisions for which they are directly responsible and which may have serious implications on company’s assets or even citizen’s safety, cannot subsequently deny their involvement. Nevertheless, in order to avoid possible intrusions, it is fundamental that these two services are provided continuously, that is for the whole session duration. In addition, they have to preserve usability and to avoid disturbing the user activity, otherwise they may result ineffective or even counter-productive. This Thesis aims to provide a solution to the problem of continuous authentication and describes the architecture design, protocol definition, prototyping and implementation of a multi-biometric system meant for this purpose. A risk assessment supports its design process from a security point of view, while an extensive and sound testing campaign, conducted with the involvement of real users, validates it from the usability perspective. This work also coins the term continuous non-repudiation, and proposes three alternative approaches for the seamless provision of this service. All of them share a common multi-biometric identity verification core, while they differ in terms of the way they technically address non-repudiation, as well as in the architectures and protocols. In particular, each solution introduces an improvement constituted by digital signature, biometric signature, and blockchain technology respectively. The latter, called Block-CNR, has been designed and implemented after having evaluated the usefulness of distributed ledgers for our purposes and takes into account also risks and common issues of adopting this technology.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Tesi PhD Enrico Schiavone.pdf
accesso aperto
Tipologia:
Tesi di dottorato
Licenza:
Open Access
Dimensione
4.26 MB
Formato
Adobe PDF
|
4.26 MB | Adobe PDF |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
