Risk Assessment of a Biometric Continuous Authentication Protocol for Internet Services

Research Area: Uncategorized Year: 2017
Type of Publication: In Proceedings Keywords: risk assessment,authentication,biometrics,security
Authors: Enrico Schiavone; Andrea Ceccarelli; Andrea Bondavalli
Volume: 1816
Book title: Proceedings of the First Italian Conference on Cybersecurity (ITASEC17)
Pages: 53-65
Address: Venice, Italy
Month: January
Distributed internet services involve multiple heterogeneous applications that communicate with each other. Guaranteeing their security is in general both mandatory and complex. Amongst the many security requirements that have to be guaranteed, secure user authentication is one of the most fundamental. Authentication is traditionally executed only at login phase, based on username and password. However, a single authentication point may not always guarantee a sufficient degree of security, especially in the context of critical systems. In a previous work we proposed a continuous authentication protocol that applies multiple biometric traits to continuously compute its trust in the user. This paper analyzes the security provided by such solution through a qualitative risk assessment, focusing on both threats related to transmission and specific of the biometric system level. Applying a NIST-compliant threat analysis, we identify the main threats and we assess their impact. Finally, we define the required countermeasures which allow us improving security of our authentication solution.
Full text: paper-06.pdf

Resilient Computing Lab, 2011

Joomla - Realizzazione siti web