In the physical world, we have long deployed the dead bolt as a means of access control. It has served us well for many years, and it is a sturdy, resilient way to restrict access to a particular area that we deem sensitive. However, the dead bolt has a fatal flaw – it is accessed with a key, which can be copied or stolen. The dead bolt can be accessed by anyone who holds the key, regardless of whether he or she is the real owner or not. In effect, a malicious actor with the key renders the dead bolt useless. A dead bolt can also be picked, or brute forced, by skilled enough hands.
In the logical world, the equivalent of the dead bolt is password-based authentication. Like the dead bolt, the password has been a technology that has served us well for many years. However, it shares the same fatal flaw as the dead bolt. A malicious actor who has stolen the password can use it to authenticate, even without being the true owner.
A better solution in the physical world would be having a dynamic protection mechanism guarding the door. An adaptive gatekeeper of sorts, much like a New York doorman or a porter. A porter recognizes you as you approach the building. A porter makes it easier for you: if he notices you are carrying groceries or a large delivery, he can unlock and open the door.
As part of the community, the porter knows when there is an active threat in the neighborhood. A porter can recognize your behavior, noticing that you are under duress or in need of assistance and call for help. The porter can improve your overall experience, serving as adaptive intelligence at the front gate.
In the logical world, the equivalent of the porter is adaptive authentication, which provides a means for recognizing you as you approach a resource that you wish to gain access to. The adaptive engine performs analysis on many different attributes of the way you present yourself. A risk profile is compiled from these attributes, and the adaptive engine makes a determination on whether to deny you access, or step up your authentication to an additional factor.
Since much of the analysis is done behind the scenes, the technology can make it easier for you. It can authenticate you without the need for re-entering credentials.
Adaptive authentication can cross the divide between the physical and logical worlds. Like the porter, the adaptive engine can recognize changes in your physical behavior. When each of us interact with our desktops via the keyboard and mouse, we leave a recognizable signature behind. This signature is comprised of the timings in which we press, depress and move between keys. It is comprised of the way we accelerate, decelerate and click the mouse. When we interact with our mobile devices, our method of touching the screen and holding the device is unique to us. This technology is known as behavioral biometrics.
Behavioral biometrics is a technology that is ideally suited for logical access control. It is highly accurate, with successful match rates around 98%. One of its most advantageous aspects is that it can be collected behind the scenes, without interfering with the overall experience of the legitimate user.
It can help to solve two very vital aspects of logical access control: elevation of trust, and continuous authentication. In the aspect of elevation of trust, it can help to raise the initial level of certainty that the user is actually who they claim to be. In the aspect of continuous authentication, it can help to ensure that the level of certainty does not decay over time. Continuous authentication is key to battling the insider threat.
Imagine the case of an employee leaving their terminal unlocked and a malicious user sitting down to make use of it while the employee is authenticated. With continuous authentication, that malicious user could be stopped.
When evaluating all elements of risk around an authentication, the physical behavior of the user behind the credentials must be considered. Adaptive authentication and behavioral biometrics will prove to be a very powerful pairing of technologies. You want a dynamic, adaptive intelligence guarding you – one that evolves over time. The porter instead of the dead bolt.
(About the author: Craig Lund is the CEO and founder of SecureAuth, a leader in adaptive authentication and information security solutions.)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access