Continuous Authentication and Non-repudiation for the Security of Critical Systems

User authentication is a key service, especially for systems that can be considered critical for the data stored and the functionalities offered. In those cases, traditional authentication mechanisms can be inadequate to face intrusions: they usually verify user's identity only at login, and even repeating this step, frequently asking for passwords or PIN would reduce system's usability. Biometric continuous authentication, instead, is emerging as viable alternative approach that can guarantee accurate and transparent verification for the entire session: the traits can be repeatedly acquired avoiding disturbing the user's activity. Another security service that these systems may need is nonrepudiation, which protect against the denial of having used the system or executed some commands with it. The paper focuses on biometric continuous authentication and nonrepudiation, and it briefly presents a preliminary solution based on a specific case study. This work presents the current research direction of the author and describes some challenges that the student aims to address in the next years.