Modeling an intelligent continuous authentication system to protect financial information resources

Abstract This paper examines fundamental principles of continuous authentication (CA) and proposes a four-tier CA architecture to secure financial information systems. We define CA as a process that verifies the identity of an information systems user continuously for the entire duration of an authorized session. While organizations can, in theory, strengthen the security of their financial information systems through CA, several challenges need to be addressed in designing a CA architecture. A primary challenge involves the constantly changing user profiles in globally networked business environments. Profile content may include user knowledge and characteristics, access location, job characteristics, and transaction attributes. We propose swarm intelligence, which has the capacity to handle complex profile changes, as a technology for implementing CA in a dynamic, distributed network environment where user profiles are constantly changing. The paper explores model implementation challenges and discusses opportunities for future research.

[1]  E. P. Michael Strategy and the Internet. , 2001 .

[2]  Steven Furnell,et al.  Authentication and Supervision: A Survey of User Attitudes , 2000, Comput. Secur..

[3]  Dorothy E. Denning,et al.  Location-based authentication: Grounding cyberspace for better security , 1996 .

[4]  D. M. Georgoff,et al.  Harvard Business Review: David M. Georgoff and Robert G. Murdick, manager's guide to forecasting, 64 (Jan-Feb.) (1986) 110-120 , 1988 .

[5]  Mike Just,et al.  Designing and evaluating challenge-question systems , 2004, IEEE Security & Privacy Magazine.

[6]  Qing Hu,et al.  Information Technology Investments and Firms' Performance--A Duopoly Perspective , 2003, J. Manag. Inf. Syst..

[7]  Steven Furnell,et al.  Non-Intrusive Subscriber Authentication for 3 G Mobile Systems , 2002 .

[8]  Miklos A. Vasarhelyi,et al.  Restoring auditor credibility: tertiary monitoring and logging of continuous assurance systems , 2004, Int. J. Account. Inf. Syst..

[9]  Marco Dorigo,et al.  Distributed Optimization by Ant Colonies , 1992 .

[10]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[11]  Akhilesh Chandra,et al.  Toward a Biometric Security Layer in Accounting Systems , 2003, J. Inf. Syst..

[12]  Gregory R. Ganger,et al.  Authentication confidences , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[13]  Gregory R. Ganger,et al.  Secure Continuous Biometric-Enhanced Authentication , 2000 .

[14]  M Dorigo,et al.  Ant colonies for the travelling salesman problem. , 1997, Bio Systems.

[15]  Luca Maria Gambardella,et al.  Ant colony system: a cooperative learning approach to the traveling salesman problem , 1997, IEEE Trans. Evol. Comput..

[16]  Corso Elvezia,et al.  Ant colonies for the traveling salesman problem , 1997 .

[17]  Yong Sheng,et al.  A parallel decision tree-based method for user authentication based on keystroke patterns , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[18]  Patrick R. McMullen,et al.  Swarm intelligence: power in numbers , 2002, CACM.

[19]  Rick Elam,et al.  Continuous Auditing: Building Automated Auditing Capability , 2002 .

[20]  Stephen M. Matyas,et al.  A Biometric Standard for Information Management and Security , 2000, Comput. Secur..

[21]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[22]  Martin T. Hagan,et al.  Neural network design , 1995 .

[23]  Seppo Puuronen,et al.  Using continuous user authentication to detect masqueraders , 2003, Inf. Manag. Comput. Secur..

[24]  Barbara Webb,et al.  Swarm Intelligence: From Natural to Artificial Systems , 2002, Connect. Sci..

[25]  Marco Dorigo,et al.  An Investigation of some Properties of an "Ant Algorithm" , 1992, PPSN.

[26]  Nick Feamster,et al.  Dos and don'ts of client authentication on the web , 2001 .