Biometric authentication as a service for enterprise identity management deployment: a data protection perspective

Biometric Authentication as a Service is an innovative approach for strong authentication in web environments based on the Software as a Service model. However, both the adoption of SaaS systems and biometric technologies negatively correlate with perceived privacy and data protection risks. We specify a list of evaluation criteria for BioAaaS systems from a data protection point of view including elements specific to both biometrics and SaaS. We further apply these criteria on a prototypical implementation of a SaaS-compliant biometric authentication service based on keystroke dynamics for enterprise deployment. The assessment shows that for the most part the prototype conforms to technical data protection requirements. At the organizational level the selection and control of a trust-worthy provider and the conclusion of the service agreement remain.

[1]  John R. Vacca,et al.  Biometric Technologies and Verification Systems , 2007 .

[2]  Jean-Yves Ramel,et al.  User Classification for Keystroke Dynamics Authentication , 2007, ICB.

[3]  Christoph Meinel,et al.  Using quantified trust levels to describe authentication requirements in federated identity management , 2008, SWS '08.

[4]  Wolfgang Hommel Architektur- und Werkzeugkonzepte für föderiertes Identitäts-Management , 2007 .

[5]  Michael Achatz,et al.  On the Design of an Authentication System Based on Keystroke Dynamics Using a Predefined Input Text , 2007, Int. J. Inf. Secur. Priv..

[6]  Matthias Olden Biometric authentication and authorisation infrastructures , 2008 .

[7]  Tim Mather,et al.  Cloud Security and Privacy , 2023, International Journal for Research in Applied Science and Engineering Technology.

[8]  Thomas Hess,et al.  Software as a Service , 2008, Wirtschaftsinf..

[9]  Florian Dotzler Datenschutzrechtliche Aspekte und der Einsatz biometrischer Systeme in Unternehmen: Eine exemplarische Betrachtung von Systemen auf der Grundlage des biometrischen Merkmals Tippverhalten , 2010 .

[10]  Terence Sim,et al.  Keystroke Dynamics in a General Setting , 2007, ICB.

[11]  Claudia Picardi,et al.  User authentication through keystroke dynamics , 2002, TSEC.

[12]  Elisa Bertino,et al.  Security for Web Services and Service-Oriented Architectures , 2009 .

[13]  Claudia Eckert,et al.  IT Sicherheit : Konzepte, Verfahren, Protokolle , 2007 .

[14]  Sungzoon Cho,et al.  GA SVM Wrapper Ensemble for Keystroke Dynamics Authentication , 2006, ICB.

[15]  Woojin Chang Keystroke Biometric System Using Wavelets , 2006, ICB.

[16]  Peter Hoonakker,et al.  Password Authentication from a Human Factors Perspective: Results of a Survey among End-Users , 2009 .

[17]  Roland Gabriel IT-Sicherheit , 2006, Wirtsch..

[18]  Soo Dong Kim,et al.  A Systematic Process for Developing High Quality SaaS Cloud Services , 2009, CloudCom.

[19]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[20]  Rüdiger Dierstein Sicherheit in der Informationstechnik—der Begriff IT-Sicherheit , 2004, Informatik-Spektrum.

[21]  Christian Senk Securing Inter-Organizational Workflows in Highly Dynamic Environments through Biometric Authentication , 2010, ECIS.

[22]  Jian Zhao,et al.  Anonymous Biometric Access Control , 2009, EURASIP J. Inf. Secur..

[23]  Thilo Weichert Cloud Computing und Datenschutz , 2010, Datenschutz und Datensicherheit - DuD.

[24]  Giancarlo Ruffo,et al.  Keystroke Analysis of Different Languages: A Case Study , 2005, IDA.

[25]  Idir Bakdi Benutzerauthentifizierung anhand des Tippverhaltens bei Verwendung fester Eingabetexte , 2007 .

[26]  John W. Rittinghouse,et al.  Cloud Computing: Implementation, Management, and Security , 2009 .

[27]  Claudia Eckert Sicherheit in der Informationstechnik , 2002 .

[28]  Ruth Breu,et al.  SeAAS - A Reference Architecture for Security Services in SOA , 2009, J. Univers. Comput. Sci..

[29]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.