May 17, 2020

Biometrics: the future of information security

Biometrics
Balabit
Cybercrime
Cybersecurity
Csaba Krasznay
5 min
Biometrics
Hackers are assaulting business from all sides. Increasingly, technology is needed to prevent them from stealing passwords and hijacking the credentials...

Hackers are assaulting business from all sides. Increasingly, technology is needed to prevent them from stealing passwords and hijacking the credentials that can provide easy access to sensitive data. Biometrics, has been advancing steadily for many years, and can now offer methods of authentication that can’t easily be stolen or replicated by those with malicious intentions.

Biometrics can be classified as the automated recognition of individuals based on their behavioural or biological characteristics. The main advantage of physiological biometrics is permanence: most of the features it draws on are stable and do not vary with time. Fingerprints, for example, don’t change. Neither do the unique, scannable patterns of our eyes. Most commercial applications adopt the physiological format – think of the fingerprint scanner on a smartphone or Apple’s new FaceID.

See also:

But, our physical traits are not the only things that make us unique. In fact, research suggests that routine tasks such as the way we speak, write or type are governed by a set of actions that can be just as unique. That’s why behavioural biometrics are arguably ‘more secure’ as these traits are significantly harder to steal or replicate. Some common examples used by commercial applications include, signature recognition, mouth movement analysis and typing rhythm - which can even be extended to an individuals’ most common spelling mistakes.

Where we currently stand, there is no single universal biometrics solution that works for the whole population. Especially when it comes to the physiological biometric options – some individuals’ fingers don’t possess the usual friction ridges required for a fingerprint system, similarly irregular shaped irises can make using this method of authentication problematic.

Biometric use in Information Security

Authentication is becoming increasingly difficult to maintain in our digital world. No matter the field or use, all authentication systems use one or more of the following factors of identification; something you know (i.e. a password), something you have (i.e. an ID badge or mobile device through 2FA), and something you are (i.e. a fingerprint, or your typing rhythm).

Part of the reason why the first two are becoming less effective, and hence, a greater security risk, is they are becoming increasingly easy for cybercriminals to steal, learn, or replicate in order to impersonate an individual. The strongest levels of authentication will utilise all three factors of identification.

A large majority of data breaches result from weak authentication protocols – cybercriminals are able to obtain the credentials of users and gain access to an organisations’ most valuable assets within their IT infrastructure. In fact, some reports suggest that four fifths of hacking related breaches involved the leveraging of either compromised or weak passwords. Like any security solution, biometric technology offers no guarantees when defending against a data breach, they are inevitably fallible – however, the goal here is to reduce the possible risk. Biometrics measure similarity, not identity. So, a match represents a probability of correct recognition. Likewise, a non-match represents a probability, rather than a definitive conclusion.

Measurements from an individual that meet a certain threshold compared to the reference data are considered to be a match. And even the best-designed biometric system can theoretically yield incorrect or indeterminate results. But when incorporated into other systems, it does increase an organisations’ level of defence when reducing the number of stolen user credentials due to a number of factors:

  1. Real time detection: Although in most cases, criminals spend days, weeks or even months in the IT system before being detected, they sometimes access the most critical data in the first few minutes. This is why it’s crucial to detect attackers as soon as possible.
  2. Continuous monitoring in a non-obstructive way: One-off authentication is useless if an external attacker has compromised user credentials. Users find multiple authentications cumbersome and annoying so they are likely to circumvent them wherever possible. Continuous, behaviour-based monitoring offers the best approach to authentication.
  3. Reasonable accuracy: With security teams already overwhelmed by thousands of false alerts, a technology producing even more false positive alerts is not a practical option.

Considering these requirements, mouse movement analysis and keystroke analysis are the only options that provide real time, continuous accurate authentication.

Mouse movement analysis - the basic principle of mouse movement analysis is not the position of the mouse cursor, but the relative extent of position as it changes. The most obvious factor is the speed of mouse movement. The idle time between a mouse movement and a click is as typical as the elapsed time between two clicks of a double click. Through analysing these traits, you can gauge if a users’ mouse movement deviates from their baseline behaviour.

Keystroke dynamic analysis - analyses the manner and rhythm with which a person types on a keyboard. The most typical values regarding a keystroke are dwell time (the time a key pressed) and flight time (the time between releasing a key up and pressing the next key down). What’s more there are other useful methods to identify patterns regarding the usage of a keyboard as well. Special function keys are used differently by each user. One person might favour the right shift button over the left or the backspace button over the delete button. The time taken to press a key also varies, as it depends on the size of the individual’s hands. Based on that information, it is possible to create a group of keys that are also unique to each user.

One of the first things every IT security professional needs to know is that there are no “silver bullets” in cyber defence. But through introducing layered security mechanisms, with biometrics at their heart, they can increase security of the entire ecosystem. If an attack causes one security mechanism to fail, other biometric mechanisms will kick in to protect the system.

Organisations can introduce these behavioural and physiological solutions easily, without subjecting their employees to obtrusive examinations. More importantly, they provide results in real-time, so IT security teams are able to monitor the activities of users continuously and accurately all day, all year round.

Csaba Krasznay, Security Evangelist, Balabit

Share article

Jun 16, 2021

SAS: Improving the British Army’s decision making with data

British Army
SAS
3 min
Roderick Crawford, VP and Country GM, explains the important role that SAS is playing in the British Army’s digital transformation

SAS’ long-standing relationship with the British Army is built on mutual respect and grounded by a reciprocal understanding of each others’ capabilities, strengths, and weaknesses. Roderick Crawford, VP and Country GM for SAS UKI, states that the company’s thorough grasp of the defence sector makes it an ideal partner for the Army as it undergoes its own digital transformation. 

“Major General Jon Cole told us that he wanted to enable better, faster decision-making in order to improve operational efficiency,” he explains. Therefore, SAS’ task was to help the British Army realise the “significant potential” of data through the use of artificial intelligence (AI) to automate tasks and conduct complex analysis.

In 2020, the Army invested in the SAS ‘Viya platform’ as an overture to embarking on its new digital roadmap. The goal was to deliver a new way of working that enabled agility, flexibility, faster deployment, and reduced risk and cost: “SAS put a commercial framework in place to free the Army of limits in terms of their access to our tech capabilities.”

Doing so was important not just in terms of facilitating faster innovation but also, in Crawford’s words, to “connect the unconnected.” This means structuring data in a simultaneously secure and accessible manner for all skill levels, from analysts to data engineers and military commanders. The result is that analytics and decision-making that drives innovation and increases collaboration.

Crawford also highlights the importance of the SAS platform’s open nature, “General Cole was very clear that the Army wanted a way to work with other data and analytics tools such as Python. We allow them to do that, but with improved governance and faster delivery capabilities.”

SAS realises that collaboration is at the heart of a strong partnership and has been closely developing a long-term roadmap with the Army. “Although we're separate organisations, we come together to work effectively as one,” says Crawford. “Companies usually find it very easy to partner with SAS because we're a very open, honest, and people-based business by nature.”

With digital technology itself changing with great regularity, it’s safe to imagine that SAS’ own relationship with the Army will become even closer and more diverse. As SAS assists it in enhancing its operational readiness and providing its commanders with a secure view of key data points, Crawford is certain that the company will have a continually valuable role to play.

“As warfare moves into what we might call ‘the grey-zone’, the need to understand, decide, and act on complex information streams and diverse sources has never been more important. AI, computer vision and natural language processing are technologies that we hope to exploit over the next three to five years in conjunction with the Army.”

Fundamentally, data analytics is a tool for gaining valuable insights and expediting the delivery of outcomes. The goal of the two parties’ partnership, concludes Crawford, will be to reach the point where both access to data and decision-making can be performed qualitatively and in real-time.

“SAS is absolutely delighted to have this relationship with the British Army, and across the MOD. It’s a great privilege to be part of the armed forces covenant.”

 

Share article