MICRO AMBIENTE (5 FUERZAS DE PORTER)

1. [95] MONDAL, S.,ANDBOURS, P. A computational approach to the continuous authentica- tion biometric system. Information Sciences 304 (2015), 28 – 53.

1. INTRODUCTION Continuous Authentication Approach Datasets Description and Feature Extraction Application on Computer Application on Mobile Device

• Trust Model: A Computational Approach for Continuous

Authentication (Chapter 3)

• Performance Evaluation of Continuous Authentication

System (Chapter 4)

• Description of the Datasets

and Feature Extraction (Chapter 5)

• Continuous Authentication using Mouse Dynamics (Chapter 6) • Continuous Authentication using Keystroke Dynamics (Chapter 7) • Continuous Authentication using a Combination of Keystroke and

Mouse Dynamics (Chapter 8)

• Continuous Authentication on

Mobile Devices (Chapter 9)

Figure 1.1: Overview of the Part II chapters: Continuous Authentication

2. [22] BOURS, P., ANDMONDAL, S. Performance evaluation of continuous authentication systems. IET Biometrics (2015), 1–7.

3. [104] MONDAL, S.,ANDBOURS, P. A study on continuous authentication using a combina- tion of keystroke and mouse biometrics. Under Review in Neurocomputing, 2016.

4. [103] MONDAL, S., AND BOURS, P. Person identification by keystroke dynamics using pairwise user coupling. Under Review in IEEE Transactions on Dependable and Secure Com- puting, 2016.

5. [102] MONDAL, S.,ANDBOURS, P. Continuous user authentication and adversary identifi- cation: Combining security & forensics. Under Review in IEEE Transactions on Information Forensics & Security, 2016.

1.5.2 Book Chapter

1. [21] BOURS, P.,ANDMONDAL, S. Continuous Authentication with Keystroke Dynamics. Science Gate Publishing, 2015, ch. Recent Advances in User Authentication Using Keystroke Dynamics Biometrics, pp. 41–58.

2. [106] MONDAL, S., BOURS, P., JOHANSEN, L., STENVI, R.,ANDØVERBØ, M. Impor- tance of a Versatile Logging Tool for Behavioural Biometrics and Continuous Authentication 6

1.5 LIST OFPUBLICATIONS Continuous Identification Concepts Application on Mobile Device Application on Computer

• Continuous Identification Concepts (Chapter 10)

• Continuous Identification using a Combination of Keystroke and

Mouse Dynamics (Chapter 11)

• Continuous Identification on Mobile Devices

(Chapter 12)

Figure 1.2: Overview of the Part III chapters: Continuous Identification

Research. IGI Global, 2015, ch. Handbook of Research on Homeland Security Threats and Countermeasures.

1.5.3 Conference

1. [92] MONDAL, S.,ANDBOURS, P. Continuous authentication using behavioural biometrics. In Collaborative European Research Conference (CERC’13) (2013), pp. 130–140.

2. [93] MONDAL, S.,ANDBOURS, P. Continuous authentication using mouse dynamics. In Int. Conf. of the Biometrics Special Interest Group (BIOSIG’13)(2013), IEEE, pp. 1–12. 3. [105] MONDAL, S., BOURS, P.,ANDIDRUS, S. Z. S. Complexity measurement of a pass-

word for keystroke dynamics: Preliminary study. In 6th Int. Conf. on Security of Information and Networks (SIN’13)(2013), ACM, pp. 301–305.

4. [94] MONDAL, S.,ANDBOURS, P. Continuous authentication using fuzzy logic. In 7th Int. Conf. on Security of Information and Networks (SIN’14)(2014), ACM, pp. 231–238. 5. [98] MONDAL, S.,ANDBOURS, P. Continuous authentication in a real world settings. In 8th

Int. Conf. on Advances in Pattern Recognition (ICAPR’15)(2015), IEEE, pp. 1–6.

6. [96] MONDAL, S.,ANDBOURS, P. Context independent continuous authentication using be- havioural biometrics. In IEEE Int. Conf. on Identity, Security and Behavior Analysis (ISBA’15) (2015), IEEE, pp. 1–8.

7. [100] MONDAL, S., AND BOURS, P. Swipe gesture based continuous authentication for mobile devices. In Int. Conf. on Biometrics (ICB’15) (2015), IEEE, pp. 458–465.

8. [99] MONDAL, S.,ANDBOURS, P. Does context matter for the performance of continuous authentication biometric systems? an empirical study on mobile devices. In Int. Conf. of the Biometrics Special Interest Group (BIOSIG’15)(2015), IEEE, pp. 1–5.

1. INTRODUCTION

9. [97] MONDAL, S.,ANDBOURS, P. Continuous authentication and identification for mo- bile devices: Combining security and forensics. In 7th IEEE Int. Workshop on Information Forensics and Security (WIFS’15)(2015), IEEE, pp. 1–6.

10. [101] MONDAL, S.,ANDBOURS, P. Combining keystroke and mouse dynamics for con- tinuous user authentication and identification. In IEEE Int. Conf. on Identity, Security and Behavior Analysis (ISBA’16)(2016), IEEE, pp. 1–8.

Chapter 2

State of the Art

In this chapter, we describe how continuous authentication has been achieved in the past using uni- modal behavioural biometrics or with biological biometrics. We also explore the methods followed to fuse multiple behavioural biometric modalities to increase the performance of the continuous au- thentication system and to avoid security holes that can be exploited by imposters to avoid detection. We will present results achieved with these methods.

This chapter is based on the paper published in: [92] MONDAL, S.,ANDBOURS, P. Continu- ous authentication using behavioural biometrics. In Collaborative European Research Conference (CERC’13)(2013), pp. 130–140.

2.1

Introduction

In almost every aspect of the human life, computer systems and networks have become an impor- tant gadget. Communication services, aviation, and financial services are already controlled by computer systems. People entrust vital information to these systems, such as medical and criminal records, financial transactions, and personal emails. However, this increasing dependency on com- puter systems coupled with a growing emphasis on global accessibility in cyberspace, has unveiled new threats to computer system security. In addition, crimes and imposters in the cyberspace ap- pear almost everywhere. Crimes on the computer networks may cause serious damages, including communication blocking, perusal of classified files, and commerce information destruction.

Attacks on a computer system can happen on the network level, system level or user level, or any combination of these three levels. Network-level attacks include network denial of service and probing. System-level attacks include privilege escalation, such as buffer overflow, program modification, perhaps caused by a Trojan horse or virus, and denial of service. User-level attacks include masquerade and imposter attacks. In our research, we are mainly concentrating on user level attack i.e. imposter attacks.

For most existing computer systems, once the user identity has been verified at login, the system resources are available to the user until the user exits the system or the session will be locked. This may be appropriate for low-security environments, but can lead to session hijacking in which an attacker targets a post-authenticated session. In high risk environments or where the cost of unau- thorized use of a computer is high, continuous verification or authentication of the user is extremely important. A Continuous Biometric Authentication System (CBAS) was built with the biometric data supplied by a user’s physical or behavioural characteristics, and it continuously checks the identity of the user throughout the session [145]. However, a single biometric modality may be inadequate for user verification either because of noise in the data sample, unavailability of a sample at a given time or universality/uniqueness issues of that particular biometric modality. To overcome this lim- itation, researchers have proposed the use of multiple biometric modalities and have demonstrated increased accuracy of verification [126].

2.1.1 Application areas of Continuous Authentication

Continuous Authentication can be applied in any environment where the cost of unauthorized access is very high. Some of the examples are,

2. STATE OF THEART

• E-learning and on-line exams; • Defence computer controls;

• Computers for airline cockpit and marine controls; • Health care;

• Cyber-criminal profiling;

• Mobile devices (i.e. smart phone and tablet PC).