This document discusses behavior biometrics and TypeWATCH software. It summarizes that TypeWATCH uses behavior biometrics to monitor typing patterns to detect identity theft attempts and continually verify user identities. It does this without hardware by analyzing a user's typing as they use applications. TypeWATCH can be used by individuals, enterprises, and for websites to complement other security measures by adding a behavior biometric layer without interrupting users.
As long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard.
Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.
As long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard.
Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.
Example Use case #1.
Legitimate user is attempting to log in to his/her enterprise resources.
The user provides valid credentials, and other risk checks have been verified (device recognition was checked, threat service is known, request is coming from a known location, no improbable travel event has occurred, and identity
looks legit compared to our identity store).
But if the user’s behavioral biometric profile doesn’t match the profile of record for the legitimate user
Example Use case #2.
Legitimate user fails to log off before leaving for lunch.
An attacker sits down at that workstation and tries to view sensitive data that the legitimate user has access to.
But because the attackers’ typing sequences do not match the legitimate user’s behavioral biometric profile, Keystroke Dynamics may invoke multi-factor authentication, thwarting the attacker and keeping the sensitive
data safe
Flexible (passive) Enrolment and Roll-out
Provides immediate or gradual enrolment
Can be gradually or instantaneously deployed to the any number of users of users
Profiling, Enrollment and Persistent Identity Validation
The user is not required to type dedicated text nor to use dedicated application
The system is ready to start, on it has gathered enough typing rhythms to built a first reliable biometric profile
The profile is built dynamically and is constantly being updated
Profile theft and reproduction are not a threat as Keystroke identifiers and information are:
Stored as a hash value
Masked before hashing
Unique to each user
Sent to the server in large chunks of data
With no regard to the sequence they were originally typed
Accuracy
Marginal false acceptance rate
Increases strength with every successful login
Continuous security post-login (inside the perimeter)
Does not register what is being typed. Only unique typing rhythms:
Dwell times - time elapsed with a key pressed down;
Flight times - time elapsed on the travel between consecutive keys
TypeWATCH, an e-biometric solution that continuously authenticate and detect possible intrusions.
Directed to enterprise customers
Deployed centrally and allows for fine-grained management and enforcement of policies
Supports Centralized Management and Monitoring
Management of Users
Assignment of Security Roles and Licenses
Definition of security levels
Control end-users allowed actions
Reset user’s biometric profile centrally
Monitoring
Monitor alarms for each user
Search for user actions/alarms and get details over the alarm
Administration Console monitoring tab example with:
Alarms of each user;
Search option;
Alarm details including photo and screenshot.
Special actions can be selected:
E-mail received by the user right after the intrusion detection contains the alarm details including photo and screenshot;
After each alarm the workstation is locked and password authentication is requested. After authentication by password, the user workspace is locked again but now by the text authentication screen asking to the user to write free text in order to be authenticated by the way he types.
Directed to end-users/mass market
Any windows user can download and install TypeWATCH and start using it in a matter of minutes
Will be delivered initially as freemium/shareware and a paying version will come in the future
Works as a stand-alone app on any windows computer
Allows users to monitor and adapt security settings locally
Users are able to verify what alarms where detected and when
User are able to adapt their profile strictness level and hence the algorithm sensitivity
May also be used for Proof of Concept/Demoing the product/algorithm