Hackers can recreate your fingerprints, but can they mimic your typing?
This is a guest post by Csaba Krasznay, security evangelist at Balabit.
As quickly as businesses are developing new defense tactics, hackers are creating new methods to infiltrate systems, including hijacking credentials that allow them to dig deeper and steal sensitive data. Physiological biometric data – such as fingerprints, voice or facial recognition – can go a long way in helping to unmask these attackers, but they are still limited in their effectiveness. Behavioral biometric data, on the other hand, can make up where they fall short.
There are distinct differences between physiological biometrics and behavioral biometrics when it comes down to meeting three requirements:
1. Real time detection: In many cases, criminals spend days, weeks or even months in an IT system before being detected, and often times, they gain access to the most critical data in the first few minutes. This is why real-time detection is critical.
2. Continuous monitoring in a non-obstructive way: One-off authentication is useless if an external attacker has already compromised user credentials. However, users find multiple authentications cumbersome, so they are likely to circumvent them wherever possible.
3. Reasonable accuracy: Security teams are overwhelmed by thousands of false alerts, so a technology solution that produces even more false positive alerts just takes up more of their time.
How Secure Are Physiological Biometrics?
Utilizing physiological biometric data benefits end users who are frustrated with remembering multiple passwords. And while logging in with something you are, rather than with a set of arbitrary numbers and letters may seem foolproof, these methods aren’t as strong as one might think.
Hackers have managed to use graphite powder, etching machines and wood glue to create fingerprint replicas good enough to fool scanners, and have even been known to cold call targets to capture voice samples for hacking voice recognition systems. Researchers have also managed to create models that can fool retina scanners and facial recognition systems, proving that these methods are not foolproof.
Additionally, these human traits are authenticated at one point in time, so continuous monitoring is not possible without disturbing the user. And, unlike resetting a password or a pin code, users cannot reset their retinas or fingerprints once hackers have used it to compromise their accounts.
How Behavioral Biometrics Can Give Hackers Away
Humans aren’t just defined by their physical traits. Experiments have revealed that routine tasks such as speaking, writing, walking, and typing are governed by a set of actions, which can be predicted, giving way to behavioral biometrics systems. Mouse movement analysis and keystroke dynamics analysis are two widespread technologies that have proven successful for real-time, accurate detection.
Even though most users are not utilizing a computer for painting, they are continuously drawing spans with the cursor while using the mouse. Subtle differences can not only be found in the straightness or curvature of drawn lines, but in the smoothness of these movements as well. Some users move the cursor in one continuous line, while others break it to smaller fragments. Also, quick movements produce curves with varying characteristics from slower movements. This idiosyncratic behavior creates a unique user profile that helps distinguish one user from another.
While users may all have the same keyboard, the way they type is unique to them. Typing rhythm or keystroke dynamics analysis looks at the manner and rhythm in which a person types on a keyboard. The most typical values regarding keystroke are dwell time, or the length time a key is pressed, and flight time, the time between releasing one key and pressing the next down. Special function keys are also used differently by each user. One person might prefer Right Shift, while another uses Left Shift. One may use Backspace more often, while others go for Delete. The time needed to press a key also varies, usually dependent on the size of the users’ hands. Based on that information, it is possible to create a group of keys that are also unique to each user.
Behavioral biometrics also overcome the most important limitation of physiological biometrics systems, as they can be collected without the knowledge of the user, allowing for continuous authentication.
However, every IT security professional needs to understand that “silver bullets” do not exist within hack defense. But by introducing layered security mechanisms with biometrics at the center, they can increase the security of their entire system. If an attack takes down one security mechanism, other biometric mechanisms can still provide the security necessary to protect the system. Enterprises can easily introduce these behavioral and physiological biometrics solutions without subjecting their employees to constant interruptions. More importantly, they provide results in real-time, so IT security teams are able to monitor the activities of users continuously and accurately and catch hackers more quickly and efficiently.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.
Balabit | behavioral biometrics | continuous authentication | fraud prevention | keystroke dynamics