Transcript Msci726 Communications Management Dr. R. Sundarraj

Discussion of
Modeling an Intelligent
Continuous Authentication
System to Protect Financial
Information Resources
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
1
Introduction and Motivation
 Pre- and Post-Internet eras
 Distributed
 Mobile
 Authentication
 Static versus continuous

Need


Ever-changing profiles and patterns
30% of the companies experience intrusion
 29% from inside; 71% from outside
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
2
Framework for CA
 Four levels of authentication
 User
 User-resource
 User-resource-system
 User-resource-system-transaction
 Probability thresholds are used to validate access
 Strengths
 Drill-down, Need for CA to be adaptive
 Improvements
 Why are these four chosen? Are there other ways to
cut this? Theory?
 Description of the four levels can be shortened
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
3
Solution Model
 Swarm technology
 At each CA level (local agent--LAA), compute:


17/07/2015
most likely pattern = function of: finger strokes;
password; token
Communicate to Global Agent (GAA)
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
4
CA Level
Solution Model (continued)
Level 4 CA
Level 3 CA
Level 2 CA
Level 1 CA
User
Virtual CA
transaction log
Local Autonomous Agent
Resource
Local Autonomous Agent
Workstation
Local Autonomous Agent
Transaction
Local Autonomous Agent
Dynamic Conflict Resolution Rules
Global Autonomous Agent
Figure 3: CAS and Swarm Technology
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
5
Solution Model (continued)
 Figure shows a good framework for CA
 Questions remain on Validation of Model
 How is the function chosen?
 How do we know that the function in not too
sensitive?
 How do we assign numbers to the factors?
 How do we know system is adaptive--by
change in the factors?
 How are conflicts resolved by GAA?
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
6
Conclusions
 Challenges
 Modeling
 How to get probabilities and model
 Technical
 How to send the data between points with encryption?
 How to manage the data?
 Human issues
 Intrusiveness. Would user’s accept?
 Would auditors accept?
 Contributions
 Established the need for CA
 Provided a framework for CA
 Proposed an underlying model
R ("Sundar") Sundarraj, PhD, Department of
7
17/07/2015
Management Sciences, University of Waterloo