Msci726 Communications Management Dr. R. Sundarraj
Download
Report
Transcript Msci726 Communications Management Dr. R. Sundarraj
Discussion of
Modeling an Intelligent
Continuous Authentication
System to Protect Financial
Information Resources
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
1
Introduction and Motivation
Pre- and Post-Internet eras
Distributed
Mobile
Authentication
Static versus continuous
Need
Ever-changing profiles and patterns
30% of the companies experience intrusion
29% from inside; 71% from outside
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
2
Framework for CA
Four levels of authentication
User
User-resource
User-resource-system
User-resource-system-transaction
Probability thresholds are used to validate access
Strengths
Drill-down, Need for CA to be adaptive
Improvements
Why are these four chosen? Are there other ways to
cut this? Theory?
Description of the four levels can be shortened
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
3
Solution Model
Swarm technology
At each CA level (local agent--LAA), compute:
17/07/2015
most likely pattern = function of: finger strokes;
password; token
Communicate to Global Agent (GAA)
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
4
CA Level
Solution Model (continued)
Level 4 CA
Level 3 CA
Level 2 CA
Level 1 CA
User
Virtual CA
transaction log
Local Autonomous Agent
Resource
Local Autonomous Agent
Workstation
Local Autonomous Agent
Transaction
Local Autonomous Agent
Dynamic Conflict Resolution Rules
Global Autonomous Agent
Figure 3: CAS and Swarm Technology
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
5
Solution Model (continued)
Figure shows a good framework for CA
Questions remain on Validation of Model
How is the function chosen?
How do we know that the function in not too
sensitive?
How do we assign numbers to the factors?
How do we know system is adaptive--by
change in the factors?
How are conflicts resolved by GAA?
17/07/2015
R ("Sundar") Sundarraj, PhD, Department of
Management Sciences, University of Waterloo
6
Conclusions
Challenges
Modeling
How to get probabilities and model
Technical
How to send the data between points with encryption?
How to manage the data?
Human issues
Intrusiveness. Would user’s accept?
Would auditors accept?
Contributions
Established the need for CA
Provided a framework for CA
Proposed an underlying model
R ("Sundar") Sundarraj, PhD, Department of
7
17/07/2015
Management Sciences, University of Waterloo