Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

4/23/2015
07:10 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Behavioral Biometrics On The Rise At RSA Conference

Harder to spoof and easier on users, behavioral biometrics may be bigger than passwords soon.

RSA CONFERENCE -- San Francisco -- Fingerprints and retinal scans are awfully hard to spoof, but they are static data that could be stolen, and worse yet, they force users to go through another pesky step in the authentication process. These are the problems being solved by behavioral biometrics technology -- or "passive biometrics," as it's called by Israeli start-up Biocatch, which Dark Reading profiled in July.

These new technologies may monitor mouse dynamics, navigation habits, and keystroke dynamics, like the speed you type and the pressure you hit the keys with, gesture dynamics like swipe speed and distance -- all things you do unconsciously which happen to be very unique to you.

Two companies at the RSA conference this week are operating in this space. Another, Toopher, was also scheduled to be in attendance, but was acquired by SalesForce in April.

NuData Security

The goal, as NuData Security marketing director Matthew Reeves explains, is to see "what can we observe, rather than request from people."

In addition to the biometrics, NuData builds profiles based upon what devices a user commonly authenticates from, or what locations they generally operate within; then flags anomalous behavior. 

Recently NuData researchers discovered that by looking for suspicious account creation activity they could predict fraud 15 days before it would happen. Today they announced an updated dashboard to make it easier to identify these suspicious events and prevent the fraud.

BehavioSec

Sweden-based Behaviosec is a device-agnostic solution that continuously monitors and measures mouse, keystroke, and gesture dynamics. When the behavior of the user (or machine) trying to log in does not match the user profile, the tool initiates a second factor of authentication.

BehavioSec has become popular with financial institutions across Scandinavia, including Danske Banke, authenticating tens of millions of users. 

The company is also in phase two of an Active Authentication project with DARPA, that would incorporate the Behaviosec mobile product with the traditional smartcard access controls used within the Department of Defense.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HAnatomi
50%
50%
HAnatomi,
User Rank: Apprentice
4/24/2015 | 1:44:43 AM
Presence of a fallback password
Biometric authentication could be a candidate for displacing the password if/when (only if/when) it has stopped depending on a password to be registered in case of false rejection while keepting the near-zero false acceptance.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
4/23/2015 | 9:00:42 PM
Re: Better Than Murder and Amputation
@Christian  "I have to give behavioral biometrics a thums up - so I can keep my thumbs!" Hahahaaaa!!! Love it.

Yes, there are still things to be worked out, but the good thing is that if these tools are used in a way that reuires no work from the user, they reduce friction, and then when there's an anomaly -- perhaps for the legitimate reasons you've mentioned -- they'll request a second factor of active authentication from the user. I can see why online retailers might really like it for return customers. 
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
4/23/2015 | 8:35:33 PM
Better Than Murder and Amputation
Because hacking biometrics involves lots of unsavory hacks such as murder, amputation or even self-mutilation, I have to give behavioral biometrics a thums up - so I can keep my thumbs!

The math and code behind this technology is fascinating, and what it takes to get you to a place where enough data has been collected to successfully create a behavioral "fingerprint" is also of interest, never quite being the same for each person.

As with all predictive tech, though, there are plenty of unforseen factors that can skew the data.  Schizophrenia, for instance, and other mental illnesses that could affect the data (whether in the initial reading, or after the reading when the mental illness presents, offsetting the user's behavior), or even something as simple as a hangover or depression.

Still, I think I prefer where this is going more than where the esoteric fingerprint or retinal scan tech was taking us.   

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13881
PUBLISHED: 2020-06-06
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
CVE-2020-13883
PUBLISHED: 2020-06-06
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
CVE-2020-13871
PUBLISHED: 2020-06-06
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.