Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 143

Two broad applications of user security behavior analysis are part of the current security landscape, although one is much more well-developed than the other at the time of this writing. The first is the use of behavioral patterns, primarily ones associated with simple motions or actions, as additional authentication factors used with access control systems. Voice print identification, signature and handwriting dynamics, and keystroke dynamics are all available in the marketplace today. The second is the use of behavioral analytics to monitor ongoing user behavior to assess whether a legitimate subject is behaving in abnormal ways. Changes in behavior might be a precursor or indicator of a possible security incident. Employees can be under stress because of health or family concerns, which can lead to making mistakes or choosing wrong courses of action. In other instances, disgruntled employees might experience dissatisfaction and stress that builds to a tipping point and they react. Employees can also be vulnerable to coercion, extortion, or other threats. Some of these stresses (but not all) may show in biometric identification readings. Others may show in larger patterns of behavior, such as patterns of applications use, data accesses, or interactions in the workplace. Behavioral analytics as a form of predictive intelligence is a hot topic in security research and analytics research worldwide and could be a game-changing technology in the very near term.

Behavioral biometric methods are good examples of “something you do” rather than “something you are,” in that they all relate to measuring actions you take over time. The most frequently used forms of behavioral biometrics include the following:

 Voice Print Voice print authentication systems typically work by capturing a digital recording of a subject speaking one of several prompted phrases and then comparing that to a recording of the subject speaking the same phrase during the identity provisioning process. Digital signal processing techniques are constantly improving the ability of these systems to deal with minor illness, slight changes in cadence or tone, or ambient conditions while still providing acceptable rates of false match or false reject errors.

 Signature or Handwriting Dynamics Handwriting dynamics measures the speed and direction of the pen or stylus tip as a subject writes their signature or a standardized short phrase; in some instances, a pressure-sensitive pad and stylus can also gather useful data on how forcefully the subject presses the stylus into the pad. Without these measurements, digital signature or handwriting analysis reduces to more classical graphological analysis techniques, which can with good reliably distinguish authentic handwriting samples from clever forgeries or detect indications that the writer is under stress.

 Keystroke Dynamics Keystroke dynamics can also be used for biometric purposes. In this application, the characteristics of key presses—dwell time, for example, and the pauses between and after certain key combinations—can be recorded and registered as belonging to the legitimate user, for later comparison. As with signature dynamics, keystroke analysis verges on a new dimension of biometric security. It represents, perhaps, “something you do” as opposed to “something you are.”