Behavioral Biometrics History, Applications, and Technology
What is behavioral biometrics?
2017 marked an all-time high for global cyberattacks, with nearly 160,000 incidents reported—almost double the 2016 count of 82,000.1 This trend shows no signs of slowing. By 2021, costs related to cybercrimes such as identity theft will reach a staggering $6 trillion annually.2
In today’s world of increasingly sophisticated cyberattacks, traditional authentication methods—including multi-factor methods that rely on SMS, mobile identity, or authenticator apps—are not strong enough. Organizations increasingly need state-of-the-art cybersecurity measures that provide persistent, adaptive authentication while simultaneously reducing expensive administrative headaches and end-user friction.
Enter behavioral biometrics.
Behavioral Biometrics Defined
Behavioral biometrics is an evolving technology that authenticates users based on patterns in their behavior. It identifies unique, individual regularities in the ways that people type and move, rather than identifying parts of their bodies (fingerprints or irises), things that they have (key fobs or phones), or things that they know (passwords or biographical details).
Unlike traditional authentication methods, which authenticate only when access is initiated, behavioral biometrics technologies authenticate continuously, evaluating a user’s ongoing interaction with their mobile device or computer in real time.
How it works
Passwords, personal data, and key fobs are easily stolen—but it’s far less easy to “steal” the unique micro-variations in an individual’s movements.
Every person behaves in a completely individual way. The gait with which someone walks, the fluctuations in vocal tone as they speak, and the cadence with which they type are as unique as fingerprints—but are much harder for malicious actors to capture, much less duplicate. Behavioral biometrics uses these patterns to authenticate users and protect data.
Plurilock’s behavioral biometric tools run on the actual mobile devices and computer systems connected to an organization’s data. Each user with valid access automatically generates a behavioral profile that reflects the distinct ways in which he or she interacts with critical systems—gestures such as keystrokes, screen swipes, and mouse movements.
Once a user’s profile is learned, their gestures are monitored silently, in real time, to continuously authenticate identity. If behavioral patterns that don’t match the profile occur, the system can immediately prompt for other forms of authentication, block access, or lock the device down entirely.
At present, behavioral biometrics is best seen as a powerful, non-overlapping addition to other forms of authentication. In the future, as behavioral biometrics matures, it will likely replace other authentication methods entirely.3
TYPES OF BEHAVIORAL BIOMETRICS
Though the field of behavioral biometrics continues to evolve, three basic types of behavioral biometric data can already be identified: kinesthetics (body movements), vocal patterns, and device-based gestures.
Posture: The unique properties of an individual’s body position and weight distribution while standing or while seated.
Gait: An individual’s unique walking style, including characteristic movements made while in motion: stride length, upper body posture, and speed of travel relative to these.
Handling: The way an individual holds or handles a mobile device is another unique factor of behavioral biometric data.
Vocal Patterns: The unique, regular variations in sound that occur as a user speaks or vocalizes.
Keystroke Dynamics: Typing patterns that vary uniquely from user to user. These include a combination of keystroke speed, keystroke duration, variations in these for particular key sequences, and characteristic patterns that occur when typing common groups of keystrokes such as words or control sequences.
Touchscreen Swipes / Mobile Interactions: The unique ways in which users swipe, tap, pinch-zoom, type, or apply pressure on the touchscreens of mobile devices like tablets and phones.
Cursor Movement: Unique patterns in mouse or trackpad cursor movement including paths, tracking speed, direction changes, clicks, and the relationships between these.
BEHAVIORAL vs. PHYSIOLOGICAL
Behavioral biometrics tools differ in key ways from less secure physiological (body-based) biometrics tools.
Behavioral biometrics identifies patterns in the ways that particular bodies perform particular tasks—patterns in walking, speaking, typing, or even touchscreen and mouse behavior. These patterns are prohibitively difficult to capture and replicate, and they evolve over time.
Behavioral biometrics tools profile these patterns, then evolve with the user. They leverage powerful statistical models and machine learning to spot the differences between a known user’s gradual evolution and the unwanted presence of an entirely different user.
Behavioral Biometrics tools are suited to a wide variety of authentication and access management tasks, most notably in healthcare, critical infrastructure, financial services, and other high-security environments. Behavioral biometrics can prevent or mitigate against:
No matter what countermeasures are in place, login credentials are periodically stolen or compromised. This endangers systems, data, and entire infrastructures. Behavioral biometrics can be used to ensure that the person attempting to use a system has been legitimately granted access to it.
The informal sharing of named accounts is a common security risk. Best-in-class behavioral biometrics technologies can differentiate between intended users and everyone else—even as login credentials are being entered—and block authentication accordingly.
Ad-hoc substitution of one user for another, without prior knowledge or consent, is both common and risky, particularly in outsourced environments. Behavioral biometrics algorithms can ensure that the person actually using a system is the person presumed to be using it.
Oversights in privileged access management can give rise to internal threats—users whose access to some systems inadvertently results in access to others. Behavioral biometrics can ensure that the actual moment-by-moment use of any system is carried out only by intended users.
Remote Access Trojans
Whether a workstation is locally or remotely accessed, behavioral biometrics can check all use against authorized biometric profiles, immediately blocking use by unknown actors.
USB / Rubber Ducky Attacks
USB-based attacks commonly rely on rapid, automated data entry simulating keyboard or mouse use. Whatever the human user's understanding of or reaction to the attack, behavioral biometric tools are not fooled; they can immediately note the change in input patterns and block further input.
Though behavioral biometrics can’t stop a user from clicking on malicious links or supplying sensitive data to malicious actors, it can rapidly detect intruders that use phishing data to access and act on a secured system—no matter what they attempt to do once logged in.
If attacks or breaches occur, behavioral biometrics can be used to identify internal participants in them. The biometric signature of the actions taken can be compared against known user profiles, identifying the culprit(s) using the nuances of their keyboard or mouse behavior.
Even the most conscientious users may inadvertently leave workstations unattended or unlocked before stepping away. Behavioral biometrics can identify the arrival of a new, unauthorized user rapidly—even at an unlocked workstation—and take appropriate measures.
The illicit sharing of per-seat licenses is both common and a liability risk for many large organizations. Behavioral biometrics can ensure that licensing practices are sound and only named users make use of licensed products and services.
Financial services organizations, health care organizations, or others that provide services to end-users can rapidly profile each user's behavior and stop malicious attempts to access data or services with stolen user credentials.
Passive, Pervasive MFA
Passive and pervasive by design, behavioral biometrics is a completely invisible link in the authentication chain. Behavioral biometrics is transparent and frictionless; until threats arise, users don’t even know it’s there.
High Regulatory Compliance
Behavioral biometrics tools enable organizations to meet key portions of the increasingly stringent cybersecurity standards and regulations set forth by NIST 800-171, ISO 27001, HIPAA, FINRA, and FISMA.
- Online Trust Alliance: Cyber Incident & Breach Trends Report. Review and analysis of 2017 cyber incidents, trends and key issues to address. Retrieved June 12, 2018 from: https://www.otalliance.org/system/files/files/initiative/documents/ota_cyber_incident_trends_report_jan2018.pdf
- CyberSecurity Ventures: Cybercrime Damages $6 Trillion By 2021. Retrieved June 12, 2018 from: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
- National Institute of Standards and Technology. July 2018. Digital Identity Guidelines Authentication and Lifecycle Management.
- >Kaczmarek, T., Ozturk, E., and Tsudik, G. 2017. Assentication: User Deauthentication and Lunchtime Attack Mitigation with Seated Posture Biometric.
PLURILOCK IS THE LEADER IN ADVANCED AUTHENTICATION
Plurilock is the leader in advanced, risk-based authentication. We provide invisible, device-free MFA for corporate endpoints, Citrix sessions, cloud applications, and their users in finance, healthcare, education, and SaaS.