Insider attacks affect organizations globally and cost substantial time, money, trust, and customer confidence. They can be carried out by malicious insiders or unintentionally by accidental insiders. They are also exceptionally hard to detect and prevent. Current events, such as the leaks by NSA whistleblower Edward Snowden, highlight the risks that insider threats pose to organizations, including national governments. Stolen and abused credentials are two vectors used by insider attacks. Many recent breaches, including OPM in May 2015, were due to compromised passwords. Authentication schemes such as password, passphrase, and PIN codes are knowledge-based methods which are easy to hack and even easier for insiders to compromise. Furthermore, these authentication methods are single-point events not providing any additional user verification after an initial login. Behavioral-based biometrics, such as keystroke, mouse, and touch dynamics, can provide authentication systems based on who we are rather than what we know. Behavioral biometrics can be utilized in a continuous mode to verify a user actively throughout a session. This research project found that technologically, behavioral-based biometric systems can provide continuous user authentication with high levels of effectiveness. Although, the low number of academic studies utilizing real-world conditions highlights the need for additional large-scale case studies. A lack of industry standards for handling biometric data also underlines the low level of maturity of biometric-based systems. Additionally, privacy laws are divergent around the globe on the usage of biometric data. Laws even differ from state to state in the U.S. This lack of standardization makes litigation a high concern for organizations who might want to implement biometric systems.
|Advisor:||Riddell, Christopher M.|
|School Location:||United States -- New York|
|Source:||MAI 56/04M(E), Masters Abstracts International|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be