On use of personal information processing properties for dynamic network security applications

Date of Completion

January 1996


Operations Research|Computer Science




Heightened interest and increased accessibility to computer systems have presented new threats to computer security, particularly in the areas of unauthorized system access. To counter such threats, computer password systems are used due to ease of implementation and low cost. However, there is nothing to prohibit access to a system if an adversary has discovered a valid password. Passwords are therefore open to compromise without the knowledge of their disclosure. In addition, passwords are static identity verifiers implying the same person is assumed until log-off.^ There is very limited evidence of studies done with respect to techniques which aid in dynamically discriminating among users to ascertain whether the user at the terminal is actually the verified and authorized user at login time. A new authentication model is developed which is based on the variability in individual human-computer interactions, and implements a technique for formally modeling and analytically evaluating human-computer interactions. It employs dynamic, continuous, unobtrusive verification throughout a user's login session. The model is used in conjunction with a system's existing password mechanism and is composed of individual user models, based on users' personal cognitive characteristics and usage patterns. Each user model is developed using probabilistic finite automata theory combined with time measures. This work also addresses informational issues regarding data accumulation, calibration, and model dimensionality. ^