Defensa en profundidad en sistemas de control de accesos mediante autenticación continua

  1. JUNQUERA SÁNCHEZ, JAVIER
Dirigée par:
  1. José Javier Martínez Herráiz Directeur
  2. Luis de Marcos Ortega Co-directeur/trice

Université de défendre: Universidad de Alcalá

Fecha de defensa: 13 avril 2023

Jury:
  1. Victor Abraham Villagrá González President
  2. María Teresa Villalba de Benito Secrétaire
  3. Ricardo Julio Rodríguez Fernández Rapporteur

Type: Thèses

Teseo: 806296 DIALNET lock_openTESEO editor

Résumé

The security of information systems is highly dependent on the access control process, but this process’s reliability lies, mainly, on the punctual authentication of the operator’s identity. After decades of implantation, [2], mobile phone technologies are present in practically all the current business processes, but, regarding information security, they have several weaknesses: they do not always operate in trusted environments, are easier to steal, etc.; what, from the point of view of access control, derives in a total absence of mechanisms to protect the information system once the operator’s identity has been authenticated. Asking for authentication periodically could be obtrusive for a working session, but by using behavioural biometrics, it could be possible to evaluate the operators’ identity without disturbing them: this is continuous authentication. This PhD Thesis addresses, through three research articles, how continuous authentication could mitigate the new risks of the information systems, leading to a successful defence-in-depth model for access control systems. While there is no one formal definition of what continuous authentication is, the first step has been developing a systematic literature review, which has led to characterize this research area. The second article describes a use case where continuous authentication principles reinforce the security of a distributed information system, making evident the differences between dynamic authentication systems and continuous authentication ones. Finally, we have conducted an experiment where 7 supervised classification algorithms have been tested, analyzing how, and with which particularities, they can lead to continuous authentication. This final research aims to give support to the decision-making processes where continuous authentication is needed, but also to fix a solid knowledge base that allows the comparison of these algorithms in regards the behavioural biometrics. This PhD thesis evidences that continuous authentication contributes to the defencein-depth of access control systems, especially for those where a human operator must be authenticated during a working session.