Continuous Authentication

Contexts

Cybersecurity, IAM

Term

Continuous Authentication

Alternative Forms

 

Definitions

After the initial authentication, during the session, the monitoring of signals from the user and the environment and the comparison of this information with a baseline of expected behaviors to assure the continued authenticity of the user’s identity. Continuous authentication may trigger re-authentication and/or session termination when that level of assurance is no longer attained.

Related Terms

Quotes

Even if we put aside for a moment the problem of initial authentication, we also need to
consider the problem of continuous authentication: After one computer has authenticated
another and is ready to engage in some kind of data exchange, each computer has to
monitor for a wiretapping or hijacking attack by which a new computer would enter into
the communication, falsely alleging to be the authenticated one, as depicted in Figure 4-6.

Track user behaviors to provide continuous authentication and authorization. Up to now, authentication has been a one-time-only decision based on the credentials that the user presented. This led to easy, undetected account takeovers. S&R pros building CIAM portals need to ensure that authentication and authorization in client-facing apps is ongoing: If a user behaves nicely, they can continue to access the site and transact with it. To determine if a user is who they claim to be, the site or system needs to read signals from the user’s interaction and navigational activity to build a normalcy baseline profile, then detect and alert on any anomaly from the baseline.20 If the anomaly points to fraud, the access control system should terminate the session or require additional step-up authentication from the user.

5.2 Continuous Authentication Needs to Be Enforced

In physical cyber security convergence, a physical access control policy of a building could have many points of authentication where a user presents his access token. The repetitive re-authentication of a user should be avoided, but the user should rather be tracked using sensors from where authentication is done to where access control is enforced. Similarly, physical objects that are moved around need to be continuously tracked to ensure their integrity and safety.

A single authentication factor is generally not considered sufficiently trustworthy. An authentication process is usually considered more robust and reliable when it employs multiple types of authentication factors.21

(…)

21 As digital ID systems evolve this understanding is becoming more nuanced. Where authentication is active and continuous, authentication strength is sometimes assessed, not in terms of the number of different authentication factors and types, but in terms of overall robustness resulting from the use of multiple sources of dynamic, digital customer data, including expected log-in channels, geolocation, frequency of usage, type of usage, IP addresses and biomechanical metric behavioural patterns

(FATF, 2020, p. 22)

Bibliography

See Also

 


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.