Dartmouth College researchers have produced a fresh approach to computer security, which authenticates users continuously whilst they are using a terminal and then automatically logs them out when they leave the terminal or when someone else steps in to use their terminal. This is a huge step for securing critical information systems such as medical records.

Could the new ZEBRA system increase security?

Could the new ZEBRA system increase security?

Dartmouth’s Trustworthy Health and Wellness (THaW) researchers have recently presented these findings at the IEEE Symposium on Security & Privacy.

Currently the common authentication methods, based upon passwords or fingerprints, perform a one-time authentication and rely upon the user logging out from the terminal when they leave. This gives rise to security risks as human error plays its usual part.

Several solutions are based on the user proximity, but these are inadequate: they verify that the user is nearby but not whether or not the user is actually making use of the terminal.

To address these issues, a Dartmouth computer science Ph.D. student, Shrirang Mare, has developed an approach called Zero-Effort Bilateral Recurring Authentication, or ZEBRA.

The ZEBRA system works by a user wearing a bracelet that has a built-in accelerometer, gyroscope and radio on their dominant wrist. When the user interacts with a terminal, the bracelet will then record the wrist movement, processes it and then send it to the terminal. The terminal will then compare the wrist movement with the input it receives from the user via standard keyboard and mouse and will confirm the sustained presence of the user only if they correlate.

ZEBRA performed continuous authentication with 85 percent accuracy in verifying the correct user and identified all adversaries within 11 seconds in testing. For a different threshold, which swops security for usability, ZEBRA accurately verified 90 percent of users and recognized all adversaries under a minute.

The study’s senior author, Professor David Kotz says, “In this work, we focused on the de-authentication problem for desktop computers because we were motivated by associated problems faced by healthcare professionals in hospitals…It would be natural to extend ZEBRA to mobile devices, such as Smartphones or tablet computers, and we believe this is possible despite some different challenges.”

In principle, ZEBRA could also be extended to other devices such as medical devices, game controllers or even TV remote controls.

As always, if you would like to leave a sensible comment, then please do so in the comments section below.

[Image via: itpro]