Behavioral Authentication for Security and Safety

TL;DR

This review provides a comprehensive examination of the background and preliminaries of behavioral authentication and summarizes existing research based on their respective focus areas and characteristics.

Abstract

The issues of both system security and safety can be dissected integrally from the perspective of behavioral \emph{appropriateness}. That is, a system is secure or safe can be judged by whether the behavior of certain agent(s) is \emph{appropriate} or not. Specifically, a so-called \emph{appropriate behavior} involves the right agent performing the right actions at the right time under certain conditions. Then, according to different levels of appropriateness and degrees of custodies, behavioral authentication can be graded into three levels, i.e., the authentication of behavioral \emph{Identity}, \emph{Conformity}, and \emph{Benignity}. In a broad sense, for the security and safety issue, behavioral authentication is not only an innovative and promising method due to its inherent advantages but also a critical and fundamental problem due to the ubiquity of behavior generation and the necessity of behavior regulation in any system. By this classification, this review provides a comprehensive examination of the background and preliminaries of behavioral authentication. It further summarizes existing research based on their respective focus areas and characteristics. The challenges confronted by current behavioral authentication methods are analyzed, and potential research directions are discussed to promote the diversified and integrated development of behavioral authentication.

Figures (11)

• Figure 1: (a) illustrates the concept of security and safety can be seen as an "appropriate state" during the on-going detection, an "appropriate process" (sequence of states) in the ex-post evaluation, and an "appropriate situation" (trend in the development of states) in the ex-ante awareness. The essence of studying security lies in examining whether the changing states are secure, and the factors inside and outside the state changes are referred to as behavior. (b) describes the conceptual framework of behavioral authentication.
• Figure 2: A typical example demonstrating how different levels of behavioral authentication ensure the safety and security of credit loan services. (a) shows criminals collect information from victims and submit loan applications, and it can be addressed by behavioral identity authentication. (b) describes the illicit re-lending of funds activities that occur after the loan has been approved and disbursed, which belongs to the level of behavioral conformity authentication. In the auditing process, timely analyzing the flow of loans among different platforms and ensuring the predictability of lending risks, are the key issues addressed by behavioral benignity authentication, as shown in (c). Behavioral authentication expands through a progressive framework of sub-functions, i.e., identity, conformity, and benignity, to achieve gradual enhancement for the safety and security of credit loan services.
• Figure 3: An example illustrating the security and safety issues that different levels of behavioral authentication need to confront in intelligent transportation information services. (a) describes the entity access phase where various entities may face threats such as identity theft and phishing attacks, and it belongs to the level of behavioral identity authentication. (b) illustrates the monitoring of API interface traffic and blocking of non-compliant request entities during collaborative interactions and communication process, which falls under the level of behavioral conformity authentication. (c) shows the functionality of behavioral benignity authentication, which identifies and rectifies high-risk paths within the system, enabling internal information protection and proactive defense against malicious activities.
• Figure 4: Components of behavioral identity authentication.
• Figure 5: Components of behavioral conformity authentication.