Securing Critical Systems through Continuous User Authentication and Non-repudiation

Providing a mechanism for authenticating a user's access to resources is very important, especially for systems that can be considered critical for the data stored and the functionalities offered. In those environments, traditional authentication mechanisms can be ineffective to face intrusions: they usually verify user's identity only at login, and even repeating this step, frequently asking for passwords or PIN would reduce system's usability. Biometric continuous authentication, instead, is emerging as viable alternative approach that can guarantee accurate and transparent verification for the entire session: the traits can be repeatedly acquired avoiding disturbing the user's activity. Another important property that critical systems may need to be guaranteed is non-repudiation, which means protection against the denial of having used the system or executed some specific commands with it. The paper focuses on biometric continuous authentication and non-repudiation, and it briefly presents a preliminary solution based on a specific case study. This work presents the current research direction of the author and describes some challenges that the student aims to address in the next years