Addressing insider threat using “where you are” as fourth factor authentication

Abstract

Current physical and cybersecurity systems have been relying on traditional three factor authentication to mitigate the threats posed by insider attacks. Typically, systems use one or two of the following factors to authenticate end-users: what you know (e.g., password), what you have (e.g., RSA ID), or what you are (e.g., fingerprint). Systems based on these factors have the following limitations: 1) access is typically bound to a single authentication occurrence leading to remote vulnerabilities, 2) the factors have little impact against persistent insider threats, and 3) many of the authentication systems violate system design principles such as user psychological acceptability by inconveniencing the end-users. In order to mitigate the identified limitations, we propose the usage of “where you are” as a complementary factor that can significantly improve both cybersecurity and physical security. Having accurate location tracking as a new factor for authentication: 1) provides continuous identification tracking and continuous mediation of access to resources, 2) requires remote threats to acquire a physical presence, 3) allows for the enforcement of cybersecurity and physical security policies in real-time through automation, and 4) provides enhanced security without inconveniencing the end-users. Using the strength of location as an authentication factor, this paper specifies design requirements that must be present in an insider-threat Prevention System (iTPS) that is capable of actively monitoring malicious insider behaviors. iTPS has the potential to radically change the physical protection systems and cybersecurity landscape by providing practitioners with the first-of-its-kind tool for real-time insider-threat prevention capabilities. iTPS is particularly suited to address the safety and security needs of critical infrastructure, nuclear facilities, and emergency response situations.