Leveraging Biometrics for Insider Misuse Identification

Abstract

Insider misuse has become a real threat to many enterprises in the last decade. A major source of such threats originates from those individuals who have inside knowledge about the organization’s resources. Therefore, preventing or responding to such incidents has become a challenging task. Digital forensics has grown into a de-facto standard in the examination of electronic evidence, which provides a basis for investigating incidents. A key barrier however is often being able to associate an individual to the stolen data—especially when stolen credentials and the Trojan defense are two commonly cited arguments. This paper proposes an approach that can more inextricably link the use of information (e.g. images, documents and emails) to the individual users who use and access them through the use of transparent biometric imprinting. The use of transparent biometrics enables the covert capture of a user’s biometric information—avoiding the potential for forgery. A series of experiments are presented to evaluate the capability of retrieving the biometric information through a variety of file modification attacks. The preliminary feasibility study has shown that it is possible to correlate an individual’s biometric information with a digital object (images) and still be able to recover the biometric signal even with significant file modification.