Access Control beyond Authentication

Abstract

Nowadays, the Zero Trust model has become one of the standard security models. This paradigm stipulates as mandatory the protection of each endpoint, looking for providing security to all the network. To meet this end, it is necessary to guarantee the integrity of the access control systems. One possibility for bringing security to the different endpoints is continuous authentication, as an access control system. Continuous authentication is the set of technologies capable of determining if a user’s identity remains in time; whether he is the legitimate user (i.e., the only one who should know the secret credentials) or the identity has been impersonated by someone else after the authentication’s process was completed. Continuous authentication does not require the active participation of the user. Aiming to identify the different technologies involved in continuous authentication’s implementations, evaluation methods, and its use cases, this paper presents a systematic review that synthesizes the state of the art. This review is conducted to get a picture about which data sources could allow continuous authentication, in which systems it has been successfully implemented, and which are the most adequate ways to process the data. This review also identifies the defining dimensions of continuous authentication systems.