Behavioral Identification App
Our client is an ISV provider of software solutions for enterprise information security based in Victoria, Canada. They have revolutionized the market with an innovative idea of turning human beings from the all-time weakest link in the security of any system into an extra authentication method.
We helped them to develop another authentication route on top of the regular passwords to make sure that nobody except the system administrator and legit user would be able to access the PC workstation even with the right login credentials including the password. This method looks like the standard Windows login screen and doesn’t require any additional actions from the users.
C++, Windows Credential Provider
2 Engineers, 6 Months
Implementation of such solution required us a deep understanding of low-level desktop OS architecture. The product interferes the Windows login screen which is one of the most complex tasks considering the security-based nature of this feature and all the layers of protection. So, the client has reached out to Existek because our team has the rare desktop programming skills to perform backend and frontend development for such solutions.
The idea behind the product is to create the application which collects the individual behavioral biometrics data like the delay between keystrokes for the particular person, sends this information to the backend for the analysis of the common patterns by the AI, creates the user’s biometric profile for further matching each login with this profile. So, in case anybody would manage to steal the credentials the access won’t be granted because keystrokes biometric does not match. The AI is learning and adapting to the user’s behavior if he or she would start to enter the password faster with the time etc.
The pillars of the enterprise cybersecurity are the centralized control of the access to each workstation, logs of the login attempts, user management, automatic monitoring of suspicious activity, and ability to restrict the access remotely. To provide customers with this functionality, we needed to make possible the quick and reliable transfer of this data to the admin panel that gives access to the whole system and its accumulated data.
Development of the application with the integrations and features of that complexity was related to solving the number of technical challenges. Here is the list of some of them:
- Modification of the Windows login screen service and interface for the additional authentication method
- Interception of the keystrokes metrics on the Windows user login screen
- Add-on development and integration with the Windows login security service for two-factor authentication
- Integration with the backend AI-based service to collect, analyze and store the biometrics data
- Integration with the administration dashboard for the complete system management
The solution was implemented in C++ as a custom Windows Credential Provider (ICredentialProvider, ICredentialProviderCredential2). The application serves as an extra layer of security after the standard Windows user password check.
Firstly, on the login screen, security solution captures all keystrokes and the behavioral data such as the timings between pressing different keys and sends it to the server for the analysis and for shaping the user profile after each successful login. When the profile is created, the application sends the keystrokes data to the server where it is compared with the user biometric profile created by AI after some number of successful authentications confirmed by Windows.
We have integrated this solution with the system administrator dashboard to provide the cybersecurity department with the tools to manage users, monitor system status, activity and react to the potential hacks.
We also implemented a Windows Installer (MSI) using Wix which installs Custom Credential Provider to a target machine either manually or using a group policy deployment. Below is the list of features and solutions we have implemented for this project:
- Integration with the Windows security service with the Credential Provider (ICredentialProvider, ICredentialProviderCredential2) feature
- Invisible for the users integration with the Windows login screen
- Gathering, categorization, and sending of the data received during the login attempts to the backend AI engine which analyzes the data and creates the users’ biometrics profiles
- Integration with the backend service for the security managers with the dashboard, system settings, user management, security alerts, system management, authentication settings, and options
- Windows Installer (MSI) implementation for the manual installation on the particular machine or the group policy rollout.
Even longest passwords with numbers and symbols are quite weak when talking about enterprise security. The business information locked behind the login credentials can be literally priceless so the malefactors are focussing their efforts on this kind of data in the first place. The complex passwords protect from the brute-force attacks and accidental access by the unauthorized personnel, however, those are only some of the threats. Password owners are not protected against malware, social hacking, fishing, and leaks of the passwords databases from the third parties websites in cases they use the same password everywhere.
Leveraging our unique expertise in desktop operating systems architecture we helped to develop a robust product that completely eliminates those potential threats to the enterprise cybersecurity. Besides everything else, we managed to complete that almost impossible task of modifying the Windows login feature and successfully integrate it into the innovative and security software platform.