UC02 - Continuous authentication

The main purpose of the continuous authentication is to watch out for anomalies throughout the session, with each request. This is achieved with nevisDetect which has nevisAdapt integrated via its own plugin.

nevisDetect

nevisDetect collects behavioral data with each request, calculates an aggregate risk score over all of them and depending on the result, it is able to put the active user on blacklist, terminating the session immediately (which later can be lifted by security personnel on request). Risk scores for each feature are calculated with their respective plugin which provide a communication channel between the service and nevisDetect. To keep track of authentication context data, nevisDetect can rely on the nevisAdapt service via its own plugin.

nevisAdapt plugin

The plugin for nevisAdapt maintains a cache of observations for the active users. It only sends a new analysis request to nevisAdapt if there is no exact match available in the cache (and after receiving the results of the analysis, adds them to the cache), otherwise it simply increases the count of requests that matched and returns the saved risk scores. When the session ends (either by logout or by timeout), it also sends a session termination request and persists all the related observations and their collected count on nevisAdapt side.

Installation

Both nevisDetect and nevisAdapt have to be installed to set up continuous authentication.

nevisAdmin 4 deployment

There are two main compositions of nevisAdmin 4 patterns, one for each main use case, this one requires nevisDetect, to be extended with the plugin as it implements continuous authentication.