Security of web-based applications is a serious concern, due to the recent increase in the frequency and complexity of cyber-attacks, biometric techniques offer emerging solution for secure and trusted user identity verification, where username and password are replaced by bio-metric traits. Biometrics is the science and technology of determining identity based on physiological and behavioural traits. Biometrics includes retinal scans, finger and handprint recognition, and face recognition, handwriting analysis, voice recognition and Keyboard biometrics. Also, parallel to the spreading usage of biometric systems, the incentive in their misuse is also growing, especially in the financial and banking sectors. Biometric user authentication is typically formulated as a “one-shot” process, providing verification of the user when a resource is requested (e.g., logging in to a computer system or accessing an ATM machine). Suppose, here we consider this simple scenario: a user has already logged into a security-critical service, and then the user leaves the PC unattended in the work area for a while the user session is active, allowing impostors to impersonate the user and access strictly personal data. In these scenarios, the services where the users are authenticated can be misused easily. The basic solution for this is to use very short session timeouts and request the user to input his login data again and again. We explore the continuous user verification for the secure internet services using biometrics in the session management No checks are performed during working sessions, which are terminated by an explicit logout or expire after an idle activity period of the user However a single verification step is still deemed sufficient, and the identity of a user is considered immutable during the entire session. This paper explores promising alternatives offered by applying biometrics in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. Finally, the use of biometric authentication allows credentials to be acquired transparently i.e. without explicitly notifying the user or requiring his interaction, which is essential to guarantee better service usability.
Dr. G. Syam Prasad, R. Ashok , Sk. Wasim Akram, P. Sudheer Kumar
Continuous user verification, biometric Authentication, Web Security.
- CASHMA-"Context Aware Security by Hierarchical Multilevel Architectures", MIUR FIRB, 2005.
- Andrea Ceccarelli, Leonardo Montecchi, Francesco Brancati, PaoloLollini, Angelo Marguglio, Andrea Bondavalli,, "Continuous and
- Transparent user identity verification for secure internet services", IEEE Transactions on Dependable and Secure Computing MAY/JUNE 2015.
- L . Hong, A. Jain, and S. Pankanti, "Can Multibiometrics Improve Performance?" Proc. Workshop on Automatic Identification Advances Technologies (Auto ID ’99) Summit, pp. 59-64, 1999.
- Montecchi, P. Lollini, A. Bondavalli, and E. La Mattina,"Quantitative Security Evaluation of a Multi-Biometric Authentication System", Proc. Int’l Conf. Computer Safety, Reliability and security, pp. 209-221, 2012.
- Sudarvizhi, S.Sumathi, "Review on continuous authentication using multi modal biometrics, International Journal of Emerging Technology and Advanced Engineering", Volume 3, Special Issue 1, January 2013.
- M. Nicol, W. H. Sanders, K. S. Trivedi, "Model-based evaluation: from dependability to security", IEEE Trans. Dependable and Secure Computing, vol. 1 no. 1, pp. 4865, 2004.
- Mendes, A.A. Neto, J. Duraes, M. Vieira, H. Madeira, "Assessing and comparing security of web servers", IEEE International Symposiumon Dependable Computing (PRDC), pp. 313-322, 2008.
- Anil K. Jain, Sharath Pankanti, Salil Prabhakar, Lin Hong, Arun Ross, James L. Wayman, "Biometrics: a grand challenge, Proceedings of International Conference on Pattern Recognition", Cambridge, UK, Aug.2004.
- Sneha K. Patel, Dr. D. C. Joshi, "Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human", IntJr. of Mathematics Sciences Applications, Vol.3, No.1, January-June2013.
|Published in :
||Volume 3 | Issue 1 | January-February - 2017
|Date of Publication
Cite This Article
Dr. G. Syam Prasad, R. Ashok , Sk. Wasim Akram, P. Sudheer Kumar, "Using Biometrics with User Identity Verification and Continuous In Secure Internet Services", International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 3, Issue 1, pp.165-171, January-February-2017.
URL : http://ijsrset.com/IJSRSET173140.php