Continuous and Transparent User Identity Verification for Secure Internet



Session management in distributed Internet services is traditionally based on username and password, explicit
logouts and mechanisms of user session expiration using classic timeouts. Emerging biometric solutions allow substituting
username and password with biometric data during session establishment, but in such an approach still a single verification is
deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the
session timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising
alternatives offered by applying biometrics in the management of sessions. A secure protocol is defined for perpetual
authentication through continuous user verification. The protocol determines adaptive timeouts based on the quality, frequency
and type of biometric data transparently acquired from the user. The functional behavior of the protocol is illustrated through
Matlab simulations, while model-based quantitative analysis is carried out to assess the ability of the protocol to contrast
security attacks exercised by different kinds of attackers. Finally, the current prototype for PCs and Android smartphones is
discussed.

source

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!
× How can I help you? WhatsApp Us +13237610775