International Journal of Research

The usage of web based applications and technologies are growing day by day rapidly. There are many world events that have been directed our attention toward safety and security. Therefore security of such web-based applications is becoming important and necessary part of today’s technology world. Hence, now day’s biometric techniques offer emerging secure and trusted user identity verification. Every biometrics refers that the identification of a person based on his or her physiological or behavioral characteristics. Now days there are many devices based on biometric characteristics that are unique for every person. In the biometric technique, username and password is replaced by biometric data. Biometrics are the science and technology of determining and identifying the legitimate user identity based on physiological and behavioral traits which includes face recognition, retinal scans, fingerprint, voice recognition and keystroke dynamics.                Once the identity of user is verified, the system resources are available to user for fixed period of time and the identity of user is permanent for entire session. Hence, this approach is also susceptible to attack. Suppose, here we consider a simple scenario where a user has already logged into a security-critical service, and then the user leaves the PC unattended in the work area for a while the user session is active, allowing impostors to impersonate the user and access strictly personal data. In these scenarios, the services where the users are authenticated can be misused easily addressing this problem a biometrics based protocol is introduced for continuous authentication that improves security and usability of user session. The protocol named CASHMA that computes adaptive timeouts on the basis of the trust posed in the user activity and in the quality and kind of biometric data acquired transparently through monitoring in background the user’s actions. The main objective is to design a framework to quantify the impact that external attacks may have on the infrastructure, and ensure that its dependability and safety requirements. It is focused that the framework combines a stochastic model of the system with a model of the attacker, and quantifies the impact of specific attacks on precise safety and availability metrics.