Enabling Privacy and Continuous Identity Verification for Secure Web Services

A. Raveendranadh Kumar, T. Swapna


In distributed Internet services, Session management is conventionally based on username and password, explicit logouts and user mechanisms session expiration using classic timeouts.  Authentication of user systems is traditionally based on pairs of username and password and verifies the identity of the user only at login phase. Checking’s are not performed during working sessions, which are concluded by an explicit logout or expire after an idle activity period of the user. Observations conduct to arguing that a single authentication point and a single biometric data cannot guarantee a sufficient degree of security. Similarly to traditional authentication processes which depend on username and password, biometric user authentication is generally represented as a “single shot”, providing user verification only during login phase when one or more biometric traits may be necessitated. Once the user’s identity has been verified, the system resources are available for a fixed


period of time or until explicit logout from the user. Biometric solutions permit substituting username and password with biometric data throughout session establishment, an approach still a single verification is deemed adequate, and the identity of a user is considered immutable during the entire session. In addition, the session length timeout may impact on the usability of the service and consequent client satisfaction. This paper investigates auspicious alternatives suggested by applying biometrics in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol directs adaptive timeouts based on the frequency, quality and biometric data type transparently acquired from the user. The functional behavior of the protocol is illustrated through Matlab simulations, while model-based quantitative analysis is carried out to assess the ability of the protocol to contrast security attacks exercised by different kinds of attackers. At last, the current prototype for PCs and Android Smartphone’s is discussed.

Full Text:


Copyright (c) 2017 Edupedia Publications Pvt Ltd

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.


All published Articles are Open Access at  https://journals.pen2print.org/index.php/ijr/ 

Paper submission: ijr@pen2print.org