International Journal of Research

Session management in distributed Internet services is traditionally based on username and password, explicit logoffs, and user session expiration mechanisms that use typical timeouts. Emerging biometric solutions can replace the username and password with biometric data when establishing the session, but only one check is considered sufficient and the identity of a user is considered immutable for a period of time. the whole session. In addition, the length of the session timeout can affect service usability and customer satisfaction. This article explores promising alternatives offered by the application of biometrics in session management. A secure protocol is defined for perpetual authentication through continuous verification of the user. The protocol determines adaptive latency based on the quality, frequency and type of biometric data acquired transparently by the user. The functional behavior of the protocol is illustrated by Matlab simulations, while model-based quantitative analysis is performed to evaluate the protocol's ability to counter security attacks by different types of attackers. Finally, the current prototype for Android PCs and smartphones is discussed.