ABSTRACT
Session
management in distributed Internet services is traditionally based on username
and password, explicit logouts and mechanisms of user session expiration using
classic timeouts. Emerging biometric solutions allow substituting username and password
with biometric data during session establishment, but in such an approach still
a single verification is deemed sufficient, and the identity of a user is
considered immutable during the entire session. Additionally, the length of the
session timeout may impact on the usability of the service and consequent
client satisfaction. This paper explores promising alternatives offered by
applying biometrics in the management of sessions. A secure protocol is defined
for perpetual authentication through continuous user verification. The protocol
determines adaptive timeouts based on the quality, frequency and type of
biometric data transparently acquired from the user. The functional behavior of
the protocol is illustrated through Mat lab simulations, while model-based
quantitative analysis is carried out to assess the ability of the protocol to
contrast security attacks exercised by different kinds of attackers. Finally,
the current prototype for PCs and Android smart phones is discussed.
AIM
The
aim of this paper is explores promising alternatives offered by applying
biometrics in the management of sessions. A secure protocol is defined for
perpetual authentication through continuous user verification.
SCOPE:
The
Scope of this paper is tends to protocol determines adaptive timeouts based on
the quality, frequency and type of biometric data transparently acquired from
the user.
EXISTING SYSTEM
To
timely detect misuses of computer resources and prevent that an unauthorized
user maliciously replaces an authorized one, solutions based on multi-modal
biometric continuous authentication are
proposed, turning user verification into a continuous process rather than a
onetime occurrence . To avoid that a single biometric trait is forged,
biometrics authentication can rely on multiple biometrics traits. Finally, the
use of biometric authentication allows credentials to be acquired
transparently, i.e. without explicitly notifying the user or requiring his/her
interaction, which is essential to guarantee better service usability. We
present some examples of transparent acquisition of biometric data. Face can be
acquired while the user is located in front of the camera, but not purposely
for the acquisition of the biometric data; e.g., the user may be reading a
textual SMS or watching a movie on the mobile phone. Voice can be acquired when
the user speaks on the phone or with other people nearby if the microphone
always captures background. Key-stroke data can be acquired whenever the user
types on the keyboard, for example when writing an SMS, chat-ting, or browsing
on the Internet.
DISADVANTAGES
- In such an approach still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session
- The length of the session timeout may impact on the usability of the service and consequent client satisfaction.
PROPOSED
SYSTEM
This
paper a new approach for user verification and session management that is
applied in the CASHMA (Context Aware Security by Hierarchical Multilevel Architectures)
system for secure bi-metrics authentication on the Internet. CASHMA is able to
operate securely with any kind of web service, including services with high
security demands as online banking services, and it is intended to be used from
different client devices e.g., smart phones, Desktop PCs or even biometric
kiosks placed at the entrance of secure areas. De-pending on the preferences
and requirements of the owner of the web service, the CASHMA authentication
ser-vice can complement a traditional authentication service, or can replace
it. CASHMA
for usable and highly secure user sessions is a continuous sequential (a single
biometric modality at once is presented to the system multi-modal biometric
authentication protocol, which adaptively computes and refreshes session
timeouts on the basis of the trust put in the client. Such global trust is
evaluated as a numeric value, computed by continuously evaluating the trust
both in the user and the (biometric) subsystems used for acquiring biometric
data.
ADVANTAGES
- The novel possibility introduced by biometrics to define a protocol for continuous authentication that improves security and usability of user session. Avoidance of (complex) homomorphic (or any type of public-key) encryption of the multimedia content.
- When data is acquired in an uncontrolled environment, the quality of biometric data could strongly depend on the surroundings.
SYSTEM CONFIGURATION
HARDWARE REQUIREMENTS:-
· Processor - Pentium –III
·
Speed - 1.1 Ghz
·
RAM - 256 MB(min)
·
Hard
Disk - 20 GB
·
Floppy
Drive - 1.44 MB
·
Key
Board - Standard Windows Keyboard
·
Mouse - Two or Three Button Mouse
·
Monitor -
SVGA
SOFTWARE REQUIREMENTS:-
·
Operating
System : Windows
7
·
Front
End : JSP AND SERVLET
·
Database
: MYSQL
·
Tool :NETBEANS
REFERENCE
Montecchi,
L. , Brancati, F. ,Lollini, P. Ceccarelli, A.,“ Continuous and
Transparent User Identity Verification for Secure Internet Services,”
IEEE Transactions on Dependable and Secure Computing, Volume 12 Issue 3 , January 2014.
No comments:
Post a Comment