In ternational Journal of Computer Science Trends and Technology IJCST) Volume 4 Issue 2, Mar - Apr 2016 ISSN: 2347-8578www.ijcstjournal.org Page 106 Surv ey on Con tinuous User Iden tity Verification Using Biom etric Traits for Secure Internet Services Ne eth u T.D [1] , Ayana Ajith [2] PG Scholar [1] ,Ass t.P rof esso r [2] Department of Computer Science and Engineering V idya Academy of Sci ence and techn ology - Thri ss ur, Ker ala, Indi a ABSTRACT Now a day’s security of the web ba sed services has become serious concern. Tr aditional authentication processe s rel y on username and password, formulated as a “single shot”, providing user verification only during login phase .Once the user’s identi ty has been verif ied, the s ystem resources are avail ab le for a fix ed period of t im e or until ex p lici t logout from the u ser. The active user allow impostors to impersonate the user and access the personal data and can be misused easily. A basic solution is to us e very short session tim eouts a nd periodi cally request th e user to input his crede ntial s over and over , but thi s is not a good solution. This paper explores promising alternatives offered by applying biometrics in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The use of biometric authenticati on all ows credent ial s to b e acqu ir ed trans parently i. e. without e x plici t ly notifyi ng the u ser or requiri ng his inter action, which is essential to g uarantee better service us abil ity . Keywords :—Security, C ont inuou s us er verifi cation, Bi ometri c Au then tication I. INTRODUCTION Security of web-based applications is a serious concern, due to the recent increase in the frequency and complexity of cyber-attacks, biometric techniques offer emerging solution for secure and trusted user identity verification, where username and password are replaced by bio-metric t raits [2]. Bio m etr ics is t he s cience and t echnolog y of determining identity based on physiological and beh avioural tra its. Bi o metr ics includes retinal sc ans , fi ng er and handprint recognition, and face recognition, handwriting analysis, voice recogniti on and Keybo ard b iom etrics [1]. A lso, parall e l to the sp reading us age of bio m etr ic sy st ems, the incentive in their misuse is also growing, especially in the fi nancial an d banking secto rs. Biometric user authentication is typically formulated as a “one-shot” process, providing verification of the user when a resource is requested (e.g., logging in to a computer system or accessing an ATM machine). Suppose, here we consider this simple scenario: a user has already logged into a secu ri ty-criti ca l servi ce, and then th e us er l eaves the PC unattended in the work area for a while the user session is active, allowing impostors to impersonate the user and access strictly personal data. In these scenarios, the services where the users are authenticated can be misused easily. The basic solution for this is to use very short session timeouts and request the user to input his login data agai n an d again [2]. So, to timely identify misuses of computer resources and prevent that, solutions based on bio- metric continuous authentication are proposed, that means turning us er veri fi cation into a co ntinuou s process rather than a onetime authentication. Biometrics authentication can depend on multiple biometrics traits [2]. Finally, the use of biometr ic auth entication allows creden tials to be acqu ir ed transparently i.e. without explicitly notifying the user to enter data ov er and over, which p rovides guarantee of more s ecuri ty of sy stem than tradi tional on e. . II. SECURITY METHODS Several security methods are available. Which are mainly bas ed on authentication factor. Aut hen tication factors are grouped into these three categories: 1) what you know (e.g., pass word), 2) what you h ave (e .g., token), a nd 3 ) who yo u are (e.g., biometric). Knowledge- Based (“what you know ”):These are characterized by secrecy and includes password. The term password includes single words, phrases, and PINs (personal identification numbers) that are closely kept secrets use d for authen ticati on. But there are various vulnerabilities of pas sword-b as ed authen tication schemes. The bas ic dr awback of pa ss wor ds is that mem o rabl e pas sword can often be guessed or searched by an attacker and a long, random, changing password is difficult to remember. Also, RESE ARCH ARTICLE OPEN ACCESS
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
8/18/2019 [IJCST-V4I2P19]:Neethu T.D , Ayana Ajith
In ternational Journal of Computer Science Trends a nd Tech no log y IJ CS T) Volum e 4 Iss ue 2 , Ma r - Apr 20 16
ISSN: 2347-8578 www.ijcstjournal.org Page 106
Survey on Continuous User Identity Verification Using Biometric
Traits for Secure Internet Services Neethu T.D [1], Ayana Ajith [2]
PG Scholar [1] , Ass t.Professor [2]
Department of Computer Science and Engineering
Vidya Academy of Science and technology - Thrissur,Kerala, India
ABSTRACT Now a day’s security of the web based services has become serious concern. Traditional authentication processes rely on
username and password, formulated as a “single shot”, providing user verification only during login phase .Once the user’s
identity has been verified, the system resources are availab le for a fixed period of t ime or until explicit logout from the u ser.
The active user allow impostors to impersonate the user and access the personal data and can be misused easily. A basic
solution is to use very short session timeouts and periodically request the user to input his credentials over and over, but this is
not a good solution. This paper explores promising alternatives offered by applying biometrics in the management of sessions.
A secure protocol is defined for perpetual authentication through continuous user verification. The use of biometric
authentication allows credentials to be acquired transparently i.e. without e xplicit ly notifying the user or requiring hisinteraction, which is essential to guarantee better service usability.
Keywords : — Security, Continuous user verification, Biometric Authentication
I. INTRODUCTION
Security of web-based applications is a
serious concern, due to the recent increase in the frequency
and complexity of cyber-attacks, biometric techniques offer
emerging solution for secure and trusted user identity
verification, where username and password are replaced by
bio-metric traits [2]. Biometrics is the science and technology
of determining identity based on physiological and
behavioural traits. Biometrics includes retinal scans , finger
and handprint recognition, and face recognition, handwriting
analysis, voice recognition and Keyboard biometrics [1]. Also,
parallel to the spreading usage of biometric systems, the
incentive in their misuse is also growing, especially in the
financial and banking sectors.
Biometric user authentication is typically
formulated as a “one-shot” process, providing verification of
the user when a resource is requested (e.g., logging in to a
computer system or accessing an ATM machine). Suppose,
here we consider this simple scenario: a user has already
logged into a security-critical service, and then the user leaves
the PC unattended in the work area for a while the user
session is active, allowing impostors to impersonate the user
and access strictly personal data. In these scenarios, the
services where the users are authenticated can be misused
easily. The basic solution for this is to use very short session
timeouts and request the user to input his login data again and
again [2].
So, to timely identify misuses of
computer resources and prevent that, solutions based on bio-
metric continuous authentication are proposed, that means
turning user verification into a continuous process rather than
a onetime authentication. Biometrics authentication can
depend on multiple biometrics traits [2]. Finally, the use of
biometric authentication allows credentials to be acquired
transparently i.e. without explicitly notifying the user to enter
data over and over, which p rovides guarantee of more security
of system than traditional one.
.
II. SECURITY METHODS
Several security methods are available. Which are mainly
based on authentication factor. Authentication factors are
grouped into these three categories: 1) what you know (e.g.,
password), 2) what you have (e .g., token), and 3) who you are
(e.g., biometric).
Knowledge- Based (“what you know”):
These are characterized by secrecy and includes password.
The term password includes single words, phrases, and PINs
(personal identification numbers) that are closely kept secrets
used for authentication. But there are various vulnerabilities of
pas sword-based authentication schemes.
The basic drawback of passwords is that memorable password
can often be guessed or searched by an attacker and a long,
random, changing password is difficult to remember. Also,