DocumentCode
3143930
Title
Improving Security of Internet Services through Continuous and Transparent User Identity Verification
Author
Ceccarelli, Andrea ; Bondavalli, Andrea ; Brancati, Francesco ; Mattina, E.L.
Author_Institution
Univ. of Firenze, Florence, Italy
fYear
2012
fDate
8-11 Oct. 2012
Firstpage
201
Lastpage
206
Abstract
Session management in distributed Internet services is traditionally based on username and password, and explicit logouts and timeouts that expire due to idle activity of the user. Emerging biometric solutions allow substituting username and password with biometric data, but still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by biometrics for the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts selected on the basis of the quality, frequency and type of biometric data acquired transparently from the user. Protocol behavior is shown through simulations.
Keywords
Web services; message authentication; Internet services; Web service; adaptive timeout; authentication; biometric data; biometric solution; client satisfaction; distributed Internet service; logout; password; protocol behavior; secure protocol; service usability; session management; user identity verification; user idle activity; username; Authentication; Bioinformatics; Biosensors; Protocols; Servers; Web services; CASHMA; biometrics; continuous authentication; mobile devices; security; session management; web service;
fLanguage
English
Publisher
ieee
Conference_Titel
Reliable Distributed Systems (SRDS), 2012 IEEE 31st Symposium on
Conference_Location
Irvine, CA
ISSN
1060-9857
Print_ISBN
978-1-4673-2397-0
Type
conf
DOI
10.1109/SRDS.2012.38
Filename
6424854
Link To Document