Continuous User Identity Verification through Secure Login Session
0 likes45 views
This document proposes a system for continuous user identity verification through secure login sessions using multi-modal biometrics. The system uses biometrics like fingerprints, facial recognition, and keyboard dynamics along with one-time passwords and random security questions to authenticate users. During login sessions, one-time passwords are sent to the user's email and random questions are asked every 5-10 minutes to continuously verify the user's identity. This prevents unauthorized access if the user leaves their device unattended during a session. The proposed system detects misuse of resources and prevents malicious activities through continuous multi-modal biometric authentication. Biometric and user data are stored on smartphones and web services.
![International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 05 Issue: 03 | Mar-2018 www.irjet.net p-ISSN: 2395-0072
© 2018, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 3935
This paper describes the system and adversary
characterization data that are collected as input for the
executable model. This paper also describes the simulation
algorithms for adversary attack behaviour and the
computation for the probability that an attack attempt is
successful. A simple case study illustrates how to analyze
system security using the ADVISE method. A tooliscurrently
under development to facilitate automatic modelgeneration
and simulation. The ADVISE method aggregates security-
relevant information about a system and its adversaries to
produce a quantitative security analysis useful for holistic
system security decisions.
3. S.kumar, T.sim “Using Continuous Biometric Verification
to Protect Interactive Login Sessions”, 2012. This paper we
describe the theory, architecture, implementation, and
performance of a multi-modal passive biometric verification
system that continually verifies the presence/participation
of a logged-in user. We assume that the user logged in using
strong authentication prior to the starting of the continuous
verification process. While the implementation described in
the paper combines a digital camera-based face verification
with a mouse-based fingerprint reader, the architecture is
generic enough to accommodate additional biometric
devices with different accuracy of classifying a given user
from an imposter
4. D.M.Nicol,W.H.Sanders, “Model-Based Evaluation:
From Dependability to Security”, IEEE TRANSACTIONS
2004. In this work, we survey existing model-based
techniques for evaluating system dependability, and
summarize. How they are now being extended to evaluate
system security. We find that many techniques from
dependability evaluation can be applied in the security
domain, but that significant challengesremain,largelydueto
fundamental differences between the accidental nature of
the faults commonly assumed in depend ability evaluation,
and the intentional, human nature of cyber-attacks.
5. T. Sim, S. Zhang, R. Janakiraman, and S. Kumar,
“Continuous Verification UsingMultimodalBiometrics,”IEEE
Trans. Apr. 2007.
In this paper we describe a system that continually verifies
the presence/participation of a logged-in user. This is done
by integrating multimodal passive biometrics in a Bayesian
framework that combines both temporal and modality
information holistically, rather thansequentially.Thisallows
our system to output the probability that the user is still
present even when there is no observation. Our
implementation of the continuous verification system is
distributed and extensible, so it is easy to plug in additional
asynchronous modalities, even when they are remotely
generated. Based on real data resulting from our
implementation, we find the results to be promising.
3. PROPOSED ALGORITHM
Algorithm for Bio- Metric verification
for x = 0 to image. Size:
for y = 0 to image. Size:
diff += abs (image1.get(x, y).red - image2.get(x,
y).red)
diff += abs (image1.get(x, y).blue - image2.get(x,
y).blue)
diff += abs (image1.get(x, y).green - image2.get(x,
y).green)
end
end
return ((float)(diff)) / ( x * y * 3)
4. SIMULATION RESULTS
User request to access web service. User needs web service
access certificate. Web service checks for user
authentication, CASHMA system generate the certificates.
CASHMA system accept user information and compute it.
CASHMA system validates this user information(i.e. user id,
bio-metric verification, answer of questions) from database.
Certificates are sends towards the web service.
5 CONCLUSION
In this paper we studied system which provides various
existing methods used for continuous authentication using
username & password, OTP verification, figure print
biometrics, random questions. Initial one time login
verification is inadequate to addresstheriskinvolvedinpost
logged in session. Therefore this system attemptsto provide
a comprehensive survey of research on the underlying
building blocksrequired to build a biometric authentication
continuous OTP and Random question system by choosing
bio-metric. Continuous authentication verification with
multi-modal biometrics improves security and usability of
user session.
REFERENCES
1. CASHMA-Context Aware Security by Hierarchical
Multilevel Architectures, MIUR FIRB, 2005.
2. L. Hong, A. Jain, and S. Pankanti, “Can Multibiometrics
Improve Performance?” Proc. Workshop on Automatic
Identification Advances Technologies (AutoID ’99) Summit,
pp. 59-64, 1999.
3. S. Ojala, J. Keinanen, and J. Skytta, “Wearable
Authentication Device for Transparent Login in Nomadic
Applications Environment,” Proc. Second Int’l Conf. Signals,
Circuits and Systems.
4. (SCS ’08), pp. 1-6, Nov. 2008. [4] Bio ID “Biometric
Authentication as a Service (BaaS),” Bio ID Press Release,
https://www.bioid.com, Mar. 2011.
5. T. Sim, S. Zhang, R. Janakiraman, and S. Kumar,
“Continuous Verification Using Multimodal Biometrics,”
IEEE Trans. Pattern Analysis and Machine Intelligence, vol.
29, no. 4, pp. 687-700, Apr.2007.](https://image.slidesharecdn.com/irjet-v5i3922-190207082256/85/Continuous-User-Identity-Verification-through-Secure-Login-Session-2-320.jpg)
More Related Content
Similar to Continuous User Identity Verification through Secure Login Session (20)
![BBC NW_Tech Facilities_30 Odd Yrs Ago [J].pdf](https://cdn.slidesharecdn.com/ss_thumbnails/bbcnwtechfacilities30oddyrsagoj-250830230619-0d747bd6-thumbnail.jpg?width=560&fit=bounds)
Continuous User Identity Verification through Secure Login Session
- 1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 05 Issue: 03 | Mar-2018 www.irjet.net p-ISSN: 2395-0072 © 2018, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 3934 Continuous User identity verification through secure login session Shadab Ansari1, Vishwas Aware2, Sonu Chaudhary3 , Anand Hulmani4, Prof. Kanchan Wankhade5 1,2,3,4 Department of Computer Engineering, Dhole Patil College Of Engineering 5Dept. of Computer Engineering, of Dhole Patil College of Engineering ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - In web applications, user authentication is normally based on username and password, come forth biometric solutions allow biometric data during session establishment. But in Unimodal biometric approaches only use a single verification is considered and the identity of the user is permanent during the entire session. A secure protocol is denied for constant authentication through continuous user verification. Biometric techniques suggest solution for secure, trusted and protected authentication. In between the logging session time, the one-time password (OTP) is send on usersregistered email idandalsorandomly one questions will be asked to the user between the 5-10 mints. The user’s identity has been verified, the system resources are available for fixed period of time and identity of the user is constant during entire session. The proposed system detects misuses of computer resourcesand prevents malicious activities based on multi-modal biometric continuous authentication. Biometric and user information are stored in smart phones and web services. Key Words: Security, web servers, mobile environments, authentication 1. INTRODUCTION In this technology era security of web-based applicationsisa serious concern, due to the recent increase in the frequency and complexity of cyber-attacks, biometric techniques offer emerging solution for secure and trusted user identity verification, where username and password are replaced by bio-metric traits, Gmail OTP verification and users personal information. Biometrics is the science and technology of determining identity based on physiologicalandbehavioural traits. Biometrics includesretinalscans,fingerandhandprint recognition, and face recognition,handwritinganalysis,voice recognition and Keyboard biometrics. Also, parallel to the spreading usage of biometric systems, the incentive in their misuse is also growing, especially in the financial and banking sectors In fact, similarly to traditional authentication processes which rely on username and password with OTP verification, biometric user authentication is typically formulated as a single shot, providing user verification periodically during login time when one or more biometric traits may be required. Once the user’s identity has been verified, the system resources are available for a fixed period of time or until explicitlogout from the user. This approach is also susceptible for attack because the identity of the user is constant during the whole session. Suppose, here we consider this simple scenario: a user has already logged into a security-critical service, and then the user leavesthe PC unattended in the workareafora while the user session is active, allowing impostors to impersonate the user and access strictly personal data. In these scenarios, the services where the users are authenticated can be misused easily. Fig -1: System Architecture 2. RELATED WORK 1. Andrea Ceccarelli, Leonardo Montecchi “Continuous and Transparent User Identity Verification for Secure Internet Services” IEEE TRANSACTIONS MAY/JUNE 2015 Thispaper explores promising alternatives offered by applying biometrics in the management of sessions. A secureprotocol is defined for perpetual authentication through continuous user verification. The protocol determinesadaptivetimeouts based on the quality, frequency and type of biometric data transparently acquired from the user. The functional behaviour of the protocol is illustrated through Matlab simulations, while model-based quantitative analysis is carried out to assess the ability of the protocol to contrast security attacks exercised by different kinds of attackers. 2. Elizabeth LeMay, Willard Unkenholz, “Adversary- Driven State-Based System Security Evaluation” Metri Sec2010 September 15, 2010, Bolzano-Bozen, Italy.
- 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 05 Issue: 03 | Mar-2018 www.irjet.net p-ISSN: 2395-0072 © 2018, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 3935 This paper describes the system and adversary characterization data that are collected as input for the executable model. This paper also describes the simulation algorithms for adversary attack behaviour and the computation for the probability that an attack attempt is successful. A simple case study illustrates how to analyze system security using the ADVISE method. A tooliscurrently under development to facilitate automatic modelgeneration and simulation. The ADVISE method aggregates security- relevant information about a system and its adversaries to produce a quantitative security analysis useful for holistic system security decisions. 3. S.kumar, T.sim “Using Continuous Biometric Verification to Protect Interactive Login Sessions”, 2012. This paper we describe the theory, architecture, implementation, and performance of a multi-modal passive biometric verification system that continually verifies the presence/participation of a logged-in user. We assume that the user logged in using strong authentication prior to the starting of the continuous verification process. While the implementation described in the paper combines a digital camera-based face verification with a mouse-based fingerprint reader, the architecture is generic enough to accommodate additional biometric devices with different accuracy of classifying a given user from an imposter 4. D.M.Nicol,W.H.Sanders, “Model-Based Evaluation: From Dependability to Security”, IEEE TRANSACTIONS 2004. In this work, we survey existing model-based techniques for evaluating system dependability, and summarize. How they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challengesremain,largelydueto fundamental differences between the accidental nature of the faults commonly assumed in depend ability evaluation, and the intentional, human nature of cyber-attacks. 5. T. Sim, S. Zhang, R. Janakiraman, and S. Kumar, “Continuous Verification UsingMultimodalBiometrics,”IEEE Trans. Apr. 2007. In this paper we describe a system that continually verifies the presence/participation of a logged-in user. This is done by integrating multimodal passive biometrics in a Bayesian framework that combines both temporal and modality information holistically, rather thansequentially.Thisallows our system to output the probability that the user is still present even when there is no observation. Our implementation of the continuous verification system is distributed and extensible, so it is easy to plug in additional asynchronous modalities, even when they are remotely generated. Based on real data resulting from our implementation, we find the results to be promising. 3. PROPOSED ALGORITHM Algorithm for Bio- Metric verification for x = 0 to image. Size: for y = 0 to image. Size: diff += abs (image1.get(x, y).red - image2.get(x, y).red) diff += abs (image1.get(x, y).blue - image2.get(x, y).blue) diff += abs (image1.get(x, y).green - image2.get(x, y).green) end end return ((float)(diff)) / ( x * y * 3) 4. SIMULATION RESULTS User request to access web service. User needs web service access certificate. Web service checks for user authentication, CASHMA system generate the certificates. CASHMA system accept user information and compute it. CASHMA system validates this user information(i.e. user id, bio-metric verification, answer of questions) from database. Certificates are sends towards the web service. 5 CONCLUSION In this paper we studied system which provides various existing methods used for continuous authentication using username & password, OTP verification, figure print biometrics, random questions. Initial one time login verification is inadequate to addresstheriskinvolvedinpost logged in session. Therefore this system attemptsto provide a comprehensive survey of research on the underlying building blocksrequired to build a biometric authentication continuous OTP and Random question system by choosing bio-metric. Continuous authentication verification with multi-modal biometrics improves security and usability of user session. REFERENCES 1. CASHMA-Context Aware Security by Hierarchical Multilevel Architectures, MIUR FIRB, 2005. 2. L. Hong, A. Jain, and S. Pankanti, “Can Multibiometrics Improve Performance?” Proc. Workshop on Automatic Identification Advances Technologies (AutoID ’99) Summit, pp. 59-64, 1999. 3. S. Ojala, J. Keinanen, and J. Skytta, “Wearable Authentication Device for Transparent Login in Nomadic Applications Environment,” Proc. Second Int’l Conf. Signals, Circuits and Systems. 4. (SCS ’08), pp. 1-6, Nov. 2008. [4] Bio ID “Biometric Authentication as a Service (BaaS),” Bio ID Press Release, https://www.bioid.com, Mar. 2011. 5. T. Sim, S. Zhang, R. Janakiraman, and S. Kumar, “Continuous Verification Using Multimodal Biometrics,” IEEE Trans. Pattern Analysis and Machine Intelligence, vol. 29, no. 4, pp. 687-700, Apr.2007.
- 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 05 Issue: 03 | Mar-2018 www.irjet.net p-ISSN: 2395-0072 © 2018, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 3936 6. L. Montecchi, P. Lollini, A. Bondavalli, and E. La Mattina, “Quantitative Security Evaluation of a Multi-Biometric Authentication System,” Proc. Int’l Conf. Computer Safety, Reliability and Security, pp. 209-221, 2012. 7. S. Kumar, T. Sim, R. Janakiraman, and S. Zhang, “Using Continuous Biometric Verification to Protect Interactive Login Sessions,” Proc. 21st Ann. Computer Security Applications Conf. (ACSAC ’05), pp. 441-450, 2005. 8. Altinok and M. Turk, “TemporalIntegrationforContinuous Multimodal Biometrics,” Proc. Workshop Multimodal User Authentication, pp. 11-12, 2003. 9. Roberts, “Biometric Attack Vectors and Defences,” Computers & Security, vol. 26, no. 1, pp. 14-25, 2007. 10. S.Z. Li and A.K. Jain, Encyclopedia of Biometrics. first ed., Springer, 2009.