Improving Security of Internet Services Through Continuous and Transparent User Identity Verification
Research Area: | Uncategorized | Year: | 2012 | ||
---|---|---|---|---|---|
Type of Publication: | In Proceedings | ||||
Authors: | Andrea Ceccarelli; Andrea Bondavalli; Francesco Brancati; Ernesto La Mattina | ||||
Book title: | Reliable Distributed Systems (SRDS), 2012 IEEE 31st Symposium on | ||||
Pages: | 201-206 | ||||
BibTex: |
|||||
Abstract: | Session management in distributed Internet services
is traditionally based on username and password, and explicit
logouts and timeouts that expire due to idle activity of the user.
Emerging biometric solutions allow substituting username and
password with biometric data, but still a single verification is
deemed sufficient, and the identity of a user is considered
immutable during the entire session. Additionally, the length of
the timeout may impact on the usability of the service and
consequent client satisfaction. This paper explores promising
alternatives offered by biometrics for the management of
sessions. A secure protocol is defined for perpetual
authentication through continuous user verification. The
protocol determines adaptive timeouts selected on the basis of
the quality, frequency and type of biometric data acquired
transparently from the user. Protocol behavior is shown
through simulations. |
||||