IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
In most networks and distributed systems, security
has always been of a major concern and authentication is the core
issue as it provides protection from unauthorized use and ensures
proper functioning of the system. This paper investigates and
proposes DS-NIZKP, an approach for authenticating users by
three factors, (namely password, smart-card and biometrics)
based on the concept of Zero Knowledge Proof (ZKP), so that no
sensitive information can be revealed during a communication.
The proposal employs the concept of digital signature (DS) to
authenticate the identity of the sender or the signer within a
single communication. Given that DS employs asymmetric
encryption, a one-way hash of the user’s identity is created then
signed using the private key. Hashing prevents from revealing
information about the user while signing provides authentication,
non-repudiation and integrity. This approach not only saves time
since just a single message between the prover and the verifier is
necessary but also defends privacy of the user in distributed
systems.
Us20140380431 Patent: COMPUTER IMPLEMENTED METHOD TO PREVENT ATTACKS AGAINST...Telefónica
A computer implemented method and computer program
products to prevent attacks against authorization systems
The computer implemented method comprising controlling
the access to different resources and actions de?ned for a user
by a ?rst server, reducing the exposure time at Which such
operations are available and establishing a dual channel verification through the use of a second server.
The computer programs implement the method.
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
In most networks and distributed systems, security
has always been of a major concern and authentication is the core
issue as it provides protection from unauthorized use and ensures
proper functioning of the system. This paper investigates and
proposes DS-NIZKP, an approach for authenticating users by
three factors, (namely password, smart-card and biometrics)
based on the concept of Zero Knowledge Proof (ZKP), so that no
sensitive information can be revealed during a communication.
The proposal employs the concept of digital signature (DS) to
authenticate the identity of the sender or the signer within a
single communication. Given that DS employs asymmetric
encryption, a one-way hash of the user’s identity is created then
signed using the private key. Hashing prevents from revealing
information about the user while signing provides authentication,
non-repudiation and integrity. This approach not only saves time
since just a single message between the prover and the verifier is
necessary but also defends privacy of the user in distributed
systems.
Us20140380431 Patent: COMPUTER IMPLEMENTED METHOD TO PREVENT ATTACKS AGAINST...Telefónica
A computer implemented method and computer program
products to prevent attacks against authorization systems
The computer implemented method comprising controlling
the access to different resources and actions de?ned for a user
by a ?rst server, reducing the exposure time at Which such
operations are available and establishing a dual channel verification through the use of a second server.
The computer programs implement the method.
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
In a distributed system, authentication protocols are the basis of security to ensure that these protocols function properly. Passwords are one of the most common authentication protocol used nowadays. Because of low entropy of passwords makes the systems vulnerable to password guessing attacks. This paper presents a simple scheme that strengthens password-based authentication protocols and helps prevent dictionary attacks, replay attacks and man in the middle attacks etc., The proposed scheme presents a new password authentication protocol by using the user and server system identification/serial number. Here there is no possibility to store the user passwords so an attacker who gets the password cannot use it directly to gain immediate access and compromise security.
Advanced mechanism for single sign on for distributed computer networkseSAT Journals
Abstract A distributed computer networks could be a special form of the network that facilitates the purchasers to use completely different network services that is provided by the service suppliers. Within the distributed computer networks, user verification is a crucial method for the protection. Within the verification, the choice is taken whether the user is legal or not and then enabled the users to access the service. In general users are using multiple usernames and passwords for to access different applications on a distributed computer network. This increase the burden of the user and organization administrator as each and every account of the organization is going to be handled with their explicit username and credential. A new certification plan that is named as single sign-on mechanism that facilitates the users with one identity token to be verified by multiple service suppliers. Single sign-on is one of user authentication method that allows a user to enter one name and identity token so as to access multiple applications. The method authenticates the user for all the applications they have been offered access to and eliminates additional prompts after they switch applications throughout a specific session. However, existing approaches which are utilizing single sign-on scheme have some drawbacks relating to security needs. Thus, through this paper, we will discuss regarding the event of security from earlier stage to present stage. And clearly discuss regarding the authentication steps between user and service supplier. Keywords — single sign-on, authentication token , mutual authentication
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
Current password authentication system was proven not secure enough to protect the information from intruders. However, various research has been done and the results show the value of FRR still low and the value of FAR still high. Thus, one of the methods suggests, is enhancing the current system using keystroke dynamics. Keystroke dynamics is a type of biometric authentication that does not require any special hardware, easy to use as the same routine as normal password authentication. Therefore, this research proposed an authentication system using keystroke dynamics to prevent the system from intruders. A system is developed that consist of two parts which are enrolment and verification. Then, a prototype is developed for testing process that consists of 3 main modules, namely Enrolment, Client/Server Connection
and, Verification and Retraining. Based on the testing, the system proved that the keystroke dynamic authentication system was able to implement in client/server environment and shows the value of EER is low that indicates it provide a better system authentication. In future, the system can be improved by enhancing the security, performance, and user interface.
Database Security Two Way Authentication Using Graphical PasswordIJERA Editor
As data represent a key asset for today's organizations. The problem is that how to protect this data from
attackers, theft and misuse is at the forefront of any organization’s mind. Even though today several data
security techniques are available to protect database and computing infrastructure, many such as network
security and firewalls tools are unable to prevent attacks from insider. Insider is a person working in
organization who can try to access the sensitive data. This paper proposes a two-way authentication method
which fuses knowledge-based secret and personal trait information.
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
The majority of current web authentication is built
on username/password. Unfortunately, password
replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose
a new mutual authentication scheme called StrongAuth which preserves most password authentication
advantages and simultaneously improves security using cryptographic primitives. Our scheme not only
offers webmasters a clear framework which to build
secure user authentication, but it also provides almost
the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
Efficient and Secure Single Sign on Mechanism for Distributed NetworkIJERA Editor
Distributed network act as core part to access the various services which are available in the network. But the security related to distributed network is main concern. In this paper single sign-on SSO mechanism is introduced which gives access to all services by allowing to sign on only once by users. In this mechanism once user logs in to the Trusted Authority Center TAC then application or services which are register to trusted center will automatically verifies the user’s credentials details and these credentials like password or digital signature will be only one for all applications or services. Unlike all other previous mechanisms where in, if user wants to have access multiple services then for every service distinct user credentials (username, password) must be required. SSO act as single authentication window to user for admittance multiple service providers in networks. Previously introduced technique based SSO technology proved to be secure over well-designed SSO system, but fails to provide security during communication. So here emphasis is given on authentication as open problem and on to refining the already proposed SSO process. And to do this along with RSA algorithm which was used in previous SSO process, we will be using MAC algorithm, which is intended to provide secured pathway for communication over distributed network.TAC i.e. Trusted Authority Center is used for sending token integrated with private and shared public key to user.
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)IJNSA Journal
Despite their proven security breaches, text passwords have been dominating all other methods of human authentication over the web for tens of years, however, the frequent successful attacks that exploit the passwords vulnerable model raises the need to enhance web authentication security. This paper proposes BMBAT; a new authentication technique to replace passwords, that leverages the pervasive user mobile
devices, QR codes and the strength of symmetric and asymmetric cryptography. In BMBAT, the user’s mobile device acts as a user identity prover and a verifier for the server; it employs a challenge-response model with a dual mode of encryption using AES and RSA keys to mutually authenticate the client to the server and vice-versa. BMBAT combats a set of attack vectors including phishing attacks, man in the middle attacks, eavesdropping and session hijacking. A prototype of BMBAT has been developed and evaluated; the evaluation results show that BMBAT is a feasible and competitive alternative to passwords.
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTINGIJNSA Journal
Recently, there are several studies have proposed user authentication frameworks to defend against different types of attacks such as phishing, replay attack, man in the middle attack and denial of service attack, etc. Most of these frameworks consist of three main phases, which are the registration phase, login phase, and authentication phase. Most of them have the changing password process as an additional activity.Many problemshave been noticed in the performance of these frameworks. For example, the registration phase is valunerable to internal attack such as SYN flood attack. In this work, we aim to propose a robust user authentication framework that overcomes the previous framework shortages. The proposed framework provides many security aspects such as remote authentication, mutual authentication, session key establishment,to mention a few. Besides, to ensure the security through all phases of this framework, we add a new phase called a Service Access Authentication Phase (SAAP).This phase is resposable of the internal verification .
Enhancing Security of Multimodal Biometric Authentication System by Implement...IOSR Journals
Abstract : Conventional personal identification techniques for instance passwords, tokens, ID card and PIN
codes are prone to theft or forgery and thus biometrics isa solution thereto. Biometrics is the way of recognizing
and scrutinizing the physical traits of a person. Automated biometrics verification caters as a conducive and
legitimate method, but there must be an assurance to its cogency. Furthermore, in most of the cases unimodal
biometric recognition is not able to meet the performance requirements of the applications. According to recent
trends, recognition based on multimodal biometrics is emerging at a greater pace. Multimodal biometrics
unifies two or more biometric traits and thus the issues that emerge in unimodal recognition can be mitigated in
multimodal biometric systems. But with the rapid ontogenesis of information technology, even the biometric
data is not secure. Digital watermarking is one such technique that is implemented to secure the biometric data
from inadvertent or premeditated attacks.This paper propounds an approach that is projected in both the
directions of improving the performance of biometric identification system by going multimodal and, increasing
the security through watermarking. The biometric traits are initially transformed using Discrete Wavelet and
Discrete Cosine Transformation and then watermarked using Singular Value Decomposition. Scheme depiction
and presented outcomes justifies the effectiveness of the scheme.
Keywords: Discrete Cosine Transform (DCT), Discrete Wavelet Transform (DWT), Multimodal biometrics,
Singular Value Decomposition, Watermarking
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
A Computational Dynamic Trust Model for User Authorization1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
Advanced mechanism for single sign on for distributed computer networkseSAT Journals
Abstract A distributed computer networks could be a special form of the network that facilitates the purchasers to use completely different network services that is provided by the service suppliers. Within the distributed computer networks, user verification is a crucial method for the protection. Within the verification, the choice is taken whether the user is legal or not and then enabled the users to access the service. In general users are using multiple usernames and passwords for to access different applications on a distributed computer network. This increase the burden of the user and organization administrator as each and every account of the organization is going to be handled with their explicit username and credential. A new certification plan that is named as single sign-on mechanism that facilitates the users with one identity token to be verified by multiple service suppliers. Single sign-on is one of user authentication method that allows a user to enter one name and identity token so as to access multiple applications. The method authenticates the user for all the applications they have been offered access to and eliminates additional prompts after they switch applications throughout a specific session. However, existing approaches which are utilizing single sign-on scheme have some drawbacks relating to security needs. Thus, through this paper, we will discuss regarding the event of security from earlier stage to present stage. And clearly discuss regarding the authentication steps between user and service supplier. Keywords — single sign-on, authentication token , mutual authentication
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
Current password authentication system was proven not secure enough to protect the information from intruders. However, various research has been done and the results show the value of FRR still low and the value of FAR still high. Thus, one of the methods suggests, is enhancing the current system using keystroke dynamics. Keystroke dynamics is a type of biometric authentication that does not require any special hardware, easy to use as the same routine as normal password authentication. Therefore, this research proposed an authentication system using keystroke dynamics to prevent the system from intruders. A system is developed that consist of two parts which are enrolment and verification. Then, a prototype is developed for testing process that consists of 3 main modules, namely Enrolment, Client/Server Connection
and, Verification and Retraining. Based on the testing, the system proved that the keystroke dynamic authentication system was able to implement in client/server environment and shows the value of EER is low that indicates it provide a better system authentication. In future, the system can be improved by enhancing the security, performance, and user interface.
Database Security Two Way Authentication Using Graphical PasswordIJERA Editor
As data represent a key asset for today's organizations. The problem is that how to protect this data from
attackers, theft and misuse is at the forefront of any organization’s mind. Even though today several data
security techniques are available to protect database and computing infrastructure, many such as network
security and firewalls tools are unable to prevent attacks from insider. Insider is a person working in
organization who can try to access the sensitive data. This paper proposes a two-way authentication method
which fuses knowledge-based secret and personal trait information.
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
The majority of current web authentication is built
on username/password. Unfortunately, password
replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose
a new mutual authentication scheme called StrongAuth which preserves most password authentication
advantages and simultaneously improves security using cryptographic primitives. Our scheme not only
offers webmasters a clear framework which to build
secure user authentication, but it also provides almost
the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
Efficient and Secure Single Sign on Mechanism for Distributed NetworkIJERA Editor
Distributed network act as core part to access the various services which are available in the network. But the security related to distributed network is main concern. In this paper single sign-on SSO mechanism is introduced which gives access to all services by allowing to sign on only once by users. In this mechanism once user logs in to the Trusted Authority Center TAC then application or services which are register to trusted center will automatically verifies the user’s credentials details and these credentials like password or digital signature will be only one for all applications or services. Unlike all other previous mechanisms where in, if user wants to have access multiple services then for every service distinct user credentials (username, password) must be required. SSO act as single authentication window to user for admittance multiple service providers in networks. Previously introduced technique based SSO technology proved to be secure over well-designed SSO system, but fails to provide security during communication. So here emphasis is given on authentication as open problem and on to refining the already proposed SSO process. And to do this along with RSA algorithm which was used in previous SSO process, we will be using MAC algorithm, which is intended to provide secured pathway for communication over distributed network.TAC i.e. Trusted Authority Center is used for sending token integrated with private and shared public key to user.
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)IJNSA Journal
Despite their proven security breaches, text passwords have been dominating all other methods of human authentication over the web for tens of years, however, the frequent successful attacks that exploit the passwords vulnerable model raises the need to enhance web authentication security. This paper proposes BMBAT; a new authentication technique to replace passwords, that leverages the pervasive user mobile
devices, QR codes and the strength of symmetric and asymmetric cryptography. In BMBAT, the user’s mobile device acts as a user identity prover and a verifier for the server; it employs a challenge-response model with a dual mode of encryption using AES and RSA keys to mutually authenticate the client to the server and vice-versa. BMBAT combats a set of attack vectors including phishing attacks, man in the middle attacks, eavesdropping and session hijacking. A prototype of BMBAT has been developed and evaluated; the evaluation results show that BMBAT is a feasible and competitive alternative to passwords.
AN ENHANCED USER AUTHENTICATION FRAMEWORK IN CLOUD COMPUTINGIJNSA Journal
Recently, there are several studies have proposed user authentication frameworks to defend against different types of attacks such as phishing, replay attack, man in the middle attack and denial of service attack, etc. Most of these frameworks consist of three main phases, which are the registration phase, login phase, and authentication phase. Most of them have the changing password process as an additional activity.Many problemshave been noticed in the performance of these frameworks. For example, the registration phase is valunerable to internal attack such as SYN flood attack. In this work, we aim to propose a robust user authentication framework that overcomes the previous framework shortages. The proposed framework provides many security aspects such as remote authentication, mutual authentication, session key establishment,to mention a few. Besides, to ensure the security through all phases of this framework, we add a new phase called a Service Access Authentication Phase (SAAP).This phase is resposable of the internal verification .
Enhancing Security of Multimodal Biometric Authentication System by Implement...IOSR Journals
Abstract : Conventional personal identification techniques for instance passwords, tokens, ID card and PIN
codes are prone to theft or forgery and thus biometrics isa solution thereto. Biometrics is the way of recognizing
and scrutinizing the physical traits of a person. Automated biometrics verification caters as a conducive and
legitimate method, but there must be an assurance to its cogency. Furthermore, in most of the cases unimodal
biometric recognition is not able to meet the performance requirements of the applications. According to recent
trends, recognition based on multimodal biometrics is emerging at a greater pace. Multimodal biometrics
unifies two or more biometric traits and thus the issues that emerge in unimodal recognition can be mitigated in
multimodal biometric systems. But with the rapid ontogenesis of information technology, even the biometric
data is not secure. Digital watermarking is one such technique that is implemented to secure the biometric data
from inadvertent or premeditated attacks.This paper propounds an approach that is projected in both the
directions of improving the performance of biometric identification system by going multimodal and, increasing
the security through watermarking. The biometric traits are initially transformed using Discrete Wavelet and
Discrete Cosine Transformation and then watermarked using Singular Value Decomposition. Scheme depiction
and presented outcomes justifies the effectiveness of the scheme.
Keywords: Discrete Cosine Transform (DCT), Discrete Wavelet Transform (DWT), Multimodal biometrics,
Singular Value Decomposition, Watermarking
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
A Computational Dynamic Trust Model for User Authorization1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
A BASTION MOBILEID-BASED AUTHENTICATION TECHNIQUE (BMBAT)IJNSA Journal
Despite their proven security breaches, text passwords have been dominating all other methods of human authentication over the web for tens of years, however, the frequent successful attacks that exploit the passwords vulnerable model raises the need to enhance web authentication security. This paper proposes BMBAT; a new authentication technique to replace passwords, that leverages the pervasive user mobile
devices, QR codes and the strength of symmetric and asymmetric cryptography. In BMBAT, the user’s
mobile device acts as a user identity prover and a verifier for the server; it employs a challenge-response model with a dual mode of encryption using AES and RSA keys to mutually authenticate the client to the server and vice-versa. BMBAT combats a set of attack vectors including phishing attacks, man in the middle attacks, eavesdropping and session hijacking. A prototype of BMBAT has been developed and evaluated; the evaluation results show that BMBAT is a feasible and competitive alternative to passwords.
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSIJNSA Journal
The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme called StrongAuth which preserves most password authentication advantages and simultaneously improves security using cryptographic primitives. Our scheme not only offers webmasters a clear framework which to build secure user authentication, but it also provides almost the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...ijtsrd
Existing blockchain based identity systems are analyzed under the context of the university identity management requirements. The private or consortium blockchain is more suitable for identity system which will be used for university. The transparency of public blockchains raises some concerns for privacy and confidentiality. The most important issue is that the volume of the data generated can be very large exceeding the practical storage capabilities of the current blockchain usages. The existing identity systems are not well fixed with the university identity management system really needs, especially they remain needing the relevant issue of effective consent revocation. The append only storage of blockchain can be a barrier for implementing the revocability of consent. Some private blockchain based system has the potential vendor lock in effects. Thus, hybrid identity system is suggested for university identity management. Kyaw Soe Moe | Mya Mya Thwe "Investigation of Blockchain Based Identity System for Privacy Preserving University Identity Management System" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd28095.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/28095/investigation-of-blockchain-based-identity-system-for-privacy-preserving-university-identity-management-system/kyaw-soe-moe
ABSTRACT
Authentication based on passwords is used largely in applications for computer security and privacy. However, human actions such as choosing bad passwords and inputting passwords in an insecure way are regarded as ”the weakest link” in the authentication chain. Rather than arbitrary alphanumeric strings, users tend to choose passwords either short or meaningful for easy memorization. With web applications and mobile apps piling up, people can access these applications anytime and anywhere with various devices. This evolution brings great convenience but also increases the probability of exposing passwords to shoulder surfing attacks. Attackers can observe directly or use external recording devices to collect users’ credentials. To overcome this problem, we proposed a novel authentication system PassMatrix, based on graphical passwords to resist shoulder surfing attacks. With a one-time valid login indicator and circulative horizontal and vertical bars covering the entire scope of pass-images, PassMatrix offers no hint for attackers to figure out or narrow down the password even they conduct multiple camera-based attacks. We also implemented a PassMatrix prototype on Android and carried out real user experiments to evaluate its memorability and usability. From the experimental result, the proposed system achieves better resistance to shoulder surfing attacks while maintaining usability.
Keywords:- Graphical Passwords, Authentication, Shoulder Surfing Attack.
Three Step Multifactor Authentication Systems for Modern Securityijtsrd
Three factor authentication includes all major features in password authentication such as one factor authentication. Using passwords and two factor authentication is not enough to provide the best protection in the digital age significantly. Advances in the field of information technology. Even when one or two feature authentication was used to protect the remote control system, hacking tools, it was a simple computer program to collect private keys, and private generators made it difficult to provide protection. Security threats based on malware, such as key trackers installed, continue to be available to improve security risks. This requires the use of safe and easy to use materials. As a result, Three Level Security is an easy to use software. Soumyashree RK | Goutham S "Three Step Multifactor Authentication Systems for Modern Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49785.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49785/three-step-multifactor-authentication-systems-for-modern-security/soumyashree-rk
Design and develop authentication in electronic payment systems based on IoT ...TELKOMNIKA JOURNAL
Biometrics is a highly reliable technology where it has become possible to use the characteristics of a person or user (biometrics) along with traditional passwords, and we can even say that it has become an indispensable complement in modern authentication systems today, especially with regard to bank accounts, banks, financial technology (FinTech) internet of things (IoT) devices and all a process related to money and privacy, and biometric methods are multiple and increasing day by day, the most famous of which is (iris, face chart, palm, fingerprint, and others). Biometric systems are immune and immune from modern electronic attacks, such as plagiarism or electronic theft, because the authentication here takes place when all conditions are met. Then the authentication is done and the process is completed, and the aim is to reach the highest levels of accuracy and security and to make the user more comfortable to deal with these modern systems that provide him with many advantages and high privacy.
Online Signature Authentication by Using Mouse Behavior Editor IJCATR
Several large-scale parole leakages exposed users to associate unprecedented risk of speech act and abuse of their data. associate inadequacy of password-based authentication mechanisms is turning into a serious concern for the complete data society. carries with it 3 major modules: (1) Mouse–Behavior dynamics Capture, (2) Feature Construction, and (3) coaching or Classification. the primary module serves to make a taking mouse behavior user signs. The second module is employed to extract holistic and procedural options to characterize mouse behavior and to map the raw options into distance-based options by exploitation numerous distance metrics. The third module, within the coaching section, applies neural network on the distance-based feature vectors to reckon the predominant feature elements, then builds the user’s profile employing a one-class classifier. within the classification section, it determines the user’s identity exploitation the trained classifier within the distance-based feature exploitation NN. A four Digit OTP is generated to the user’s email ID. The user are going to be giving the ‘2’ digit OTP and therefore the server are going to be giving balance ‘2’ digit OTP. Users ‘2’ digit OTP is verified by the server and contrariwise.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Continuous and Transparent User Identity Verification for Secure Internet Services
1. Continuous and Transparent User Identity
Verification for Secure Internet Services
Andrea Ceccarelli, Leonardo Montecchi, Francesco Brancati, Paolo Lollini,
Angelo Marguglio, and Andrea Bondavalli, Member, IEEE
Abstract—Session management in distributed Internet services is traditionally based on username and password, explicit logouts and
mechanisms of user session expiration using classic timeouts. Emerging biometric solutions allow substituting username and
password with biometric data during session establishment, but in such an approach still a single verification is deemed sufficient, and
the identity of a user is considered immutable during the entire session. Additionally, the length of the session timeout may impact on
the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by applying biometrics
in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The
protocol determines adaptive timeouts based on the quality, frequency and type of biometric data transparently acquired from the user.
The functional behavior of the protocol is illustrated through Matlab simulations, while model-based quantitative analysis is carried out
to assess the ability of the protocol to contrast security attacks exercised by different kinds of attackers. Finally, the current prototype
for PCs and Android smartphones is discussed.
Index Terms—Security, web servers, mobile environments, authentication
Ç
1 INTRODUCTION
SECURE user authentication is fundamental in most of
modern ICT systems. User authentication systems are
traditionally based on pairs of username and password and
verify the identity of the user only at login phase. No checks
are performed during working sessions, which are termi-
nated by an explicit logout or expire after an idle activity
period of the user.
Security of web-based applications is a serious concern,
due to the recent increase in the frequency and complexity
of cyber-attacks; biometric techniques [10] offer emerging
solution for secure and trusted authentication, where user-
name and password are replaced by biometric data. How-
ever, parallel to the spreading usage of biometric systems,
the incentive in their misuse is also growing, especially con-
sidering their possible application in the financial and bank-
ing sectors [20], [11].
Such observations lead to arguing that a single authenti-
cation point and a single biometric data cannot guarantee a
sufficient degree of security [5], [7]. In fact, similarly to tra-
ditional authentication processes which rely on username
and password, biometric user authentication is typically for-
mulated as a “single shot” [8], providing user verification
only during login phase when one or more biometric traits
may be required. Once the user’s identity has been verified,
the system resources are available for a fixed period of time
or until explicit logout from the user. This approach
assumes that a single verification (at the beginning of the
session) is sufficient, and that the identity of the user is con-
stant during the whole session. For instance, we consider
this simple scenario: a user has already logged into a secu-
rity-critical service, and then the user leaves the PC unat-
tended in the work area for a while. This problem is even
trickier in the context of mobile devices, often used in public
and crowded environments, where the device itself can be
lost or forcibly stolen while the user session is active, allow-
ing impostors to impersonate the user and access strictly
personal data. In these scenarios, the services where the
users are authenticated can be misused easily [8], [5]. A
basic solution is to use very short session timeouts and peri-
odically request the user to input his/her credentials over
and over, but this is not a definitive solution and heavily
penalizes the service usability and ultimately the satisfac-
tion of users.
To timely detect misuses of computer resources and pre-
vent that an unauthorized user maliciously replaces an
authorized one, solutions based on multi-modal biometric
continuous authentication [5] are proposed, turning user veri-
fication into a continuous process rather than a onetime
occurrence [8]. To avoid that a single biometric trait is
forged, biometrics authentication can rely on multiple bio-
metrics traits. Finally, the use of biometric authentication
allows credentials to be acquired transparently, i.e., without
explicitly notifying the user or requiring his/her interaction,
which is essential to guarantee better service usability. We
present some examples of transparent acquisition of biomet-
ric data. Face can be acquired while the user is located in
front of the camera, but not purposely for the acquisition of
A. Ceccarelli, L. Montecchi, P. Lollini, and A. Bondavalli are with the
Department of Mathematics and Informatics, University of Firenze, Viale
Morgagni 65, 50134 Firenze, Italy. E-mail: {andrea.ceccarelli,
leonardo.montecchi, paolo.lollini, bondavalli}@unifi.it.
F. Brancati is with Resiltech S.R.L., Piazza Iotti 25, 56025 Pontedera,
Pisa, Italy. E-mail: francesco.brancati@resiltech.com.
A. Marguglio is with Engineering Ingegneria Informatica S.p.A., Viale
Regione Siciliana 7275, 90146 Palermo, Italy.
E-mail: angelo.marguglio@eng.it.
Manuscript received 12 Nov. 2012; revised 18 Dec. 2013; accepted 22 Dec.
2013. Date of publication 8 Jan. 2014; date of current version 15 May 2015.
For information on obtaining reprints of this article, please send e-mail to:
reprints@ieee.org, and reference the Digital Object Identifier below.
Digital Object Identifier no. 10.1109/TDSC.2013.2297709
270 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 3, MAY/JUNE 2015
1545-5971 ß 2013 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
2. the biometric data; e.g., the user may be reading a textual
SMS or watching a movie on the mobile phone. Voice can
be acquired when the user speaks on the phone, or with
other people nearby if the microphone always captures
background. Keystroke data can be acquired whenever the
user types on the keyboard, for example, when writing an
SMS, chatting, or browsing on the Internet. This approach
differentiates from traditional authentication processes,
where username/password are requested only once at login
time or explicitly required at confirmation steps; such tradi-
tional authentication approaches impair usability for
enhanced security, and offer no solutions against forgery or
stealing of passwords.
This paper presents a new approach for user verification
and session management that is applied in the context
aware security by hierarchical multilevel architectures
(CASHMA) [1]) system for secure biometric authentication
on the Internet. CASHMA is able to operate securely with
any kind of web service, including services with high secu-
rity demands as online banking services, and it is intended
to be used from different client devices, e.g., smartphones,
Desktop PCs or even biometric kiosks placed at the entrance
of secure areas. Depending on the preferences and require-
ments of the owner of the web service, the CASHMA
authentication service can complement a traditional authen-
tication service, or can replace it.
The approach we introduced in CASHMA for usable and
highly secure user sessions is a continuous sequential (a single
biometric modality at once is presented to the system [22])
multi-modal biometric authentication protocol, which adap-
tively computes and refreshes session timeouts on the basis
of the trust put in the client. Such global trust is evaluated as
a numeric value, computed by continuously evaluating the
trust both in the user and the (biometric) subsystems used for
acquiring biometric data. In the CASHMA context, each
subsystem comprises all the hardware/software elements
necessary to acquire and verify the authenticity of one bio-
metric trait, including sensors, comparison algorithms and
all the facilities for data transmission and management.
Trust in the user is determined on the basis of frequency of
updates of fresh biometric samples, while trust in each sub-
system is computed on the basis of the quality and variety
of sensors used for the acquisition of biometric samples,
and on the risk of the subsystem to be intruded.
Exemplary runs carried out using Matlab are reported,
and a quantitative model-based security analysis of the
protocol is performed combining the stochastic activity
networks (SANs [16]) and ADversary VIew Security Eval-
uation (ADVISE [12]) formalisms.
The driving principles behind our protocol were briefly
discussed in the short paper [18], together with minor quali-
tative evaluations. This paper extends [18] both in the
design and the evaluation parts, by providing an in-depth
description of the protocol and presenting extensive qualita-
tive and quantitative analysis.
The rest of the paper is organized as follows. Section 2
introduces the preliminaries to our work. Section 3 illus-
trates the architecture of the CASHMA system, while
Sections 4 describes our continuous authentication proto-
col. Exemplary simulations of the protocol using Matlab
are shown in Section 5, while Section 6 presents a
quantitative model-based analysis of the security proper-
ties of the protocol. Section 7 present the running proto-
type, while concluding remarks are in Section 8.
2 PRELIMINARIES
2.1 Continuous Authentication
A significant problem that continuous authentication aims
to tackle is the possibility that the user device (smartphone,
table, laptop, etc.) is used, stolen or forcibly taken after the
user has already logged into a security-critical service, or
that the communication channels or the biometric sensors
are hacked.
In [7] a multi-modal biometric verification system is
designed and developed to detect the physical presence of
the user logged in a computer. The proposed approach
assumes that first the user logs in using a strong authentica-
tion procedure, then a continuous verification process is
started based on multi-modal biometric. Verification failure
together with a conservative estimate of the time required
to subvert the computer can automatically lock it up. Simi-
larly, in [5] a multi-modal biometric verification system is
presented, which continuously verifies the presence of a
user working with a computer. If the verification fails, the
system reacts by locking the computer and by delaying or
freezing the user’s processes.
The work in [8] proposes a multi-modal biometric contin-
uous authentication solution for local access to high-security
systems as ATMs, where the raw data acquired are
weighted in the user verification process, based on i) type of
the biometric traits and ii) time, since different sensors are
able to provide raw data with different timings. Point ii)
introduces the need of a temporal integration method which
depends on the availability of past observations: based on
the assumption that as time passes, the confidence in the
acquired (aging) values decreases. The paper applies a
degeneracy function that measures the uncertainty of the
score computed by the verification function. In [22], despite
the focus is not on continuous authentication, an automatic
tuning of decision parameters (thresholds) for sequential
multi-biometric score fusion is presented: the principle to
achieve multimodality is to consider monomodal biometric
subsystems sequentially.
In [3] a wearable authentication device (a wristband) is
presented for a continuous user authentication and trans-
parent login procedure in applications where users are
nomadic. By wearing the authentication device, the user
can login transparently through a wireless channel, and can
transmit the authentication data to computers simply
approaching them.
2.2 Quantitative Security Evaluation
Security assessment relied for several years on qualitative
analyses only. Leaving aside experimental evaluation and
data analysis [26], [25], model-based quantitative security
assessment is still far from being an established technique
despite being an active research area.
Specific formalisms for security evaluation have been
introduced in literature, enabling to some extent the quanti-
fication of security. Attack trees are closely related to fault
trees: they consider a security breach as a system failure,
CECCARELLI ET AL.: CONTINUOUS AND TRANSPARENT USER IDENTITY VERIFICATION FOR SECURE INTERNET SERVICES 271
3. and describe sets of events that can lead to system failure in
a combinatorial way [14]; they however do not consider the
notion of time. Attack graphs [13] extend attack trees by
introducing the notion of state, thus allowing more complex
relations between attacks to be described. Mission oriented
risk and design analysis (MORDA) assesses system risk by
calculating attack scores for a set of system attacks. The
scores are based on adversary attack preferences and the
impact of the attack on the system [23]. The recently intro-
duced Adversary VIew Security Evaluation formalism [12]
extends the attack graph concept with quantitative informa-
tion and supports the definition of different attackers
profiles.
In CASHMA assessment, the choice of ADVISE was
mainly due to: i) its ability to model detailed adversary pro-
files, ii) the possibility to combine it with other stochastic
formalisms as the M€obius multi-formalism [15], and iii) the
ability to define ad-hoc metrics for the system we were tar-
geting. This aspect is explored in Section 6.
2.3 Novelty of Our Approach
Our continuous authentication approach is grounded on
transparent acquisition of biometric data and on adaptive
timeout management on the basis of the trust posed in the
user and in the different subsystems used for authentica-
tion. The user session is open and secure despite possible
idle activity of the user, while potential misuses are detected
by continuously confirming the presence of the proper user.
Our continuous authentication protocol significantly dif-
fers from the work we surveyed in the biometric field as it
operates in a very different context. In fact, it is integrated in
a distributed architecture to realize a secure and usable
authentication service, and it supports security-critical web
services accessible over the Internet. We remark that
although some very recent initiatives for multi-modal bio-
metric authentication over the Internet exist (e.g., the BioID
BaaS—Biometric Authentication as a Service is presented in
2011 as the first multi-biometric authentication service based
on the Single Sign-On [4]), to the authors’ knowledge none of
such approaches supports continuous authentication.
Another major difference with works [5] and [7] is that
our approach does not require that the reaction to a user
verification mismatch is executed by the user device (e.g.,
the logout procedure), but it is transparently handled by the
CASHMA authentication service and the web services,
which apply their own reaction procedures.
The length of the session timeout in CASHMA is calcu-
lated according to the trust in the users and the biometric
subsystems, and tailored on the security requirements of
the service. This provides a tradeoff between usability and
security. Although there are similarities with the overall
objectives of the decay function in [8] and the approach for
sequential multi-modal system in [22], the reference sys-
tems are significantly different. Consequently, different
requirements in terms of data availability, frequency, qual-
ity, and security threats lead to different solutions [27].
2.4 Basic Definitions
In this section we introduce the basic definitions that are
adopted in this paper. Given n unimodal biometric
subsystems Sk, with k ¼ 1; 2; :::; n that are able to decide
independently on the authenticity of a user, the False Non-
Match Rate, FNMRk, is the proportion of genuine compari-
sons that result in false non-matches. False non-match is the
decision of non-match when comparing biometric samples
that are from same biometric source (i.e., genuine compari-
son) [10]. It is the probability that the unimodal system Sk
wrongly rejects a legitimate user. Conversely, the False
Match Rate, FMRk, is the probability that the unimodal sub-
system Sk makes a false match error [10], i.e., it wrongly
decides that a non legitimate user is instead a legitimate one
(assuming a fault-free and attack-free operation). Obvi-
ously, a false match error in a unimodal system would lead
to authenticate a non legitimate user. To simplify the discus-
sion but without losing the general applicability of the
approach, hereafter we consider that each sensor allows
acquiring only one biometric trait; e.g., having n sensors
means that at most n biometric traits are used in our sequen-
tial multimodal biometric system.
The subsystem trust level mðSk; tÞ is the probability that the
unimodal subsystem Sk at time t does not authenticate an
impostor (a non-legitimate user) considering both the qual-
ity of the sensor (i.e., FMRk) and the risk that the subsystem
is intruded.
The user trust level g(u, t) indicates the trust placed by
the CASHMA authentication service in the user u at
time t, i.e., the probability that the user u is a legitimate
user just considering his behavior in terms of device uti-
lization (e.g., time since last keystroke or other action)
and the time since last acquisition of biometric data.
The global trust level trustðu; tÞ describes the belief that at
time t the user u in the system is actually a legitimate user,
considering the combination of all subsystems trust levels
mðSk¼1;:::n; tÞ and of the user trust level g(u, t).
The trust threshold gmin is a lower threshold on the global
trust level required by a specific web service; if the resulting
global trust level at time t is smaller than gmin (i.e.,
gðu; tÞ gmin), the user u is not allowed to access to the ser-
vice. Otherwise if g(u,t) ! gmin the user u is authenticated
and is granted access to the service.
3 THE CASHMA ARCHITECTURE
3.1 Overall View of the System
The overall system is composed of the CASHMA authen-
tication service, the clients and the web services (Fig. 1),
connected through communication channels. Each com-
munication channel in Fig. 1 implements specific security
measures which are not discussed here for brevity.
Fig. 1. Overall view of the CASHMA architecture.
272 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 3, MAY/JUNE 2015
4. The CASHMA authentication service includes: i) an
authentication server, which interacts with the clients, ii) a set
of high-performing computational servers that perform com-
parisons of biometric data for verification of the enrolled
users, and iii) databases of templates that contain the biometric
templates of the enrolled users (these are required for user
authentication/verification). The web services are the various
services that use the CASHMA authentication service and
demand the authentication of enrolled users to the
CASHMA authentication server. These services are poten-
tially any kind of Internet service or application with
requirements on user authenticity. They have to be regis-
tered to the CASHMA authentication service, expressing
also their trust threshold. If the web services adopt the con-
tinuous authentication protocol, during the registration pro-
cess they shall agree with the CASHMA registration office
on values for parameters h; k and s used in Section 4.2.
Finally, by clients we mean the users’ devices (laptop and
desktop PCs, smartphones, tablet, etc.) that acquire the bio-
metric data (the raw data) corresponding to the various bio-
metric traits from the users, and transmit those data to the
CASHMA authentication server as part of the authentica-
tion procedure towards the target web service. A client con-
tains i) sensors to acquire the raw data, and ii) the
CASHMA application which transmits the biometric data to
the authentication server. The CASHMA authentication
server exploits such data to apply user authentication and
successive verification procedures that compare the raw
data with the stored biometric templates.
Transmitting raw data has been a design decision
applied to the CASHMA system, to reduce to a minimum
the dimension, intrusiveness and complexity of the applica-
tion installed on the client device, although we are aware
that the transmission of raw data may be restricted, for
example, due to National legislations.
CASHMA includes countermeasures to protect the bio-
metric data and to guarantee users’ privacy, including poli-
cies and procedures for proper registration; protection of
the acquired data during its transmission to the authentica-
tion and computational servers and its storage; robustness
improvement of the algorithm for biometric verification
[24]. Privacy issues still exist due to the acquisition of data
from the surrounding environment as, for example, voices
of people nearby the CASHMA user, but are considered out
of scope for this paper.
The continuous authentication protocol explored in this
paper is independent from the selected architectural choices
and can work with no differences if templates and feature
sets are used instead of transmitting raw data, or indepen-
dently from the set of adopted countermeasures.
3.2 Sample Application Scenario
CASHMA can authenticate to web services, ranging from
services with strict security requirements as online banking
services to services with reduced security requirements as
forums or social networks. Additionally, it can grant access
to physical secure areas as a restricted zone in an airport, or
a military zone (in such cases the authentication system can
be supported by biometric kiosk placed at the entrance of
the secure area). We explain the usage of the CASHMA
authentication service by discussing the sample application
scenario in Fig. 2 where a user u wants to log into an online
banking service using a smartphone.
It is required that the user and the web service are
enrolled to the CASHMA authentication service. We
assume that the user is using a smartphone where a
CASHMA application is installed.
The smartphone contacts the online banking service,
which replies requesting the client to contact the CASHMA
authentication server and get an authentication certificate.
Using the CASHMA application, the smartphone sends its
unique identifier and biometric data to the authentication
server for verification. The authentication server verifies the
user identity, and grants the access if: i) it is enrolled in the
CASHMA authentication service, ii) it has rights to access
the online banking service and, iii) the acquired biometric
data match those stored in the templates database associ-
ated to the provided identifier. In case of successful user
verification, the CASHMA authentication server releases an
authentication certificate to the client, proving its identity to
third parties, and includes a timeout that sets the maximum
duration of the user session. The client presents this certifi-
cate to the web service, which verifies it and grants access to
the client.
The CASHMA application operates to continuously
maintain the session open: it transparently acquires biomet-
ric data from the user, and sends them to the CASHMA
authentication server to get a new certificate. Such certifi-
cate, which includes a new timeout, is forwarded to the web
service to further extend the user session.
3.3 The CASHMA Certificate
In the following we present the information contained in the
body of the CASHMA certificate transmitted to the client by
the CASHMA authentication server, necessary to under-
stand details of the protocol.
Time stamp and sequence number univocally identify each
certificate, and protect from replay attacks.
ID is the user ID, e.g., a number.
Decision represents the outcome of the verification proce-
dure carried out on the server side. It includes the expiration
time of the session, dynamically assigned by the CASHMA
authentication server. In fact, the global trust level and the
session timeout are always computed considering the time
instant in which the CASHMA application acquires the bio-
metric data, to avoid potential problems related to unknown
delays in communication and computation. Since such
delays are not predicable, simply delivering a relative time-
out value to the client is not feasible: the CASHMA server
Fig. 2. Example scenario: accessing an online banking service using a
smartphone.
CECCARELLI ET AL.: CONTINUOUS AND TRANSPARENT USER IDENTITY VERIFICATION FOR SECURE INTERNET SERVICES 273
5. therefore provides the absolute instant of time at which the
session should expire.
4 THE CONTINUOUS AUTHENTICATION PROTOCOL
The continuous authentication protocol allows providing
adaptive session timeouts to a web service to set up and
maintain a secure session with a client. The timeout is
adapted on the basis of the trust that the CASHMA authen-
tication system puts in the biometric subsystems and in the
user. Details on the mechanisms to compute the adaptive
session timeout are presented in Section 4.2.
4.1 Description of the Protocol
The proposed protocol requires a sequential multi-modal
biometric system composed of n unimodal biometric sub-
systems that are able to decide independently on the
authenticity of a user. For example, these subsystems can be
one subsystem for keystroke recognition and one for face
recognition.
The idea behind the execution of the protocol is that the
client continuously and transparently acquires and trans-
mits evidence of the user identity to maintain access to a
web service. The main task of the proposed protocol is to
create and then maintain the user session adjusting the ses-
sion timeout on the basis of the confidence that the identity
of the user in the system is genuine.
The execution of the protocol is composed of two conse-
cutive phases: the initial phase and the maintenance phase.
The initial phase aims to authenticate the user into the system
and establish the session with the web service. During the
maintenance phase, the session timeout is adaptively updated
when user identity verification is performed using fresh raw
data provided by the client to the CASHMA authentication
server. These two phases are detailed hereafter with the
help of Figs. 3 and 4.
Initial phase. This phase is structured as follows:
The user (the client) contacts the web service for a
service request; the web service replies that a valid
certificate from the CASHMA authentication service
is required for authentication.
Using the CASHMA application, the client contacts
the CASHMA authentication server. The first step
consists in acquiring and sending at time t0 the data
for the different biometric traits, specifically selected
to perform a strong authentication procedure (step 1).
The application explicitly indicates to the user the
biometric traits to be provided and possible retries.
The CASHMA authentication server analyzes the
biometric data received and performs an authenti-
cation procedure. Two different possibilities arise
here. If the user identity is not verified (the global
trust level is below the trust threshold gmin), new
or additional biometric data are requested (back
to step 1) until the minimum trust threshold gmin
is reached. Instead if the user identity is success-
fully verified, the CASHMA authentication server
authenticates the user, computes an initial timeout
of length T0 for the user session, set the expiration
time at T0 þ t0, creates the CASHMA certificate
and sends it to the client (step 2).
The client forwards the CASHMA certificate to the
web service (step 3) coupling it with its request.
The web service reads the certificate and authorizes
the client to use the requested service (step 4) until
time t0 þ T0.
For clarity, steps 1-4 are represented in Fig. 3 for the case
of successful user verification only.
Maintenance phase. It is composed of three steps repeated
iteratively:
When at time ti the client application acquires fresh
(new) raw data (corresponding to one biometric trait),
it communicates them to the CASHMA authentica-
tion server (step 5). The biometric data can be
acquired transparently to the user; the user may how-
ever decide to provide biometric data which are
unlikely acquired in a transparent way (e.g., finger-
print). Finally when the session timeout is going to
expire, the client may explicitly notify to the user that
fresh biometric data are needed.
The CASHMA authentication server receives the bio-
metric data from the client and verifies the identity
of the user. If verification is not successful, the user
is marked as not legitimate, and consequently the
CASHMA authentication server does not operate to
refresh the session timeout. This does not imply that
the user is cut-off from the current session: if other
biometric data are provided before the timeout
expires, it is still possible to get a new certificate and
refresh the timeout. If verification is successful, the
CASHMA authentication server applies the algo-
rithm detailed in Section 4.2 to adaptively compute a
new timeout of length Ti, the expiration time of the
session at time Ti þ ti and then it creates and sends a
new certificate to the client (step 6).
The client receives the certificate and forwards it to
the web service; the web service reads the certificate
Fig. 3. Initial phase in case of successful user authentication.
Fig. 4. Maintenance phase in case of successful user verification.
274 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 3, MAY/JUNE 2015
6. and sets the session timeout to expire at time ti þ Ti
(step 7).
The steps of the maintenance phase are represented in
Fig. 4 for the case of successful user verification (step 6b).
4.2 Trust Levels and Timeout Computation
The algorithm to evaluate the expiration time of the session
executes iteratively on the CASHMA authentication server.
It computes a new timeout and consequently the expiration
time each time the CASHMA authentication server receives
fresh biometric data from a user. Let us assume that the ini-
tial phase occurs at time t0 when biometric data is acquired
and transmitted by the CASHMA application of the user u,
and that during the maintenance phase at time ti t0 for
any i ¼ 1; :::; m new biometric data is acquired by the
CASHMA application of the user u (we assume these data
are transmitted to the CASHMA authentication server and
lead to successful verification, i.e., we are in the conditions
of Fig. 4). The steps of the algorithm described hereafter are
executed.
To ease the readability of the notation, in the following
the user u is often omitted; for example, gðtiÞ ¼ gðu; tiÞ.
4.2.1 Computation of Trust in the Subsystems
The algorithm starts computing the trust in the subsystems.
Intuitively, the subsystem trust level could be simply set to
the static value mðSk; tÞ ¼ 1 À FMRðSkÞ for each unimodal
subsystem Sk and any time t (we assume that information
on the subsystems used, including their FMRs, is contained
in a repository accessible by the CASHMA authentication
server). Instead we apply a penalty function to calibrate the
trust in the subsystems on the basis of its usage. Basically,
in our approach the more the subsystem is used, the less it
is trusted: to avoid that a malicious user is required to
manipulate only one biometric trait (e.g., through sensor
spoofing [10]) to keep authenticated to the online service,
we decrease the trust in those subsystems which are repeat-
edly used to acquire the biometric data.
In the initial phase mðSk; t0Þ is set to 1 À FMRðSkÞ for
each subsystem Sk used. During the maintenance phase, a
penalty function is associated to consecutive authentications
performed using the same subsystem as follows:
penalty ðx; hÞ ¼ exÁh
;
where x is the number of consecutive authentication
attempts using the same subsystem and h 0 is a
parameter used to tune the penalty function. This function
increases exponentially; this means that using the same sub-
system for several authentications heavily increases the
penalty.
The computation of the penalty is the first step for the
computation of the subsystem trust level. If the same
subsystem is used in consecutive authentications, the
subsystem trust level is a multiplication of i) the subsys-
tem trust level mðSk; tiÀ1Þ computed in the previous exe-
cution of the algorithm, and ii) the inverse of the penalty
function (the higher is the penalty, the lower is the sub-
system trust level):
mðSk; tiÞ ¼ mðSk; tiÀ1Þ Á ðpenalty ðx; hÞÞÀ1
:
Otherwise if the subsystem is used for the first time or in
non-consecutive user identity verification, mðSk; tiÞ is set
to 1 À FMRðSkÞ. This computation of the penalty is intui-
tive but fails if more than one subsystem are compro-
mised (e.g., two fake biometric data can be provided in
an alternate way). Other formulations that include the
history of subsystems usage can be identified but are
outside the scope of this paper.
4.2.2 Computation of Trust in the User
As time passes from the most recent user identity verifica-
tion, the probability that an attacker substituted to the legiti-
mate user increases, i.e., the level of trust in the user
decreases. This leads us to model the user trust level
through time using a function which is asymptotically
decreasing towards zero. Among the possible models we
selected the function in (1), which: i) asymptotically
decreases towards zero; ii) yields trustðtiÀ1Þ for D ti ¼ 0;
and iii) can be tuned with two parameters which control the
delay ðsÞ and the slope ðkÞ with which the trust level
decreases over time (Figs. 5 and 6). Different functions may
be preferred under specific conditions or users require-
ments; in this paper we focus on introducing the protocol,
which can be realized also with other functions.
During the initial phase, the user trust level is simply set
to gðt0Þ ¼ 1. During the maintenance phase, the user trust
level is computed for each received fresh biometric data.
The user trust level at time ti is given by:
gðtiÞ ¼
À
ÀarctanððDti À sÞ Á kÞ þ p
2
Á
Á trustðtiÀ1Þ
ÀarctanðÀs Á kÞ þ p
2
: (1)
Fig. 5. Evolution of the user trust level when k ¼ ½0:01; 0:05; 0:1Š and
s ¼ 40. Fig. 6. Evolution of the user trust level when k ¼ 0:05 and s ¼ ½20; 40; 60Š.
CECCARELLI ET AL.: CONTINUOUS AND TRANSPARENT USER IDENTITY VERIFICATION FOR SECURE INTERNET SERVICES 275
7. Value D ti ¼ ti À tiÀ1 is the time interval between
two data transmissions; trustðtiÀ1Þ instead is the global
trust level computed in the previous iteration of the
algorithm. Parameters k and s are introduced to tune the
decreasing function: k impacts on the inclination towards
the falling inflection point, while s translates the inflec-
tion point horizontally, i.e., allows anticipating or delay-
ing the decay.
Figs. 5 and 6 show the user trust level for different values
of s and k. Note that s and k allow adapting the algorithm to
different services: for example, services with strict security
requirements as banking services may adopt a high k value
and a small s value to have a faster decrease of the user trust
level. Also we clarify that in Figs. 5, 6 and in the following of
the paper, we intentionally avoid using measurements units
for time quantities (e.g., seconds), since they depend upon
the involved application and do not add significant value to
the discussion.
4.2.3 Merging User Trust and Subsystems Trust:
The Global Trust Level
The global trust level is finally computed combining the
user trust level with the subsystem trust level.
In the initial phase, multiple subsystems may be used to
perform an initial strong authentication. Let n be the num-
ber of different subsystems, the global trust level is first
computed during the initial phase as follows:
trustðt0Þ ¼ 1 À Pk¼1;...;nð1 À mðSk; t0ÞÞ: (2)
Equation (2) includes the subsystem trust level of all sub-
systems used in the initial phase. We remind that for the
first authentication mðSk; t0Þ is set to 1 À FMRðSkÞ. The dif-
ferent subsystems trust levels are combined adopting the
OR-rule from [2], considering only the false acceptance rate:
each subsystem proposes a score, and the combined score is
more accurate than the score of each individual subsystem.
The first authentication does not consider trust in the user
behavior, and only weights the trust in the subsystems. The
FNMR is not considered in this computation because it only
impact on the reliability of the session, while the user trust
level is intended only for security.
Instead, the global trust level in the maintenance phase is
a linear combination of the user trust level and the subsystem
trust level. Given the user trust level gðtiÞ and the subsystem
trust level mðSk; tiÞ, the global trust level is computed again
adopting the OR-rule from [2], this time with only two input
values. Result is as follows:
trustðtiÞ ¼ 1 À ð1 À gðtiÞÞ ð1 À mðSk; tiÞÞ
¼ gðtiÞ þ mðSk; tiÞ À gðtiÞ mðSk; tiÞ
¼ gðtiÞ þ ð1 À gðtiÞÞ mðSk; tiÞ:
(3)
4.2.4 Computation of the Session Timeout
The last step is the computation of the length Ti of the ses-
sion timeout. This value represents the time required by the
global trust level to decrease until the trust threshold gmin
(if no more biometric data are received). Such value can be
determined by inverting the user trust level function (1) and
solving it for D ti.
Starting from a given instant of time ti, we consider
tiþ1 as the instant of time at which the global trust level
reaches the minimum threshold gmin, i.e., gðtiþ1Þ ¼ gmin.
The timeout is then given by Ti ¼ D ti ¼ tiþ1 À ti. To
obtain a closed formula for such value we first instanti-
ated (1) for i þ 1, i.e., we substituted trustðtiÀ1Þ with
trustðtiÞ; D ti ¼ Ti and gðtiÞ ¼ gmin.
By solving for Ti, we finally obtain Equation (4), which
allows the CASHMA service to dynamically compute the
session timeout based on the current global trust level. The
initial phase and the maintenance phase are computed in
the same way: the length Ti of the timeout at time ti for the
user u is:
Ti ¼ tan
gmin Á ðarctanðÀs Á kÞ À p
2Þ
trustðtiÞ
þ
p
2
Á
1
k
þ s if Ti 0
0 otherwise:
8
:
(4)
It is then trivial to set the expiration time of the certificate
at Ti þ ti.
In Fig. 7 the length Ti of the timeout for different values
of gmin is shown; the higher is gmin, the higher are the secu-
rity requirements of the web service, and consequently the
shorter is the timeout.
5 EXEMPLARY RUNS
This section reports Matlab executions of the protocol. Four
different biometric traits acquired through four different
subsystems are considered for biometric verification: voice,
keystroke, fingerprint, and face.
We associate the following FMRs to each of them: 0.06 to
the voice recognition system (vocal data is acquired through
a microphone), 0.03 to the fingerprint recognition system
(the involved sensor is a fingerprint reader; the correspond-
ing biometric data are not acquired transparently but are
explicitly provided by the user), 0.05 to the facial recogni-
tion system (the involved sensor is a camera), and 0.08 to
keystroke recognition (a keyboard or a touch/tactile-screen
can be used for data acquisition). Note that the FMRs must
be set on the basis of the sensors and technologies used. We
also assume that the initial phase of the protocol needs only
one raw data.
Fig. 7. Timeout values for gmin 2 ½0:1; 0:9Š; k ¼ 0:05 and s ¼ 40.
276 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 3, MAY/JUNE 2015
8. The first scenario, depicted in Fig. 8, is a simple but rep-
resentative execution of the protocol: in 900 time units, the
CASHMA authentication server receives 20 fresh biometric
data from a user and performs successful verifications. The
upper part of Fig. 8 shows the behavior of the user trust
level (the continuous line) with the gmin threshold (the
dashed line) set to gmin ¼ 0:7. In the lower graph the evolu-
tion of the session timeout is shown (it is the continuous
line). When the continuous line intersects the dashed line,
the timeout expires. The time units are reported on the
x-axis. The k and s parameters are set to k ¼ 0:05 and
s ¼ 100. The first authentication is at time unit 112, followed
by a second one at time unit 124. The global trust level after
these first two authentications is 0.94. The corresponding
session timeout is set to expire at time unit 213: if no fresh
biometric data are received before time unit 213, the global
trust level intersects the threshold gmin. Indeed, this actually
happens: the session closes, and the global trust level is set
to 0. Session remains closed until a new authentication at
time unit 309 is performed. The rest of the experiment runs
in a similar way.
The next two runs provide two examples of how the
threshold gmin and the parameters k and s can be selected to
meet the security requirements of the web service. We rep-
resent the execution of the protocol to authenticate to two
web services with very different security requirements: the
first with low security requirements, and the second with
severe security requirements.
Fig. 9 describes the continuous authentication protocol
for the first system. The required trust on the legitimacy of
the user is consequently reduced; session availability and
transparency to the user are favored. The protocol is tuned
to maintain the session open with sparse authentications.
Given gmin ¼ 0:6, and parameters s ¼ 200 and k ¼ 0:005 set
for a slow decrease of user trust level, the plot in Fig. 9 con-
tains 10 authentications in 1,000 time units, showing a
unique timeout expiration after 190 time units from the first
authentication.
Fig. 10 describes the continuous authentication protocol
applied to a web service with severe security requirements.
In this case, session security is preferred to session
availability or transparency to the user: the protocol is tuned
to maintain the session open only if biometric data are pro-
vided frequently and with sufficient alternation between
the available biometric traits. Fig. 10 represents the global
trust level of a session in which authentication data are pro-
vided 40 times in 1,000 time units using gmin ¼ 0:9, and the
parameters s ¼ 90 and k ¼ 0:003 set for rapid decrease.
Maintaining the session open requires very frequent trans-
missions of biometric data for authentication. This comes at
the cost of reduced usability, because a user which does not
use the device continuously will most likely incur in time-
out expiration.
6 SECURITY EVALUATION
A complete analysis of the CASHMA system was carried
out during the CASHMA project [1], complementing tradi-
tional security analysis techniques with techniques for
quantitative security evaluation. Qualitative security analy-
sis, having the objective to identify threats to CASHMA and
select countermeasures, was guided by general and
accepted schemas of biometric attacks and attack points as
[9], [10], [11], [21]. A quantitative security analysis of the
whole CASHMA system was also performed [6]. As this
paper focuses on the continuous authentication protocol
rather than the CASHMA architecture, we briefly summa-
rize the main threats to the system identified within the
project (Section 6.1), while the rest of this section (Sec-
tion 6.2) focuses on the quantitative security assessment of
the continuous authentication protocol.
6.1 Threats to the CASHMA System
Security threats to the CASHMA system have been ana-
lyzed both for the enrollment procedure (i.e., initial registra-
tion of an user within the system), and the authentication
procedure itself. We report here only on authentication. The
biometric system has been considered as decomposed in
Fig. 8. Global trust level (top) and session timeout (bottom) in a nominal
scenario.
Fig. 9. Global trust level and 10 authentications for a service with low
security requirements.
Fig. 10. Global trust level and 40 authentications for a service with high
security requirements.
CECCARELLI ET AL.: CONTINUOUS AND TRANSPARENT USER IDENTITY VERIFICATION FOR SECURE INTERNET SERVICES 277
9. functions from [10]. For authentication, we considered col-
lection of biometric traits, transmission of (raw) data, fea-
tures extraction, matching function, template search and
repository management, transmission of the matching
score, decision function, communication of the recognition
result (accept/reject decision).
Several relevant threats exist for each function identi-
fied [9], [10], [11]. For brevity, we do not consider threats
generic of ICT systems and not specific for biometrics
(e.g., attacks aimed to Deny of Service, eavesdropping,
man-in-the-middle, etc.). We thus mention the following.
For the collection of biometric traits, we identified sen-
sor spoofing and untrusted device, reuse of residuals to
create fake biometric data, impersonation, mimicry and
presentation of poor images (for face recognition). For the
transmission of (raw) data, we selected fake digital biomet-
ric, where an attacker submits false digital biometric data.
For the features extraction, we considered insertion of
imposter data, component replacement, override of feature
extraction (the attacker is able to interfere with the extrac-
tion of the feature set), and exploitation of vulnerabilities
of the extraction algorithm. For the matching function,
attacks we considered are insertion of imposter data, com-
ponent replacement, guessing, manipulation of match
scores. For template search and repository management,
all attacks considered are generic for repositories and not
specific to biometric systems. For the transmission of the
matching score, we considered manipulation of match
score. For the decision function, we considered hill climb-
ing (the attacker has access of the matching score, and itera-
tively submits modified data in an attempt to raise the
resulting matching score), system parameter override/
modification (the attacker has the possibility to change key
parameters as system tolerances in feature matching), com-
ponent replacement, decision manipulation. For the com-
munication of recognition result, we considered only
attacks typical of Internet communications.
Countermeasures were selected appropriately for each
function on the basis of the threats identified.
6.2 Quantitative Security Evaluation
6.2.1 Scenario and Measures of Interest
For the quantitative security evaluation of the proposed
protocol we consider a mobile scenario, where a registered
user uses the CASHMA service through a client installed on
a mobile device like a laptop, a smartphone or a similar
device. The user may therefore lose the device, or equiva-
lently leave it unattended for a time long enough for attack-
ers to compromise it and obtain authentication. Moreover,
the user may lose the control of the device (e.g., he/she may
be forced to hand over it) while a session has already been
established, thus reducing the effort needed by the attacker.
In the considered scenario the system works with three bio-
metric traits: voice, face, and fingerprint.
A security analysis on the first authentication performed
to acquire the first certificate and open a secure session has
been provided in [6]. We assume here that the attacker has
already been able to perform the initial authentication (or to
access to an already established session), and we aim to
evaluate how long he is able to keep the session alive, at
varying of the parameters of the continuous authentication
algorithm and the characteristics of the attacker. The meas-
ures of interest that we evaluate in this paper are the follow-
ing: i) PkðtÞ: Probability that the attacker is able to keep the
session alive until the instant t, given that the session has
been established at the instant t ¼ 0; ii) Tk: Mean time for
which the attacker is able to keep the session alive.
Since most of the computation is performed server-side,
we focus on attacks targeting the mobile device. In order to
provide fresh biometric data, the attacker has to compro-
mise one of the three biometric modalities. This can be
accomplished in several ways; for example, by spoofing the
biometric sensors (e.g., by submitting a recorded audio sam-
ple, or a picture of the accounted user), or by exploiting
cyber-vulnerabilities of the device (e.g., through a “reuse of
residuals” attack [9]). We consider three kind of abilities for
attackers: spoofing, as the ability to perform sensor spoofing
attacks, hacking as the ability to perform cyber attacks, and
lawfulness, as the degree to which the attacker is prepared to
break the law.
The actual skills of the attacker influence the chance of a
successful attack, and the time required to perform it. For
example, having a high hacking skill reduces the time
required to perform the attack, and also increases the suc-
cess probability: an attacker having high technological skills
may able to compromise the system is such a way that the
effort required to spoof sensors is reduced (e.g., by altering
the data transmitted by the client device).
6.2.2 The ADVISE [12] Formalism
The analysis method supported by ADVISE relies on creat-
ing executable security models that can be solved using dis-
crete-event simulation to provide quantitative metrics. One
of the most significant features introduced by this formal-
ism is the precise characterization of the attacker (the
“adversary”) and the influence of its decisions on the final
measures of interest.
The specification of an ADVISE model is composed of
two parts: an Attack Execution Graph (AEG), describing
how the adversary can attack the system, and an adversary
profile, describing the characteristics of the attacker. An
AEG is a particular kind of attack graph comprising differ-
ent kinds of nodes: attack steps, access domains, knowledge
items, attack skills, and attack goals. Attack steps describe
the possible attacks that the adversary may attempt, while
the other elements describe items that can be owned by
attackers (e.g., intranet access). Each attack step requires a
certain combination of such items to be held by the adver-
sary; the set of what have been achieved by the adversary
defines the current state of the model. ADVISE attack steps
have also additional properties, which allow creating exe-
cutable models for quantitative analysis. The adversary pro-
file defines the set of items that are initially owned by the
adversary, as well as his proficiency in attack skills. The
adversary starts without having reached any goal, and
works towards them. To each attack goal it is assigned a
payoff value, which specifies the value that the adversary
assigns to reaching that goal. Three weights define the rela-
tive preference of the adversary in: i) maximizing the pay-
off, ii) minimizing costs, or iii) minimizing the probability
278 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 3, MAY/JUNE 2015
10. of being detected. Finally, the planning horizon defines the
number of steps in the future that the adversary is able to
take into account for his decisions; this value can be thought
to model the “smartness” of the adversary.
The ADVISE execution algorithm evaluates the reachable
states based on enabled attack steps, and selects the most
appealing to the adversary based on the above described
weights. The execution of the attack is then simulated, lead-
ing the model to a new state. Metrics are defined using
reward structures [14]. By means of the Rep/Join composi-
tion formalism [15] ADVISE models can be composed with
models expressed in other formalisms supported by the
M€obius framework, and in particular with stochastic activ-
ity networks [16] models.
6.2.3 Modeling Approach
The model that is used for the analysis combines an
ADVISE model, which takes into account the attackers’
behavior, and a SAN model, which models the evolution of
trust over time due to the continuous authentication proto-
col. Both models include a set of parameters, which allow
evaluating metrics under different conditions and perform-
ing sensitivity analysis. Protocol parameters used for the
analysis are reported in the upper labels of Figs. 13 and 14;
parameters describing attackers are shown in Table 1 and
their values are discussed in Section 6.2.4.
ADVISE model. The AEG of the ADVISE model is com-
posed of one attack goal, three attack steps, three attack
skills, and five access domains. Its graphical representation
is shown in Fig. 11, using the notation introduced in [12].
The only attack goal present in the model, “RenewSession”
represents the renewal of the session timeout by submitting
fresh biometric data to the CASHMA server.
To reach its goal, the attacker has at its disposal three
attack steps, each one representing the compromise of one
of the three biometric traits: “Compromise_Voice”,
“Compromise_Face”, and “Compromise_Fingerprint”.
Each of them requires the “SessionOpen” access domain,
which represents an already established session. The three
abilities of attackers are represented by three attack skills:
“SpoofingSkill”, “HackSkill” and “Lawfulness”.
The success probability of such attack steps is a combina-
tion of the spoofing skills of the attacker and the false non-
match rate (FNMR) of the involved biometric subsystem. In
fact, even if the attacker was able to perfectly mimic the
user’s biometric trait, reject would still be possible in case of
a false non-match of the subsystem. For example, the suc-
cess probability of the “Compromise_Voice” attack step is
obtained as:
FNMR VoiceÃ
ðSpoofingSkill - MarkðÞ=1; 000:0Þ;
where “FNMR_Voice” is the false non-match rate of the
voice subsystem, and SpoofingSkill ranges from a minimum
of 0 to a maximum of 1,000. It should be noted that the
actual value assigned to the spoofing skill is a relative value,
which also depends on the technological measures imple-
mented to constrast such attack. Based on the skill value,
the success probability ranges from 0 (spoofing is not possi-
ble) to the FNMR of the subsystem (the same probability of
a non-match for a “genuine” user). The time required to per-
form the attack is exponentially distributed, and its rate also
depends on attacker’ skills.
When one of the three attack step succeeds, the corre-
sponding “OK_X” access domain is granted to the attacker.
Owning one of such access domains means that the system
has correctly recognized the biometric data, and that it is
updating the global trust level; in this state all the attack
steps are disabled. A successful execution of the attack steps
also grants the attackers the “RenewSession” goal.
“LastSensor” access domain is used to record the last sub-
system that has been used for authentication.
SAN model. The SAN model in Fig. 12 models the man-
agement of session timeout and its extension through the
continuous authentication mechanism. The evolution of
trust level over time is modeled using the functions intro-
duced in Section 4.2; it should be noted that the model intro-
duced in this section can also be adapted to other functions
that might be used for realizing the protocol.
Fig. 11. AEG of the ADVISE model used for security evaluations.
TABLE 1
Attackers and Their Characteristics
Fig. 12. SAN model for the continuous authentication mechanism.
CECCARELLI ET AL.: CONTINUOUS AND TRANSPARENT USER IDENTITY VERIFICATION FOR SECURE INTERNET SERVICES 279
11. Place “SessionOpen” is shared with the ADVISE
model, and therefore it contains one token if the attacker
has already established a session (i.e., it holds the
“SessionOpen” access domain). The extended places
“LastTime” and “LastTrust” are used to keep track of the
last time at which the session timeout has been updated,
and the corresponding global trust level. These values cor-
respond, respectively, to the quantities t0 and gðt0Þ and
can therefore be used to compute the current global trust
level g(t). Whenever the session is renewed, the extended
place “AuthScore” is updated with the global trust level
PðSkÞ of the subsystem that has been used to renew the
session. The extended place “CurrentTimeout” is used to
store the current session timeout, previously calculated at
time t0. The activity “Timeout” models the elapsing of the
session timeout and it fires with a deterministic delay,
which is given by the value contained in the extended place
“CurrentTimeout”. Such activity is enabled only when the
session is open (i.e., place “SessionOpen” contains one
token). Places “OK_Voice”, “OK_Face” and
“OK_Fingerprint” are shared with the respective access
domains in the ADVISE model. Places “Voice_Consecutive”,
“Face_Consecutive”, and “Fingerprint_Consecutive” are
used to track the number of consecutive authentications per-
formed using the same biometric subsystem; this informa-
tion is used to evaluate the penalty function.
When place “OK_Voice” contains a token, the instanta-
neous activity “CalculateScore1” is enabled and fires; the
output gate “OGSCoreVoice” then sets the marking of place
“AuthScore” to the authentication score of the voice subsys-
tem, possibly applying the penalty. The marking of
“Voice_Consecutive” is then updated, while the count for
the other two biometric traits is reset. Finally, a token is
added in place “Update”, which enables the immediate
activity “UpdateTrust”. The model has the same behavior
for the other two biometric traits.
When the activity “UpdateTrust” fires, the gate
“OGTrustUpdate” updates the user trust level, which is
computed based on the values in places “LastTrust” and
“LastTime”, using (1). Using (3) the current user trust level
is then fused with the score of the authentication that is
being processed, which has been stored in place
“AuthScore”. Finally, the new timeout is computed using
(4) and the result is stored in the extended place
“CurrentTimeout”. The reactivation predicate of the activity
“Timeout” forces the resample of its firing time, and the
new session timeout value is therefore adopted.
Composed model. The ADVISE and SAN models are then
composed using the Join formalism [15]. Places
“SessionOpen”, “OK_Voice”, “OK_Face”, and “OK_Finger-
print” are shared with the corresponding access domains in
the ADVISE model. The attack goal “RenewSession” is
shared with place “RenewSession”.
6.2.4 Definition of Attackers
One of the main challenges in security analysis is the identi-
fication of possible human agents that could pose security
threats to information systems. The work in [17] defined a
Threat Agent Library (TAL) that provides a standardized
set of agent definitions ranging from government spies to
untrained employees. TAL classifies agents based on their
access, outcomes, limits, resources, skills, objectives, and
visibility, defining qualitative levels to characterize the dif-
ferent properties of attackers. For example, to characterize
the proficiency of attackers in skills, four levels are adopted:
“none” (no proficiency), “minimal” (can use existing techni-
ques), “operational” (can create new attacks within a nar-
row domain) and “adept” (broad expert in such
technology). The “Limits” dimension describes legal and
ethical limits that may constrain the attacker. “Resources”
dimension defines the organizational level at which an
attacker operates, which in turn determines the amount of
resources available to it for use in an attack. “Visibility”
describes the extent to which the attacker intends to hide its
identity or attacks.
Agent threats in the TAL can be mapped to ADVISE
adversary profiles with relatively low effort. The “access”
attribute is reproduced by assigning different sets of access
domains to the adversary; the “skills” attribute is mapped
to one or more attack skills; the “resources” attribute can be
used to set the weight assigned to reducing costs in the
ADVISE model. Similarly, “visibility” is modeled by the
weight assigned to the adversary in avoiding the possibility
of being detected. The attributes “outcomes” and
“objectives” are reproduced by attack goals, their payoff,
and the weight assigned to maximise the payoff. Finally, the
Fig. 14. Effect of varying the threshold gmin on the TMA attacker.Fig. 13. Effect of the continuous authentication mechanism on different
attackers.
280 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 3, MAY/JUNE 2015
12. “limits” attribute can be thought as a specific attack skill
describing the extent to which the attacker is prepared to
break the law. In this paper, it is represented by the
“Lawfulness” attack skill.
In our work we have abstracted four macro-agents that
summarize the agents identified in TAL, and we have
mapped their characteristics to adversary profiles in the
ADVISE formalism. To identify such macro-agents we first
have discarded those attributes that are not applicable to
our scenario; then we aggregated in a single agent those
attackers that after this process resulted in similar profiles.
Indeed, it should be noted that not all the properties are
applicable in our evaluation; most notably, “objectives” are
the same for all the agents, i.e., extending the session time-
out as much as possible. Similarly “outcome” is not
addressed since it depends upon the application to which
the CASHMA authentication service provides access. More-
over, in our work we consider hostile threat agents only (i.e.,
we do not consider agents 1, 2 and 3 in [17]), as opposed to
non-hostile ones, which include, for example, the
“Untrained Employee”.
The attributes of the four identified agents are summa-
rized in Table 1. As discussed in [17], names have the only
purpose to identify agents; their characteristics should be
devised from agent properties. “Adverse Organization”
(ORG) represents an external attacker, with government-
level resources (e.g., a terrorist organization or an adverse
nation-state entity), and having good proficiency in both
“Hack” and “Spoofing” skills. It intends to keep its identity
secret, although it does not intend to hide the attack itself. It
does not have particular limits, and is prepared to use vio-
lence and commit major extra-legal actions. This attacker
maps agents 6, 7, 10, 15, and 18 in [17].
“Technology Master Individual” (TMA) represents the
attacker for which the term “hacker” is commonly used: an
external individual having high technological skills, moder-
ate/low resources, and strong will in hide himself and its
attacks. This attacker maps agents 5, 8, 14, 16, and 21 in [17].
“Generic Individual” (GEN) is an external individual with
low skills and resources, but high motivation—either ratio-
nal or not—that may lead him to use violence. This kind of
attacker does not take care of hiding its actions. The GEN
attacker maps 4, 13, 17, 19, and 20 in [17]. Finally, the
“Insider” attacker (INS) is an internal attacker, having mini-
mal skill proficiency and organization-level resources; it is
prepared to commit only minimal extra-legal actions, and
one of its main concerns is avoiding him or its attacks being
detected. This attacker maps agents 9, 11, and 12 in [17].
6.2.5 Evaluations
The composed model has been solved using the discrete-
event simulator provided by the M€obius tool [15]. All the
measures have been evaluated by collecting at least 100.000
samples, and using a relative confidence interval of Æ1 %,
confidence level 99 percent. For consistency, the parameters
of the decreasing functions are the same as in Fig. 10 ðs ¼ 90
and k ¼ 0:003Þ; FMRs of subsystems are also the same used
in simulations of Section 5 (voice: 0.06, fingerprint: 0.03,
face: 0.05); for all subsystems, the FNMR has been assumed
to be equal to its FMR.
Results in Fig. 13 show the effectiveness of the algorithm
in contrasting the four attackers. The left part of the figure
depicts the measure PkðtÞ, while Tk is shown in the right
part. All the attackers maintain the session alive with prob-
ability 1 for about 60 time units. Such delay is given by the
initial session timeout, which depends upon the character-
istics of the biometric subsystems, the decreasing function
(1) and the threshold gmin. With the same parameters a simi-
lar value was obtained also in MAtlab simulations
described in Section 5 (see Fig. 10): from the highest value
of g(u,t), if no fresh biometric data is received, the global
trust level reaches the threshold in slightly more than 50
time units. By submitting fresh biometric data, all the four
attackers are able to renew the authentication and extend
the session timeout. The extent to which they are able to
maintain the session alive is based on their abilities and
characteristics.
The GEN attacker has about 40 percent probability of
being able to renew the authentication and on the average
he is able to maintain the session for 80 time units. More-
over, after 300 time units he has been disconnected by the
system with probability 1. The INS and ORG attackers are
able to renew the session for 140 and 170 time units on
the average, respectively, due to their greater abilities in the
spoofing skill. However, the most threatening agent is the
TMA attacker, which has about 90 percent chance to renew
the authentication and is able, on the average, to extend its
session up to 260 time units, which in this setup is more
than four times the initial session timeout. Moreover, the
probability that TMA is able to keep the session alive up to
30 time units is about 30 percent, i.e., on the average once
every three attempts the TMA attacker is able to extend the
session beyond 300 time units, which is roughly five times
the initial session timeout.
Possible countermeasures consist in the correct tuning of
algorithm parameters based on the attackers to which the
system is likely to be subject. As an example, Fig. 14 shows
the impact of varying the threshold gmin on the two meas-
ures of interest, PkðtÞ and Tk, with respect to the TMA
attacker. Results in the figure show that increasing the
threshold is an effective countermeasure to reduce the aver-
age time that the TMA attacker is able to keep the session
alive. By progressively increasing gmin the measure Tk
decreases considerably; this is due to both a reduced initial
session timeout, and to the fact that the attacker has less
time at his disposal to perform the required attack steps. As
shown in the figure, by setting the threshold to 0.95, the
probability that the TMA attacker is able to keep the session
alive beyond 300 time units approaches zero, while it is
over 30 percent when gmin is set to 0.9.
7 PROTOTYPE IMPLEMENTATION
The implementation of the CASHMA prototype includes
face, voice, iris, fingerprint and online dynamic handwritten
signature as biometric traits for biometric kiosks and PCs/
laptops, relying on on-board devices when available or
pluggable accessories if needed. On smartphones only face
and voice recognition are applied: iris recognition was dis-
carded due to the difficulties in acquiring high-quality iris
scans using the camera of commercial devices, and
CECCARELLI ET AL.: CONTINUOUS AND TRANSPARENT USER IDENTITY VERIFICATION FOR SECURE INTERNET SERVICES 281
13. handwritten signature recognition is impractical on most of
smartphones today available on market (larger displays are
required). Finally, fingerprint recognition was discarded
because few smartphones include a fingerprint reader. The
selected biometric traits (face and voice) suit the need to be
acquired transparently for the continuous authentication
protocol described.
A prototype of the CASHMA architecture is currently
available, providing mobile components to access a secured
web-application. The client is based on the Adobe Flash [19]
technology: it is a specific client, written in Adobe Actions
Script 3, able to access and control the on-board devices in
order to acquire the raw data needed for biometric authenti-
cation. In case of smartphones, the CASHMA client compo-
nent is realized as a native Android application (using the
Android SDK API 12). Tests were conducted on smart-
phones Samsung Galaxy S II, HTC Desire, HTC Desire HD
and HTC Sensation with OS Android 4.0.x. On average
from the executed tests, for the smartphones considered we
achieved FMR ¼ 2.58% for face recognition and FMR ¼ 10%
for voice. The dimensions of biometric data acquired using
the considered smartphones and exchanged are approxi-
mately 500 KB. As expected from such limited dimension of
the data, the acquisition, compression and transmission of
these data using the mentioned smartphones did not raise
issues on performance or communication bandwidth. In
particular, the time required to establish a secure session
and transmit the biometric data was deemed sufficiently
short to not compromise usability of the mobile device.
Regarding the authentication service, it runs on Apache
Tomcat 6 servers and Postgres 8.4 databases. The web serv-
ices are, instead, realized using the Jersey library (i.e., a
JAX-RS/JSR311 Reference Implementation) for building
RESTful web services.
Finally, the example application is a custom portal devel-
oped as a Rich Internet Application using Sencha ExtJS 4
JavaScript framework, integrating different external online
services (e.g., Gmail, Youtube, Twitter, Flickr) made accessi-
ble dynamically following the current trust value of the con-
tinuous authentication protocol.
8 CONCLUDING REMARKS
We exploited the novel possibility introduced by biometrics
to define a protocol for continuous authentication that
improves security and usability of user session. The proto-
col computes adaptive timeouts on the basis of the trust
posed in the user activity and in the quality and kind of bio-
metric data acquired transparently through monitoring in
background the user’s actions.
Some architectural design decisions of CASHMA are
here discussed. First, the system exchanges raw data and
not the features extracted from them or templates, while
cripto-token approaches are not considered; as debated in
Section 3.1, this is due to architectural decisions where the
client is kept very simple. We remark that our proposed
protocol works with no changes using features, templates
or raw data. Second, privacy concerns should be addressed
considering National legislations. At present, our prototype
only performs some checks on face recognition, where only
one face (the biggest one rusting from the face detection
phase directly on the client device) is considered for identity
verification and the others deleted. Third, when data is
acquired in an uncontrolled environment, the quality of bio-
metric data could strongly depend on the surroundings.
While performing a client-side quality analysis of the data
acquired would be a reasonable approach to reduce compu-
tational burden on the server, and it is compatible with our
objective of designing a protocol independent from quality
ratings of images (we just consider a sensor trust), this goes
against the CASHMA requirement of having a light client.
We discuss on usability of our proposed protocol. In our
approach, the client device uses part of its sensors exten-
sively through time, and transmits data on the Internet.
This introduces problematic of battery consumption,
which has not been quantified in this paper: as discussed
in Section 7, we developed and exercised a prototype to
verify the feasibility of the approach but a complete assess-
ment of the solution through experimental evaluation is
not reported. Also, the frequency of the acquisition of bio-
metric data is fundamental for the protocol usage; if bio-
metric data are acquired too much sparingly, the protocol
would be basically useless. This mostly depends on the
profile of the client and consequently on his usage of the
device. Summarizing, battery consumption and user pro-
file may constitute limitations to our approach, which in
the worst case may require to narrow the applicability of
the solution to specific cases, for example, only when
accessing specific websites and for a limited time window,
or to grant access to restricted areas (see also the examples
in Section 3.2). This characterization has not been investi-
gated in this paper and constitute part of our future work.
It has to be noticed that the functions proposed for the
evaluation of the session timeout are selected amongst a very
large set of possible alternatives. Although in literature we
could not identify comparable functions used in very similar
contexts, we acknowledge that different functions may be
identified, compared and preferred under specific condi-
tions or users requirements; this analysis is left out as goes
beyond the scope of the paper, which is the introduction of
the continuous authentication approach for Internet services.
ACKNOWLEDGMENTS
This work was partially supported by the Italian MIUR
through the projects FIRB 2005 CASHMA (DM1621 18 July
2005) and PRIN 2010-3P34XC TENACE.
REFERENCES
[1] CASHMA-Context Aware Security by Hierarchical Multilevel
Architectures, MIUR FIRB, 2005.
[2] L. Hong, A. Jain, and S. Pankanti, “Can Multibiometrics Improve
Performance?” Proc. Workshop on Automatic Identification Advances
Technologies (AutoID ’99) Summit, pp. 59-64, 1999.
[3] S. Ojala, J. Keinanen, and J. Skytta, “Wearable Authentication
Device for Transparent Login in Nomadic Applications Envi-
ronment,” Proc. Second Int’l Conf. Signals, Circuits and Systems
(SCS ’08), pp. 1-6, Nov. 2008.
[4] BioID “Biometric Authentication as a Service (BaaS),” BioID Press
Release, https://www.bioid.com, Mar. 2011.
[5] T. Sim, S. Zhang, R. Janakiraman, and S. Kumar, “Continuous
Verification Using Multimodal Biometrics,” IEEE Trans. Pattern
Analysis and Machine Intelligence, vol. 29, no. 4, pp. 687-700, Apr.
2007.
282 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 3, MAY/JUNE 2015
14. [6] L. Montecchi, P. Lollini, A. Bondavalli, and E. La Mattina,
“Quantitative Security Evaluation of a Multi-Biometric Authenti-
cation System,” Proc. Int’l Conf. Computer Safety, Reliability and
Security, pp. 209-221, 2012.
[7] S. Kumar, T. Sim, R. Janakiraman, and S. Zhang, “Using Continu-
ous Biometric Verification to Protect Interactive Login Sessions,”
Proc. 21st Ann. Computer Security Applications Conf. (ACSAC ’05),
pp. 441-450, 2005.
[8] A. Altinok and M. Turk, “Temporal Integration for Continuous
Multimodal Biometrics,” Proc. Workshop Multimodal User Authenti-
cation, pp. 11-12, 2003.
[9] C. Roberts, “Biometric Attack Vectors and Defences,” Computers
Security, vol. 26, no. 1, pp. 14-25, 2007.
[10] S.Z. Li and A.K. Jain, Encyclopedia of Biometrics. first ed., Springer,
2009.
[11] U. Uludag and A.K. Jain, “Attacks on Biometric Systems: A Case
Study in Fingerprints,” Proc. SPIE-EI 2004, Security, Steganography
and Watermarking of Multimedia Contents VI, vol. 5306, pp. 622-633,
2004.
[12] E. LeMay, W. Unkenholz, D. Parks, C. Muehrcke, K. Keefe, and
W.H. Sanders, “Adversary-Driven State-Based System Security
Evaluation,” Proc. the Sixth Int’l Workshop Security Measurements
and Metrics (MetriSec ’10), pp. 5:1-5:9, 2010.
[13] O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing,
“Automated Generation and Analysis of Attack Graphs,” Proc.
IEEE Symp. Security and Privacy, pp. 273-284, 2002.
[14] D.M. Nicol, W.H. Sanders, and K.S. Trivedi, “Model-Based Evalu-
ation: From Dependability to Security,” IEEE Trans. Dependable
and Secure Computing, vol. 1, no. 1, pp. 48-65, Jan.-Mar. 2004.
[15] T. Courtney, S. Gaonkar, L. Keefe, E.W.D. Rozier, and W.H.
Sanders, “M€obius 2.3: An Extensible Tool for Dependability,
Security, and Performance Evaluation of Large and Complex
System Models,” Proc. IEEE/IFIP Int’l Conf. Dependable Systems
Networks (DSN ’09), pp. 353-358, 2009.
[16] W.H. Sanders and J.F. Meyer, “Stochastic Activity Networks: For-
mal Definitions and Concepts,” Lectures on Formal Methods and Per-
formance Analysis, pp. 315-343, Springer-Verlag, 2002.
[17] T. Casey, “Threat Agent Library Helps Identify Information Secu-
rity Risks,,” White Paper, Intel Corporation, Sept. 2007.
[18] A. Ceccarelli, A. Bondavalli, F. Brancati, and E. La Mattina,
“Improving Security of Internet Services through Continuous and
Transparent User Identity Verification,” Proc. Int’l Symp. Reliable
Distributed Systems (SRDS), pp. 201-206, Oct. 2012.
[19] Adobe Products List, http://www.adobe.com/products, 2014.
[20] T.F. Dapp, “Growing Need for Security in Online Banking: Bio-
metrics Enjoy Remarkable Degree of Acceptance,,” Banking
Technology Snapshot, DB Research, Feb. 2012.
[21] A.K. Jain, A. Ross, and S. Pankanti, “Biometrics: A Tool for Infor-
mation Security,” IEEE Trans. Information Forensics and Security,
vol. 1, no. 2, pp. 125-143, June 2006.
[22] L. Allano, B. Dorizzi, and S. Garcia-Salicetti, “Tuning Cost and
Performance in Multi-Biometric Systems: A Novel and Consistent
View of Fusion Strategies Based on the Sequential Probability
Ratio Test (SPRT),” Pattern Recognition Letters, vol. 31, no. 9,
pp. 884-890, 2010.
[23] S. Evans and J. Wallner, “Risk-Based Security Engineering
through the Eyes of the Adversary,” Proc. the IEEE Workshop Infor-
mation Assurance, pp. 158-165, June 2005.
[24] M. Afzaal, C. Di Sarno, L. Coppolino, S. D’Antonio, and L.
Romano, “A Resilient Architecture for Forensic Storage of Events
in Critical Infrastructures,” Proc. Int’l Symp. High-Assurance Sys-
tems Eng. (HASE), pp. 48-55, 2012.
[25] M. Cinque, D. Cotroneo, R. Natella, and A. Pecchia, “Assessing
and Improving the Effectiveness of Logs for the Analysis of Soft-
ware faults,” Proc. Int’l Conf. Dependable Systems and Networks
(DSN), pp. 457-466, 2010.
[26] N. Mendes, A.A. Neto, J. Duraes, M. Vieira, and H. Madeira,
“Assessing and Comparing Security of Web Servers,” Proc. IEEE
Int’l Symp. Dependable Computing (PRDC), pp. 313-322, 2008.
[27] L. Montecchi, N. Nostro, A. Ceccarelli, G. Vella, A. Caruso, and
A. Bondavalli, “Model-based evaluation of scalability and security
tradeoffs: A case study on a multi-service platform,” Electronic
Notes in Theoretical Computer Science, vol. 310, pp. 113–133, 2015.
Andrea Ceccarelli received the bachelor’s and
master’s degrees in computer science, and the
PhD degree in informatics and automation engi-
neering from the University of Firenze, Italy,
respectively, in 2006, 2008, and 2012. He is cur-
rently a research associate at the same depart-
ment. He published in international conferences
and journals and has served in the Program
Committee of International Conferences and
Workshops.
Leonardo Montecchi received the bachelor’s
and master’s degrees in computer science from
the University of Florence, Italy, in 2007 and
2010, respectively, where he is currently working
toward the PhD degree in the “Computer Science,
Systems and Telecommunications” program.
Francesco Brancati received the MS degree in
computer science and the PhD degree in infor-
matics and applications from the University of
Firenze in 2008 and 2012, respectively. During
the PhD degree his research interests has been
in the design and the experimental evaluation of
resilient systems with particular focus on monitor-
ing system uncertainties in time perception. After
the PhD degree he joined Resiltech s.r.l., where
he currently coordinates the RD activities.
Paolo Lollini received the laurea degree, and
the PhD degree in computer science from the
University of Florence, Italy, in 2001, and 2005,
respectively, where since 2006 he has been a
research associate at the Mathematics and Com-
puter Science Department. He is currently a pub-
lication chair of IEEE SRDS 2013, and a local
organizing chair of SAFECOMP 2014.
Angelo Marguglio graduated as a doctor with
laude in computer engineering from the University
of Palermo, he has been working in the RD Lab
for Engineering Ingegneria Informatica S.p.A.
since 2006 as part of the Intelligence Systems
Unit. He is currently a senior researcher at the
same laboratory.
Andrea Bondavalli (M’03) received the MS
degree in computer science from the University of
Pisa, in 1986. He has been a researcher with the
Italian CNR, and is currently a professor at the
University of Florence. He is a member of the edi-
torial board of the IJCCBS journal and the chair of
the steering committee of the IEEE SRDS. He
served as a program chair and as a general chair
of the most important conferences in Dependable
Computing and the conference coordinator of
IEEE DSN 2009. He is a member of the IEEE.
For more information on this or any other computing topic,
please visit our Digital Library at www.computer.org/publications/dlib.
CECCARELLI ET AL.: CONTINUOUS AND TRANSPARENT USER IDENTITY VERIFICATION FOR SECURE INTERNET SERVICES 283