A. Ceccarelli, A. Bondavalli, F. Brancati, Ernesto La Mattina
{"title":"通过持续和透明的用户身份验证提高互联网服务的安全性","authors":"A. Ceccarelli, A. Bondavalli, F. Brancati, Ernesto La Mattina","doi":"10.1109/SRDS.2012.38","DOIUrl":null,"url":null,"abstract":"Session management in distributed Internet services is traditionally based on username and password, and explicit logouts and timeouts that expire due to idle activity of the user. Emerging biometric solutions allow substituting username and password with biometric data, but still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by biometrics for the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts selected on the basis of the quality, frequency and type of biometric data acquired transparently from the user. Protocol behavior is shown through simulations.","PeriodicalId":447700,"journal":{"name":"2012 IEEE 31st Symposium on Reliable Distributed Systems","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"Improving Security of Internet Services through Continuous and Transparent User Identity Verification\",\"authors\":\"A. Ceccarelli, A. Bondavalli, F. Brancati, Ernesto La Mattina\",\"doi\":\"10.1109/SRDS.2012.38\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Session management in distributed Internet services is traditionally based on username and password, and explicit logouts and timeouts that expire due to idle activity of the user. Emerging biometric solutions allow substituting username and password with biometric data, but still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by biometrics for the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts selected on the basis of the quality, frequency and type of biometric data acquired transparently from the user. Protocol behavior is shown through simulations.\",\"PeriodicalId\":447700,\"journal\":{\"name\":\"2012 IEEE 31st Symposium on Reliable Distributed Systems\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE 31st Symposium on Reliable Distributed Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SRDS.2012.38\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE 31st Symposium on Reliable Distributed Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SRDS.2012.38","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Improving Security of Internet Services through Continuous and Transparent User Identity Verification
Session management in distributed Internet services is traditionally based on username and password, and explicit logouts and timeouts that expire due to idle activity of the user. Emerging biometric solutions allow substituting username and password with biometric data, but still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by biometrics for the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts selected on the basis of the quality, frequency and type of biometric data acquired transparently from the user. Protocol behavior is shown through simulations.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
