CALIPER: Continuous Authentication Layered with Integrated PKI Encoding Recognition

Architectures relying on continuous authentication require a secure way to challenge the user's identity without trusting that the Continuous Authentication Subsystem (CAS) has not been compromised, i.e., that the response to the layer which manages service/application access is not fake. In this paper, we introduce the CALIPER protocol, in which a separate Continuous Access Verification Entity (CAVE) directly challenges the user's identity in a continuous authentication regime. Instead of simply returning authentication probabilities or confidence scores, CALIPER's CAS uses live hard and soft biometric samples from the user to extract a cryptographic private key embedded in a challenge posed by the CAVE. The CAS then uses this key to sign a response to the CAVE. CALIPER supports multiple modalities, key lengths, and security levels and can be applied in two scenarios: One where the CAS must authenticate its user to a CAVE running on a remote server (device-server) for access to remote application data, and another where the CAS must authenticate its user to a locally running trusted computing module (TCM) for access to local application data (device-TCM). We further demonstrate that CALIPER can leverage device hardware resources to enable privacy and security even when the device's kernel is compromised, and we show how this authentication protocol can even be expanded to obfuscate direct kernel object manipulation (DKOM) malwares.Comment: Accepted to CVPR 2016 Biometrics Worksho

Fulltime biometric mouse design for continuous authentication

As we embrace the information and communication technology in our everyday activities and day-to-day transactions, security concerns have increasingly come to light, especially in some of the critical areas of our society today such as education, health and commerce, where such security concerns are even higher. The need for complete and clear authentication and authorisation is of paramount importance. This paper explores andpresents the optimal use of full-time biometric mouse (FBM) for continuous authentication, which would not only enable authentication during log in and start of an application, but will enable continuous authentication throughout a transaction. We formulate a full-time biometric mouse (FBM) design that would ensure thumb positioning and its  ergonomics while ensuring comfort and maximum contact with the scanner to enable continuous authentication of the user in a speedy, easy and non-strenuous way. The mouse employs a simple algorithm that ensures quick operation to cut on possible delays and yet maintain the accuracy of the system

Emerging Session Management and Secured User Access Control for Internet services

These days, it ends up open worry to give greater security to web services. Along these lines, secure user authentication is the central undertaking in security frameworks. Customarily, the greater part of the frameworks depend on sets of username and password which checks the character of user just at login stage. Once the user is related to username and password, no checks are performed promote amid working sessions. Yet, developing biometric arrangements substitutes the username and password with biometric data of user. In such approach still single shot check is less effective on the grounds that the personality of user is lasting amid entire session. Subsequently, an essential arrangement is to utilize brief time of timeouts for every session and intermittently ask for the user to enter his qualifications again and again. Be that as it may, this is anything but an appropriate arrangement since it intensely influences the administration ease of use and at last the fulfillment of users. This paper explores the framework for continuous authentication of user utilizing his qualifications, for example, biometric characteristics. The utilization of continuous biometric authentication framework gets accreditations without expressly advising the user or requiring user connection that is, transparently which is important to ensure better execution and administration ease of use

The Abundant User Verification and Authentication for Ensured Internet Services

In These days, it turn out to be an open concern to give superior security to web services. In this way, secure user authentication is the principal assignment in security frameworks. Generally, the vast majority of the frameworks depend on sets of username and password which verifies the identity of user just at login stage. Once the user is related to username and password, no checks are performed encourage amid working sessions We investigate the nonstop user verification for the protected web services utilizing biometrics in the session service No checks are performed amid working sessions, which are terminated by an express logout or lapse after a sit action time of the user However a solitary verification step is still esteemed adequate, and the identity of a user is viewed as permanent amid the whole session. Also, the static length of the session timeout may effect on the ease of use of the service and ensuing customer fulfillment. This paper investigates promising choices offered by applying biometrics in the service of sessions. A safe convention is characterized for interminable authentication through persistent user verification. At last, the utilization of biometric authentication enables accreditations to be procured straightforwardly i.e. without unequivocally advising the user or requiring his association, which is basic to ensure better service ease of use

WoX+: A Meta-Model-Driven Approach to Mine User Habits and Provide Continuous Authentication in the Smart City

The literature is rich in techniques and methods to perform Continuous Authentication (CA) using biometric data, both physiological and behavioral. As a recent trend, less invasive methods such as the ones based on context-aware recognition allows the continuous identification of the user by retrieving device and app usage patterns. However, a still uncovered research topic is to extend the concepts of behavioral and context-aware biometric to take into account all the sensing data provided by the Internet of Things (IoT) and the smart city, in the shape of user habits. In this paper, we propose a meta-model-driven approach to mine user habits, by means of a combination of IoT data incoming from several sources such as smart mobility, smart metering, smart home, wearables and so on. Then, we use those habits to seamlessly authenticate users in real time all along the smart city when the same behavior occurs in different context and with different sensing technologies. Our model, which we called WoX+, allows the automatic extraction of user habits using a novel Artificial Intelligence (AI) technique focused on high-level concepts. The aim is to continuously authenticate the users using their habits as behavioral biometric, independently from the involved sensing hardware. To prove the effectiveness of WoX+ we organized a quantitative and qualitative evaluation in which 10 participants told us a spending habit they have involving the use of IoT. We chose the financial domain because it is ubiquitous, it is inherently multi-device, it is rich in time patterns, and most of all it requires a secure authentication. With the aim of extracting the requirement of such a system, we also asked the cohort how they expect WoX+ will use such habits to securely automatize payments and identify them in the smart city. We discovered that WoX+ satisfies most of the expected requirements, particularly in terms of unobtrusiveness of the solution, in contrast with the limitations observed in the existing studies. Finally, we used the responses given by the cohorts to generate synthetic data and train our novel AI block. Results show that the error in reconstructing the habits is acceptable: Mean Squared Error Percentage (MSEP) 0.04%