Está en la página 1de 60

Transparent And Constant Secure Service For User Identity Verification

Using Biometrics

ABSTRACT

Secure user authentication is key in most of contemporary ICT systems. User authentication
systems square measure historically supported pairs of username and secret and verify the
identity of the user solely at login section. No checks square measure performed throughout
operating sessions, that square measure terminated by a precise logout or expire once associate
degree idle activity amount of the user. Security of web-based applications may be a serious
concern, as a result of the recent increase within the frequency and complexness of cyber-
attacks; biometric techniques supply rising answer for secure and sure authentication, wherever
username and secret square measure replaced by biometric information. However, parallel to the
spreading usage of biometric systems, the motivation in their misuse is additionally growing,
particularly considering their potential application within the money and banking sectors.

To timely notice misuses of laptop resources and stop that associate degree unauthorized user
maliciously replaces a licensed one, solutions supported multi-modal biometric continuous
authentication square measure planned, turning user verification into a nonstop method instead
of a erstwhile incidence. To avoid that one biometric attribute is solid; statistics authentication
will suppose multiple statistics traits. Finally, the utilization of biometric identification permits
credentials to be no inheritable transparently. Such ancient authentication approaches impair
usability for increased security, and supply no solutions against forgery or stealing of passwords.

We are implementing a new approach for user verification and session management that's
applied within the Context Aware Security by hierarchic structure design system for secure
biometric identification on the web. CASHMA is in a position to control firmly with any quite
internet service, as well as services with high security demands as on-line banking services, and
it's meant to be used from completely different consumer devices. Counting on the preferences
and needs of the owner of the net service, the CASHMA authentication service will complement
a standard authentication service, or we are able to replace it. we tend to exploit the novel chance
introduced by statistics to outline a protocol for continuous authentication that improves security
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

and value of user session. The protocol computes adaptative timeouts on the premise of the trust
expose within the user activity and within the quality and type of biometric information no
inheritable transparently through watching in background the users actions.

CHAPTER 2
LITERATURE SURVEY

1) Quantitative Security Evaluation of a Multi-Biometric Authentication

System

AUTHORS: L. Montecchi, P. Lollini, A. Bondavalli, and E. La Mattina,

Biometric authentication systems verify the identity of users by counting on their


distinctive traits, like fingerprint, face, iris, signature, voice, etc. statistics is often
perceived as a powerful authentication method; in apply many well-known
vulnerabilities exist, and security aspects ought to be rigorously thought-about,
particularly once it's adopted to secure the access to applications dominant
essential systems and infrastructures. During this paper we tend to perform a
quantitative security analysis of the CASHMA multi-biometric authentication
system, assessing the safety provided by totally different system configurations
against attackers with different capabilities. The analysis is performed
victimization the ADVISE modeling formalism, a formalism for security analysis
that extends attack graphs; it permits to mix data on the system, the offender, and
therefore the metrics of interest to supply quantitative results. The obtained results
offer helpful insight on the safety offered by the various system configurations, and
demonstrate the feasibleness of the approach to model security threats and
countermeasures in real eventualities.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

2) Model-based evaluation of scalability and security tradeoffs: A case study


on a multi-service platform

AUTHORS: L. Montecchi, N. Nostro, A. Ceccarelli, G. Vella, A. Caruso, and


A. Bondavalli
Current ICT infrastructures square measure characterised by increasing needs of
irresponsibleness, security, performance, convenience, ability. A relevant issue is
described by the measurability of the system with regard to the increasing range of
users and applications, therefore requiring a careful orientating of resources. What
is more, new security problems to be long-faced arise from exposing applications
and information to the web, therefore requiring associate degree attentive analysis
of potential threats and therefore the identification of stronger security mechanisms
to be enforced, which can manufacture a negative impact on system performance
and measurability properties. The paper presents a model-based analysis of
measurability and security tradeoffs of a multi-service web-based platform, by
evaluating however the introduction of security mechanisms could cause a
degradation of performance properties. The analysis focuses on the OPENNESS
platform, a web-based platform providing completely different quite services, to
completely different classes of users. The analysis aims at characteristic the
bottlenecks of the system, underneath completely different configurations, and
assesses the impact of security countermeasures that were known by a radical
threat analysis activity antecedently disbursed on the target system. The modeling
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

activity has been disbursed victimization the random Activity Networks (SANs)
formalism, creating full use of its characteristics of modularity and reusability. The
analysis model is complete through the composition of a group of predefined guide
models, that facilitates the development of the general system model, and therefore
the analysis of various configuration by composing them in numerous ways that.

3) Attacks on Biometric Systems: A Case Study in Fingerprints


AUTHORS: U. Uludag and A.K. Jain
In spite of various blessings of biometrics-based personal authentication systems
over ancient security systems supported token or data, they're prone to attacks that
may decrease their security significantly. During this paper, we tend to analyze
these attacks within the realm of a fingerprint biometric system. We tend to
propose associate degree attack system that uses a hill rising procedure to
synthesize the target item templates and valuate its feasibleness with intensive
experimental results conducted on oversized fingerprint info. many measures that
may be utilized to decrease the chance of such attacks and their ramifications also
are conferred.

4) Automated Generation and Analysis of Attack Graphs


AUTHORS: O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing
An integral a part of modeling the worldwide read of network security is
constructing attack graphs. Manual attack graph construction is tedious, erring, and
impractical for attack graphs larger than 100 nodes. During this paper we tend to
gift an automatic technique for generating and analyzing attack graphs. We tend to
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

base our technique on symbolic model checking algorithms, belongings North


American country construct attack graphs mechanically and with efficiency. We
tend to additionally describe 2 analyses to assist decide that attacks would be most
cost-efficient to protect against. We tend to enforced our technique in an
exceedingly tool suite and tested it on satiny low network example, which
incorporates models of a firewall associate degreed an intrusion detection system.

5) Risk-Based Security Engineering through the Eyes of the Adversary


AUTHORS: S. Evans and J. Wallner

Today, security engineering for complicated systems is often done as a poster hoc
method. Taking a risk-based security engineering approach replaces today's
impromptu ways with a additional rigorous and disciplined approach that uses a
multi-criterion call model. This approach builds on existing techniques for
desegregation risk analysis with classical systems engineering. A ensuing security
metric are often compared with price and performance metrics in creating
engineering trade-off choices.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

INTRODUCTION
Secure Computing

Computer security (Also referred to as cyber security or IT Security) is data


security as applied to computers and networks. The sphere covers all the processes
and mechanisms by that computer-based instrumentation, data and services square
measure protected against unplanned or unauthorized access, modification or
destruction. Laptop security additionally includes protection from unplanned
events and natural disasters. Otherwise, within the industry, the term security -- or
the phrase laptop security -- refers to techniques for guaranteeing that information
hold on in an exceedingly laptop cannot be browse or compromised by any people
while not authorization. Most laptop security measures involve encryption and
passwords. Encryption is that the translation of information into a type that's
unintelligible whiles not a deciphering mechanism. A secret may be a secret word
or phrase that offers a user access to a selected program or system.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Diagram clearly explain the about the secure computing

Working conditions and basic needs in the secure computing:

If you do not take basic steps to guard your work laptop, you set it and every one
the knowledge thereon in danger. Youll doubtless compromise the operation of
different computers on your organization's network, or maybe the functioning of
the network as a full.

1. Physical security:
Technical measures like login passwords, anti-virus square measure
essential. (More concerning those below) but, a secure physical area is that
the 1st and additional necessary line of defense.
Is the place you retain your work laptop secure enough to stop stealing or
access to that whereas you're away? Whereas the safety Department
provides coverage across the center, it solely takes seconds to steal a laptop,
significantly a conveyable device sort of a portable computer or a personal
organizer. A laptop ought to be secured like all different valuable possession
once you don't seem to be gift.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Human threats don't seem to be the sole concern. Computers are often
compromised by environmental mishaps (e.g., water, coffee) or physical
trauma. Make certain the physical location of your laptop takes account of
these risks yet.
2. Access passwords:
The University's networks and shared data systems square measure protected
partially by login credentials (user-IDs and passwords). Access passwords
also are a vital protection for private computers in most circumstances.
Offices square measure sometimes open and shared areas, thus physical
access to computers cannot be utterly controlled.
To protect your laptop, you must take into account setting passwords for
significantly sensitive applications resident on the pc (e.g., information
analysis software), if the package provides that capability.

3. Prying eye protection:

Because we tend to take care of all sides of clinical, research, instructional and
body information here on the medical field, it's necessary to try to everything
potential to reduce exposure of information to unauthorized people.

4. Anti-virus software:

Up-to-date, properly designed anti-virus package is important. whereas we've


server-side anti-virus package on our network computers, you continue to want it
on the consumer aspect (your computer).

5. Firewalls:
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Anti-virus merchandise examines files on your laptop and in email. Firewall


package and hardware monitor communications between your laptop and therefore
the outside world. Thats essential for any networked laptop.

6. Software updates:

It is essential to stay package up thus far, particularly the software system, anti-
virus and anti-spyware, email and browser package. the latest versions can contain
fixes for discovered vulnerabilities.

Almost all anti-virus have automatic update options (including SAV). Keeping the
"signatures" (digital patterns) of malicious package detectors up-to-date is
important for this merchandise to be effective.

7. Keep secure backups:

Even if you are taking of these security steps, unhealthy things will still happen. Be
ready for the worst by creating backup copies of essential information, and keeping
those backup copies in an exceedingly separate, secure location. for instance, use
supplemental arduous drives, CDs/DVDs, or flash drives to store essential, hard-to-
replace information.

8. Report problems:

If you think that your laptop or any information thereon has been compromised,
your ought to create a data security incident report. that's needed by University
policy for all information on our systems, and de jure needed for health, education,
money and the other quite record containing place able personal data
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Benefits of secure computing:

Protect yourself - Civil liability:


You may be control de jure prone to compensate a 3rd party ought to the
expertise money injury or distress as a results of their personal information
being taken from you or leaked by you

Protect your credibility - Compliance:


You may need complaisance with the info Protection Act, the FSA, SOX or
different restrictive standards. Every of those bodies stipulates that bound
measures be taken to guard the info on your network
Protect your reputation Spam:
A common use for infected systems is to affix them to a botnet (a assortment
of infected machines that takes orders from a command server) and use them
to channelize spam. This spam is often derived back to you, your server might
be blacklisted and you'll be unable to send email.
Protect your income - Competitive advantage:
There square measure variety of hackers-for-hire advertising their services
on the web commercialism their skills in breaking into companys servers to
steal consumer databases, proprietary package, merger and acquisition data,
personnel detail set al.
Protect your business Blackmail:
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

A seldom-reported supply of financial gain for hackers is tiebreak into your


server, modification all of your passwords and lock you out of it. The secret is
then sold-out back to you. Note: the hackers could implant a backdoor
program on your server in order that {they can they can theyll} repeat the
exercise at will.
Protect your investment - Free storage:
Your servers hard drive area is employed (or sold-out on) to accommodate the
hacker's video clips, music collections, pirated package or worse. Your server
or laptop then becomes endlessly slow and your web affiliation speeds
deteriorate as a result of the amount of individuals connecting to your server so
as to transfer the offered wares.

Software Environment

Java Technology

Java technology is both a programming language and a platform.

The Java Programming Language

The Java programming language is a high-level language that can be


characterized by all of the following buzzwords:

Simple
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Architecture neutral
Object oriented
Portable
Distributed
High performance
Interpreted
Multithreaded
Robust
Dynamic
Secure

With most programming languages, you both compile or interpret software so that you
could run it in your computer. The Java programming language is individual in that a program
is both compiled and interpreted. With the compiler, first you translate software into an
intermediate language known as Java byte codes the platform-independent codes interpreted
by means of the interpreter on the Java platform. The interpreter parses and runs every Java
byte code guide on the laptop. Compilation occurs just as soon as; interpretation happens
whenever the software is executed. The next determine illustrates how this works.

You can suppose of Java byte codes because the computer code recommendations for the
Java virtual computing device (Java VM). Every Java interpreter, whether or not its a progress
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

instrument or a web browser that can run applets, is an implementation of the Java VM. Java
byte codes support makes write as soon as, run anyplace viable. That you may assemble your
application into byte codes on any platform that has a Java compiler. The byte codes can then be
run on any implementation of the Java VM. That means that so long as a laptop has a Java VM,
the identical program written within the Java programming language can run on windows 2000,
a Solaris workstation, or on an iMac.

The Java Platform


A platform is the hardware or software environment where a application runs.
Weve already recounted probably the most general structures like home windows 2000,
Linux, Solaris, and Mac OS. Most structures will also be described as a mixture of the
operating method and hardware. The Java platform differs from most different structures
in that its a application-only platform that runs on prime of different hardware-founded
platforms.

The Java platform has two components:


The Java Virtual Machine (Java VM)
The Java Application Programming Interface (Java API)
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Youve already been introduced to the Java VM. Its the base for the Java platform
and is ported onto various hardware-based platforms.

The Java API is a gigantic collection of able-made application add-ons that furnish many
priceless capabilities, comparable to graphical consumer interface (GUI) widgets. The Java API
is grouped into libraries of associated courses and interfaces; these libraries are often called
programs. The subsequent part, what Can Java technology Do? Highlights what functionality
probably the most packages within the Java API provide.
The next figure depicts software thats walking on the Java platform. As the figure
suggests, the Java API and the virtual computer insulate the software from the hardware.

Native code is code that after you compile it, the compiled code runs on a particular hardware
platform. As a platform-unbiased environment, the Java platform can be a bit slower than native
code. Nevertheless, clever compilers, good-tuned interpreters, and simply-in-time byte code
compilers can deliver performance practically that of native code without threatening portability.

What Can Java Technology Do?

The most original varieties of applications written in the Java programming language are applets
and purposes. If you happen trove surfed the web, youre traditionally already familiar with
applets. An apple is software that adheres to certain conventions that enable it to run within a
Java-enabled browser.
However, the Java programming language isn't just for writing cute, unique applets for the
online. The final-intent, excessive-stage Java programming language can be a powerful program
platform. Utilizing the generous API, which you can write many forms of applications.
An application is a standalone application that runs immediately on the Java platform. A
distinctive type of utility often called a server serves and supports purchasers on a community.
Examples of servers are net servers, proxy servers, mail servers, and print servers. A further
specialized program is a servlet. A servlet can almost be suggestion of as an applet that runs on
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

the server part. Java Servlets are a general option for building interactive internet applications,
replacing the usage of CGI scripts. Servlets are much like applets in that they're runtime
extensions of applications. Alternatively of working in browsers, though, servlets run within Java
internet servers, configuring or tailoring the server.
How does the API help all most of these programs? It does so with packages of program
add-ons that supplies a large variety of functionality. Every full implementation of the
Java platform gives you the next features:
The essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
Applets: The set of conventions used by applets.
Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram
Protocol) sockets, and IP (Internet Protocol) addresses.
Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be displayed
in the appropriate language.
Security: Both low level and high level, including electronic signatures, public
and private key management, access control, and certificates.
Software components: Known as JavaBeansTM, can plug into existing
component architectures.
Object serialization: Allows lightweight persistence and communication via
Remote Method Invocation (RMI).
Java Database Connectivity (JDBCTM): Provides uniform access to a wide
range of relational databases.
The Java platform also has APIs for 2nd and 3-d images, accessibility, servers,
collaboration, telephony, speech, animation, and greater. the subsequent discern depicts
what is blanketed inside the Java 2 SDK.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

ODBC

Microsoft Open Database Connectivity (ODBC) is a typical programming interface for software
developers and database systems vendors. Before ODBC grew to become a de facto ordinary for
home windows programs to interface with database systems, programmers had to use
proprietary languages for each and every database they wanted to connect with. Now, ODBC
has made the alternative of the database approach practically irrelevant from a coding
perspective, which is appropriately. Software builders have way more foremost things to worry
about than the syntax that is wanted to port their program from one database to yet another
when industry desires out of the blue exchange.

By way of the ODBC Administrator in manipulate Panel, which you could specify the targeted
database that's related to an information source that an ODBC application software is written to
make use of. Consider of an ODBC data source as a door with a name on it. Each door will lead
you to a distinctive database. For illustration, the info supply named income Figures possibly a
SQL Server database, whereas the debts Payable information source could refer to an access
database. The physical database noted by means of an information supply can live anyplace on
the LAN.

The ODBC system files usually are not hooked up for your system by windows ninety five.
Instead, they're hooked up while you setup a separate database application, equivalent to SQL
Server consumer or visible basic four.0. When the ODBC icon is hooked up in manage Panel, it
uses a file referred to as ODBCINST.DLL. It's also feasible to manage your ODBC knowledge
sources through a stand-by myself application called ODBCADM.EXE. There is a 16-bit and a
32-bit variation of this software and every keeps a separate list of ODBC knowledge sources.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

From a programming point of view, the fantastic thing about ODBC is that the appliance can
also be written to use the identical set of operate calls to interface with any knowledge source,
whatever the database seller. The source code of the application doesnt exchange whether it
talks to Oracle or SQL Server. We only mention these two as an example. There are ODBC
drivers to be had for several dozen popular database systems. Even Excel spreadsheets and
undeniable text files may also be became data sources. The operating method makes use of the
Registry expertise written by means of ODBC Administrator to check which low-stage ODBC
drivers are wanted to talk to the information source (such because the interface to Oracle or
SQL Server). The loading of the ODBC drivers is obvious to the ODBC application application.
In a consumer/server environment, the ODBC API even handles some of the community
problems for the application programmer.

Some great benefits of this scheme are so numerous that you are traditionally considering there
must be some capture. The one disadvantage of ODBC is that it isnt as efficient as talking
directly to the native database interface. ODBC has had many detractors make the cost that it is
too sluggish. Microsoft has consistently claimed that the critical element in performance is the
great of the driving force application that's used. In our humble opinion, that is true. The
availability of good ODBC drivers has extended a fine deal recently. And anyway, the criticism
about efficiency is relatively analogous to those who mentioned that compilers would certainly
not match the pace of pure assembly language. Might be not, however the compiler (or ODBC)
gives you the opportunity to write down cleaner packages, which means that you finish sooner.
Meanwhile, computer systems get rapid each year.

JDBC

In an effort to set an independent database commonplace API for Java; sun Microsystems
developed Java Database Connectivity, or JDBC. JDBC offers a everyday SQL database access
mechanism that supplies a consistent interface to a form of RDBMSs. This regular interface is
achieved via using plug-in database connectivity modules, or drivers. If a database seller
desires to have JDBC support, he or she have to provide the driving force for every platform that
the database and Java run on.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

To reap a wider acceptance of JDBC, sun founded JDBCs framework on ODBC. As you found
out earlier in this chapter, ODBC has well-known aid on a form of platforms. Basing JDBC on
ODBC will enable providers to carry JDBC drivers to market so much turbo than developing a
completely new connectivity solution.

JDBC used to be introduced in March of 1996. It was once launched for a ninety day public
evaluation that ended June 8, 1996. When you consider that of user input, the final JDBC
v1.Zero specification used to be launched soon after.

The rest of this part will cover sufficient expertise about JDBC for you to recognize what it is
about and how to use it conveniently. This is never a complete overview of JDBC. That may fill
an entire booklet.

JDBC Goals

Few software applications are designed without ambitions in mind. JDBC is one who, given that
of its many objectives, drove the development of the API. These goals, alongside early reviewer
suggestions, have finalized the JDBC category library into an effective framework for
constructing database purposes in Java.

The goals that had been set for JDBC are principal. They will provide you with some
perception as to why special courses and functionalities behave the way in which they do. The
eight design pursuits for JDBC are as follows:

1. SQL Level API


The designers felt that their fundamental intention used to be to outline a SQL
interface for Java. Despite the fact that no longer the bottom database interface stage viable,
it is at a low adequate degree for better-stage instruments and APIs to be created. Conversely,
it's at a excessive sufficient degree for software programmers to use it confidently. Achieving
this intention makes it possible for future device vendors to generate JDBC code and to
hide a lot of JDBCs complexities from the end person.

SQL Conformance
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

SQL syntax varies as you progress from database seller to database seller. So that you can
help a vast style of carriers, JDBC will enable any question declaration to be passed through
it to the underlying database driver. This enables the connectivity module to manage non-
usual functionality in a fashion that's suitable for its customers.

2. JDBC must be implemental on top of common database interfaces


The JDBC SQL API ought to sit down on top of alternative fashioned SQL stage
APIs. This purpose allows for JDBC to make use of existing ODBC level drivers by
means of a application interface. This interface would translate JDBC calls to ODBC and
vice versa.
3. Provide a Java interface that is consistent with the rest of the Java system
Because you consider that of Javas acceptance in the consumer neighborhood
accordingly a long way, the designers feel that they should not stray from the current
design of the core Java process.

4. Keep it simple
This purpose ordinarily seems in all software design purpose listings. JDBC is no
exception. Sun felt that the design of JDBC will have to be quite simple, permitting for
just one system of completing a assignment per mechanism. Allowing replica
functionality only serves to confuse the customers of the API.

5. Use strong, static typing wherever possible


Strong typing enables for more error checking to be executed at assemble
time; also, much less error show up at runtime.

6. Keep the common cases simple


Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Because more grounds that more typically than not, the average SQL calls
utilized by the programmer are easy choses, INSERTs, DELETEs and
updates, these queries will have to be easy to perform with JDBC.
Nevertheless, extra complicated SQL statements will have to also be feasible.

Finally we decided to precede the implementation using Java Networking.

And for dynamically updating the cache table we go for MS Access


database.

Java ha two things: a programming language and a platform.


Java is a high-level programming language that is all of the
following

Simple Architecture-neutral
Object-oriented Portable
Distributed High-performance
Interpreted multithreaded
Robust Dynamic
Secure

Java is also exceptional in that each Java program is each compiled and
interpreted. With a assemble you translate a Java application into an intermediate
language known as Java byte codes the platform-impartial code guide is passed
and run on the computer.

Compilation happens just as soon as; interpretation happens at any


time when the software is accomplished. The determine illustrates how
this works.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Java Program Interpreter

Compilers My Program

Networking

TCP/IP stack

The TCP/IP stack is shorter than the OSI one:


Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

TCP is a connection-oriented protocol; UDP (User Datagram


Protocol) is a connectionless protocol.

Total address

The 32 bit address is usually written as 4 integers separated by dots.


Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Port addresses
A provider exists on a number, and is recognized by way of its port. It
is a 16 bit quantity. To ship a message to a server, you send it to the port for
that service of the host that it's jogging on. This isn't vicinity transparency!
Precise of those ports are "good known".

Sockets
A socket is a knowledge constitution maintained via the procedure to
control community connections. A socket is created using the decision
socket. It returns an integer that is sort of a file descriptor. Actually, below
windows, this handle can be utilized with read File and Write File
#include <sys/types.h>
#include <sys/socket.h>
int socket(int family, int type, int protocol);

Here "family" will be AF_INET for IP communications, protocol will


be zero, and type will depend on whether TCP or UDP is used. Two
processes wishing to communicate over a network create a socket each.
These are similar to two ends of a pipe - but the actual pipe does not yet
exist.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

J2ME (Java 2 Micro edition):-

Sun Microsystems defines J2ME as "a incredibly optimized Java run-time environment focusing
on a broad range of client merchandise, including pagers, cell telephones, reveal-phones, digital
set-prime packing containers and auto navigation techniques." introduced in June 1999 on the
Java One Developer convention, J2ME brings the pass-platform performance of the Java
language to smaller gadgets, enabling mobile wi-fi devices to share functions. With J2ME, solar
has adapted the Java platform for patron products that incorporate or are headquartered on small
computing devices.

1. General J2ME architecture

J2ME uses configurations and profiles to customize the Java Runtime atmosphere (JRE). As a
entire JRE, J2ME is comprised of a configuration, which determines the JVM used, and a
profile, which defines the appliance by adding domain-distinct lessons. The configuration
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

defines the fundamental run-time atmosphere as a collection of core lessons and a designated
JVM that run on certain varieties of devices. We are going to speak about configurations in
element within the profile defines the appliance; notably, it adds domain-specified classes to the
J2ME configuration to define designated makes use of for contraptions. We'll quilt profiles in
depth in the next photo depicts the relationship between the unique digital machines,
configurations, and profiles. It additionally attracts a parallel with the J2SE API and its Java
digital computing device. Even as the J2SE digital machine is most commonly known as a JVM,
the J2ME digital machines, KVM and CVM, are subsets of JVM. Each KVM and CVM may
also be thought of as a kind of Java digital machine -- it can be simply that they're shrunken
types of the J2SE JVM and are distinct to J2ME.

2. Developing J2ME applications

Introduction in this section, we will be able to go over some concerns you ought to maintain in
intellect when constructing applications for smaller contraptions. We are going to take a seem on
the approach the compiler is invoked when utilising J2SE to collect J2ME applications. In the
end, we will discover packaging and deployment and the role preverification plays in this
approach.

3. Design considerations for small devices

Establishing purposes for small gadgets requires you to keep detailed approaches in mind for the
period of the design segment. It's quality to strategically design an application for a small gadget
earlier than you coding. Correcting the code considering that you did not recall the entire
"gotchas" earlier than setting up the appliance can be a painful system. Listed below are some
design strategies to do not forget:

* hold it simple. Dispose of unnecessary elements, possibly making these elements a separate,
secondary application.

* Smaller is best. This consideration should be a "no brainer" for all builders. Smaller functions
use less memory on the gadget and require shorter installation times. Consider packaging your
Java applications as compressed Java Archive (jar) records.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

* curb run-time reminiscence use. To cut down the quantity of reminiscence used at run time, use
scalar types in position of object types. Additionally, don't rely upon the garbage collector. You
must manage the memory effectually yourself by means of atmosphere object references to null
if you find yourself finished with them. A further solution to lessen run-time memory is to use
lazy instantiation, best allocating objects on an as-needed groundwork. Other methods of
lowering overall and top memory use on small contraptions are to free up resources quickly,
reuse objects, and avert exceptions.

4. Configurations overview

The configuration defines the elemental run-time atmosphere as a suite of core courses and a
certain JVM that run on distinctive varieties of instruments. Presently, two configurations exist
for J2ME, although others are also outlined one day:

Connected limited tool Configuration (CLDC) Is used specially with the KVM for sixteen-bit
or 32-bit devices with constrained amounts of reminiscence. That is the configuration (and the
virtual computer) used for setting up small J2ME purposes. Its dimension boundaries make
CLDC more interesting and challenging (from a development point of view) than CDC. CLDC
can be the configuration that we will be able to use for constructing our drawing software
application. An illustration of a small wireless gadget running small applications is a Palm
handheld pc.

* Linked tool Configuration (CDC) is used with the C virtual machine (CVM) and is used for
32-bit architectures requiring greater than 2 MB of reminiscence. An instance of such a gadget is
an internet TV box.

5. J2ME profiles

What is a J2ME profile?

As we recounted earlier in this tutorial, a profile defines the form of gadget supported. The
cellular expertise device Profile (MIDP), for instance, defines classes for mobile phones. It adds
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

area-particular lessons to the J2ME configuration to outline uses for similar contraptions. Two
profiles had been defined for J2ME and are constructed upon CLDC: KJava and MIDP. Each
KJava and MIDP is related to CLDC and smaller contraptions. Profiles are constructed on top of
configurations. Considering that profiles are designated to the dimensions of the gadget (amount
of reminiscence) on which an utility runs, certain profiles are associated with distinct
configurations.

A skeleton profile upon which that you could create your possess profile, the foundation Profile,
is available for CDC.

Profile 1: KJava

KJava is sun's proprietary profile and includes the KJava API. The KJava profile is built on
prime of the CLDC configuration. The KJava digital computing device, KVM, accepts the equal
byte codes and class file structure because the classic J2SE virtual laptop. KJava involves a sun-
targeted API that runs on the Palm OS. The KJava API has a satisfactory deal in fashioned with
the J2SE summary Windowing Toolkit (AWT). However, when you consider that it is not a
regular J2ME package deal, its major bundle is com.Sun.Kjava. We'll be taught extra in regards
to the KJava API later in this tutorial after we improve some sample purposes.

Profile 2: MIDP

MIDP is geared towards cellular instruments comparable to mobile telephones and pagers. The
MIDP, like KJava, is developed upon CLDC and provides a regular run-time atmosphere that
allows for new purposes and offerings to be deployed dynamically on finish person instruments.
MIDP is a normal, industry-typical profile for cell devices that isn't dependent on a detailed
dealer. It is a whole and supported groundwork for cellular application

Development. MIDP contains the next programs, the first three of which can be core CLDC
applications, plus three MIDP-detailed programs.

* java.lang

* java.io
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

* java.util

* javax.microedition.io

* javax.microedition.lcdui

* javax.microedition.midlet

* javax.microedition.rms

SYSTEM ANALYSIS
EXISTING SYSTEM:

Once the users identity has been verified, the system resources square
measure accessible for a set amount of your time or till specific logout
from the user. This approach assumes that one verification (at the start of
the session) is ample, which the identity of the user is constant
throughout the complete session.
In existing, a multi-modal biometric verification system is intended and
developed to notice the physical presence of the user logged in an
exceedingly laptop.
The add another existing paper, proposes a multi-modal biometric
continuous authentication answer for native access to high-security
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

systems as ATMs, wherever the data no inheritable square measure


weighted within the user verification method, supported i) style of the
biometric traits and ii) time, since {different totally completely different
completely different} sensors square measure ready to offer data with
different timings. purpose ii) introduces the necessity of a temporal
integration methodology that depends on the provision of past
observations: supported the idea that as time passes, the boldness within
the no inheritable (aging) values decreases. The paper applies a
degeneracy perform that measures the uncertainty of the score computed
by the verification perform.

DISADVANTAGES OF EXISTING SYSTEM:

None of existing approaches supports continuous authentication. Emerging


biometric solutions permit subbing username and secret with biometric
information throughout session institution, however in such associate degree
approach still one verification is deemed ample, and therefore the identity of
a user is taken into account immutable throughout the whole session.

PROPOSED SYSTEM:

This paper presents a brand new approach for user verification and session
management that's applied within the context aware security by hierarchic
structure architectures (CASHMA) system for secure biometric identification
on the web.
CASHMA is in a position to control firmly with any quite internet service, as
well as services with high security demands as on-line banking services, and it's
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

meant to be used from completely different consumer devices, e.g., smart


phones, Desktop PCs or maybe biometric kiosks placed at the doorway of
secure areas. counting on the preferences and needs of the owner of the net
service, the CASHMA authentication service will complement a standard
authentication service, or will replace it.
Our continuous authentication approach is grounded on clear acquisition of
biometric information and on adaptative timeout management on the premise of
the trust expose within the user and within the completely different subsystems
used for authentication. The user session is open and secure despite potential
idle activity of the user, whereas potential misuses square measure detected by
endlessly confirming the presence of the right user.

ADVANTAGES OF PROPOSED SYSTEM:

Our approach doesn't need that the reaction to a user verification couple is
dead by the user device (e.g., the logout procedure), however it's
transparently handled by the CASHMA authentication service and therefore
the internet services that apply their own reaction procedures.
Provides a trade-off between usability and security.

SYSTEM DESIGN

SYSTEM ARCHITECTURE:
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

DATA FLOW DIAGRAM:

1. The DFD is additionally known as as bubble chart. it's an easy graphical


formalism that may be wont to represent a system in terms of computer file to the
system, numerous process disbursed on this information, and therefore the output
information is generated by this method.

2. the info multidimensional language (DFD) is one in all the foremost


necessary modeling tools. it's wont to model the system parts. These parts square
measure the system method, the info employed by the method, associate degree
external entity that interacts with the system and therefore the data flows within the
system.

3. DFD shows however the knowledge moves through the system and the way
it's changed by a series of transformations. it's a graphical technique that depicts
data flow and therefore the transformations that square measure applied as
information moves from input to output.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

4. DFD is additionally referred to as bubble chart. A DFD is also wont to


represent a system at any level of abstraction. DFD is also partitioned off into
levels that represent increasing data flow and practical detail.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Login

User Server

Registration
Customer Details

Account Details

Activate Beneficial

Transaction

Transaction

Verification

Activate Blocked Account

Add Beneficial

Money Transfer
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

UML DIAGRAMS

UML stands for Unified Modeling Language. UML may be a standardized all-
purpose modeling language within the field of object-oriented package
engineering. the quality is managed, and was created by, the thing Management
cluster.
The goal is for UML to become a typical language for making models of object
minded laptop package. In its current type UML is comprised of 2 major
components: a Meta-model and a notation. within the future, some type of
methodology or method may be supplemental to; or related to, UML.
The Unified Modeling Language may be a normal language for specifying, mental
image, Constructing and documenting the artifacts of computer code, yet as for
business modeling and different non-software systems.
The UML represents a group of best engineering practices that have proved
successful within the modeling of huge and sophisticated systems.

The UML may be a vital a part of developing objects minded package and
therefore the package development method. The UML uses largely graphical
notations to precise the look of package comes.

GOALS:
The Primary goals in the design of the UML are as follows:
1. the first goals within the style of the UML square measure as follows:
2. Offer users a ready-to-use, communicatory visual modeling Language in
order that they will develop and exchange pregnant models.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

3. Offer extendibility and specialization mechanisms to increase the core ideas.


4. Be freelance of specific programming languages and development method.
5. Offer a proper basis for understanding the modeling language.
6. Encourage the expansion of OO tools market.
7. Support higher level development ideas like collaborations, frameworks,
patterns and parts.
8. Integrate best practices.

USE CASE DIAGRAM:

A use case diagram within the Unified Modeling Language (UML) may be a style
of activity diagram outlined by and created from a Use-case analysis. Its purpose is
to gift a graphical summary of the practicality provided by a system in terms of
actors, their goals (represented as use cases), and any dependencies between those
use cases. The most purpose of a use case diagram is to point out what system
functions square measure performed that actor. Roles of the actors within the
system are often delineating.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Registration

Account Details

Transaction

Add Beneficial

Server
Money Transfer
User

Customer Details

Activate Beneficial

Transaction

Activate Blocked Account


Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

CLASS DIAGRAM:

In package engineering, a category diagram within the Unified Modeling Language


(UML) may be a style of static structure diagram that describes the structure of a
system by showing the system's categories, their attributes, operations (or
methods), and therefore the relationships among the categories. It explains that
category contains data.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

SEQUENCE DIAGRAM:

A sequence diagram in Unified Modeling Language (UML) may be a quite


interaction diagram that shows however processes operate with each other and in
what order. Its a construct of a Message Sequence Chart. Sequence diagrams
square measure typically known as event diagrams, event eventualities, and
temporal order diagrams.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Database
User
Server

Registration

Account Details

Verification

Add Beneficial

Money Transfer

Money Transfer
File Upload

Customer Details

Activate Beneficial

Transaction

Activate Blocked Account

Activate Blocked Account


Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

ACTIVITY DIAGRAM:

Activity diagrams square measure graphical representations of workflows of


stepwise activities and actions with support for alternative, iteration and
concurrency. Within the Unified Modeling Language, activity diagrams are often
wont to describe the business and operational bit-by-bit workflows of parts in an
exceedingly system. Associate degree activity diagram shows the general flow of
management.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Login

User
Server

incorrect
verify user
user Invalid server
verify server

Account Details

Customer Details
Transaction

Activate Beneficial

Add Beneficial

Transaction

Money Transfer

Activate Blocked Account

Intra, Inter
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

IMPLEMENTATION

MODULES:
System Model
Authentication Server
CASHMA Certificate
Continuous Authentication

MODULES DESCRIPTION:

System Model:

In this module, we tend to produce the System model to judge and


implement our planned system. CASHMA will demonstrate to internet
services, starting from services with strict security needs as on-line banking
services to services with reduced security needs as forums or social
networks. to boot, it will grant access to physical secure areas as a restricted
zone in associate degree flying field, or a military zone (in such cases the
authentication system are often supported by biometric cubicle placed at the
doorway of the secure area). we tend to make a case for the usage of the
CASHMA authentication service by discussing the sample application
situation, wherever a user u needs to log into a web banking service.
"User Id" refers to the identity of the user obtained from the Bank for the
aim of work into the web Banking facility provided by the Bank.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

"Login Password" may be a distinctive and at random generated secret


notable solely to the client, which might be modified by the user to his/her
convenience. this can be a method of authenticating the user ID for work
into web Banking.

"Transaction Password" may be a distinctive and at random generated secret


notable solely to the client, which might be modified to his/her convenience. this
can be a method of authentication needed to be provided by the client for putt
through the dealing in his/her/their/its accounts with Bank through web Banking.
whereas User ID and secret square measure for valid access into the web
application, giving valid dealing secret is for authentication of transaction/requests
created through web
Authentication Server:

In web banking like ancient banking ways, security may be a primary


concern. Server can take each precaution necessary to take care your data is
transmitted safely and firmly. the most recent ways in web banking industry
security square measure wont to increase and monitor the integrity and
security of the system.
The Server maintains the functionality:

o Customer Details
o Activation of Beneficiary
o Transaction Details
o Activate Blocked Account

CASHMA Certificate
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

In this module, we tend to gift the knowledge contained within the body of
the CASHMA certificate transmitted to the consumer by the CASHMA
authentication server, necessary to grasp details of the protocol. Time stamp
and sequence range univocally establish every certificate, and shield from
replay attacks. ID is that the user ID, e.g., a number.
Decision represents the result of the verification procedure disbursed on the
server aspect. It includes the expiration time of the session, dynamically
appointed by the CASHMA authentication server. In fact, the worldwide
trust level and therefore the session timeout square measure continually
computed considering the time instant during which the CASHMA
application acquires the biometric information, to avoid potential issues
associated with unknown delays in communication and computation.

Continuous Authentication:

A secure protocol is outlined for perpetual authentication through continuous


user verification. The protocol determines adaptative timeouts supported the
standard, frequency and sort of biometric information transparently no
inheritable from the user. the utilization of biometric identification permits
credentials to be no inheritable transparently, i.e., while not expressly
notifying the user or requiring his/her interaction, that is important to ensure
higher service usability.
The plan behind the execution of the protocol is that the consumer endlessly
and transparently acquires and transmits proof of the user identity to take
care of access to an internet service. The most task of the planned protocol is
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

to make and so maintain the user session adjusting the session timeout on the
premise of the boldness that the identity of the user within the system is real.

SYSTEM STUDY

FEASIBILITY STUDY

The feasibility of the undertaking is analyzed in this phase and


industry proposal is put forth with an extraordinarily common plan for the task and
some rate estimates. For the duration of method analysis the feasibility study of the
proposed approach is to be implemented. This is to make sure that the proposed
procedure is not a burden to the corporation. For feasibility evaluation, some
figuring out of the main necessities for the approach is essential.

Three key considerations involved in the feasibility analysis are

ECONOMICAL FEASIBILITY
TECHNICAL FEASIBILITY
SOCIAL FEASIBILITY

ECONOMICAL FEASIBILITY
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

This gain knowledge of is carried out to verify the economic have an


impact on that the method can have on the group. The quantity of fund that the
enterprise can pour into the research and progress of the system is constrained. The
expenses have got to be justified. For that reason the developed procedure as well
within the budget and this was carried out considering that many of the
technologies used are freely on hand. Best the customized products needed to be
bought

TECHNICAL FEASIBILITY

This be taught is carried out to examine the technical feasibility,


that's, the technical requirements of the procedure. Any system developed have to
no longer have an excessive demand on the to be had technical resources. This may
lead to high needs on the available technical resources. This may result in
excessive demands being positioned on the customer. The developed system ought
to have a modest requirement, as best minimal or null alterations are required for
enforcing this process.

SOCIAL FEASIBILITY

The aspect of be trained is to determine the extent of acceptance of the


system by the consumer. This entails the procedure of training the consumer to use
the method efficaciously. The person have got to not feel threatened via the
process, instead must accept it as a necessity. The extent of acceptance via the
users completely will depend on the approaches that are employed to coach the
user about the system and to make him acquainted with it. His degree of self
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

assurance must be raised so that he's also competent to make some positive
criticism, which is welcomed, as he's the final person of the method .

SYSTEM TESTING

The intent of testing is to discover error. Testing is the approach of trying to


become aware of each conceivable fault or weakness in a piece product. It presents
a method to verify the functionality of accessories, sub assemblies, assemblies
and/or a completed product it's the system of exercising program with the intent of
making sure that the

application system meets its requirements and person expectations and does now
not fail in an unacceptable manner. There are more than a few forms of scan. Every
scan kind addresses a detailed checking out requirement.

TYPES OF TESTS

Unit testing
Unit trying out involves the design of test instances that validate
that the inner program common sense is functioning properly, and that program
inputs produce legitimate outputs. All determination branches and interior code
drift will have to be validated. It's the trying out of individual program items of the
appliance .It is done after the completion of an individual unit before integration. It
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

is a structural trying out, that relies on capabilities of its building and is invasive.
Unit exams participate in basic exams at element level and experiment a distinct
industry system, utility, and/or approach configuration. Unit tests be certain that
each and every exact course of a trade approach performs effectively to the
documented requisites and contains certainly outlined inputs and anticipated
outcome.

Integration testing
Integration checks are designed to scan built-in software accessories to
determine if they truely run as one application. Checking out is occasion driven
and is more concerned with the elemental end result of monitors or fields.
Integration assessments show that despite the fact that the accessories were
individually pleasure, as shown by using effectively unit trying out, the blend of
components is proper and regular. Integration testing is mainly aimed at exposing
the issues that arise from the mixture of components.

Functional test

Practical assessments furnish systematic demonstrations that functions validated are on


hand as distinct by the industry and technical requirements, approach documentation, and user
manuals.

Functional testing is centered on the following items:


Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

Systems/Procedures: interfacing systems or procedures must be invoked.

Institution and education of practical tests is serious about specifications, key features, or
specified experiment instances. In addition, systematic insurance policy referring to identify
industry system flows; data fields, predefined strategies, and successive approaches have to be
considered for checking out. Earlier than practical trying out is complete, extra tests are
recognized and the effective price of current checks is determined.

System Test
System trying out ensures that the entire built-in software approach meets standards. It
assessments a configuration to be certain recognized and predictable results. An example of
system checking out is the configuration oriented system integration experiment. Process
checking out is situated on approach descriptions and flows, emphasizing pre-pushed system
links and integration features.

White Box Testing


White field checking out is a checking out where the program tester has potential of
the interior workings, structure and language of the application, or at the least its rationale. It's
rationale. It is used to test areas that are not able to be reached from a black field level.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

Black Box Testing


Black field testing is checking out the program with none potential of the inside
workings, structure or language of the module being confirmed. Black field exams, as most other
types of exams must be written from a definitive supply document, equivalent to specification or
requisites record, reminiscent of specification or necessities file. It's a trying out wherein the
program underneath test is handled, as a black box .You is not able to see into it. The test
provides inputs and responds to outputs without given that how the application works.

6.1 Unit Testing:

Unit trying out is normally carried out as part of a blended code and unit test phase of the
software lifecycle, even though it isn't unusual for coding and unit testing to be performed as two
awesome stages.

Test strategy and approach


Field checking out may be completed manually and purposeful tests may be written in
element.

Test objectives
All field entries must work properly.
Pages must be activated from the identified link.
The entry screen, messages and responses must not be delayed.

Features to be tested
Verify that the entries are of the correct format
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

No duplicate entries should be allowed


All links should take the user to the correct page.

6.2 Integration Testing

Software integration checking out is the incremental integration testing of or extra


integrated software components on a single platform to supply screw ups as a result of interface
defects.

The venture of the combination take a look at is to check that additives or software
program packages, e.g. components in a software gadget or one step up software program
programs on the organisation degree interact with out error.

Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

6.3 Acceptance Testing

User popularity checking out is a critical section of any undertaking and


calls for tremendous participation via the end user. It additionally ensures that the
gadget meets the functional requirements.

Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

SCREEN SHOTS
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

CONCLUSION

We exploited the novel chance introduced by statistics to outline a protocol for


continuous authentication that improves security and value of user session. The
protocol computes adaptative timeouts on the premise of the trust expose within
the user activity and within the quality and type of biometric information no
inheritable transparently through watching in background the users actions. Some
architectural style choices of CASHMA are here mentioned. First, the system
exchanges data and not the options extracted from them or templates, whereas
crypto-token approaches don't seem to be considered; as debated in Section three.1,
this can be as a result of discipline choices wherever the consumer is unbroken
terribly straightforward. we tend to remark that our planned protocol works with no
changes victimization options, templates or data. Second, privacy considerations
ought to be addressed considering National legislations. At present, our image
solely performs some checks on face recognition, wherever only 1 face (the biggest
one rust) from the face detection.

REFERENCES
[1] CASHMA-Context Aware Security by Hierarchical Multilevel Architectures,
MIUR FIRB, 2005.

[2] L. Hong, A. Jain, and S. Pankanti, Can Multibiometrics Improve


Performance? Proc. Workshop on Automatic Identification Advances
Technologies (AutoID 99) Summit, pp. 59-64, 1999.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

[3] S. Ojala, J. Keinanen, and J. Skytta, Wearable Authentication Device for


Transparent Login in Nomadic Applications Environment, Proc. Second Intl
Conf. Signals, Circuits and Systems (SCS 08), pp. 1-6, Nov. 2008.

[4] BioID Biometric Authentication as a Service (BaaS), BioID Press Release,


https://www.bioid.com, Mar. 2011.

[5] T. Sim, S. Zhang, R. Janakiraman, and S. Kumar, Continuous Verification


Using Multimodal Biometrics, IEEE Trans. Pattern Analysis and Machine
Intelligence, vol. 29, no. 4, pp. 687-700, Apr. 2007.

[6] L. Montecchi, P. Lollini, A. Bondavalli, and E. La Mattina, Quantitative


Security Evaluation of a Multi-Biometric Authentication System, Proc. Intl Conf.
Computer Safety, Reliability and Security, pp. 209-221, 2012.

[7] S. Kumar, T. Sim, R. Janakiraman, and S. Zhang, Using Continuous


Biometric Verification to Protect Interactive Login Sessions, Proc. 21st Ann.
Computer Security Applications Conf. (ACSAC 05), pp. 441-450, 2005.

[8] A. Altinok and M. Turk, Temporal Integration for Continuous Multimodal


Biometrics, Proc. Workshop Multimodal User Authentication, pp. 11-12, 2003.

[9] C. Roberts, Biometric Attack Vectors and Defences, Computers & Security,
vol. 26, no. 1, pp. 14-25, 2007.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

[10] S.Z. Li and A.K. Jain, Encyclopedia of Biometrics. first ed., Springer, 2009.

[11] U. Uludag and A.K. Jain, Attacks on Biometric Systems: A Case Study in
Fingerprints, Proc. SPIE-EI 2004, Security, Steganography and Watermarking of
Multimedia Contents VI, vol. 5306, pp. 622-633, 2004.

[12] E. LeMay, W. Unkenholz, D. Parks, C. Muehrcke, K. Keefe, and W.H.


Sanders, Adversary-Driven State-Based System Security Evaluation, Proc. the
Sixth Intl Workshop Security Measurements and Metrics (MetriSec 10), pp. 5:1-
5:9, 2010.

[13] O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing , Automated


Generation and Analysis of Attack Graphs, Proc. IEEE Symp. Security and
Privacy, pp. 273-284, 2002.

[14] D.M. Nicol, W.H. Sanders, and K.S. Trivedi, Model-Based Evaluation: From
Dependability to Security, IEEE Trans. Dependable and Secure Computing, vol.
1, no. 1, pp. 48-65, Jan.-Mar. 2004.

[15] T. Courtney, S. Gaonkar, L. Keefe, E.W.D. Rozier, and W.H. Sanders,


Mobius 2.3: An Extensible Tool for Dependability, Security, and Performance
Evaluation of Large and Complex System Models, Proc. IEEE/IFIP Intl Conf.
Dependable Systems & Networks (DSN 09), pp. 353-358, 2009.
Transparent And Constant Secure Service For User Identity Verification
Using Biometrics

[16] W.H. Sanders and J.F. Meyer, Stochastic Activity Networks: Formal
Definitions and Concepts, Lectures on Formal Methods and Performance
Analysis, pp. 315-343, Springer-Verlag, 2002.

[17] T. Casey, Threat Agent Library Helps Identify Information Security Risks,,
White Paper, Intel Corporation, Sept. 2007.

[18] A. Ceccarelli, A. Bondavalli, F. Brancati, and E. La Mattina, Improving


Security of Internet Services through Continuous and Transparent User Identity
Verification, Proc. Intl Symp. Reliable Distributed Systems (SRDS), pp. 201-
206, Oct. 2012.

[19] Adobe Products List, http://www.adobe.com/products, 2014.

[20] T.F. Dapp, Growing Need for Security in Online Banking: Biometrics Enjoy
Remarkable Degree of Acceptance,, Banking & Technology Snapshot, DB
Research, Feb. 2012.