1 of 1

The WebID Protocol Enhanced with Biometric and Access Control

10th Annual COE Graduate Poster Presentation Competition

Students: Yasmin Eady(MS), Kofi Kyei (PhD)

Advisors: Albert Esterline

Cross-Disciplinary Research Area: Cyber Security

Introduction

  • Since the onset of a networked digital landscape, the standard mode for authentication access for users has been through username and password
  • It is challenging to remember passwords for different online services
    • writing or recording passwords would put the user at risk of their password being stolen
  • Using WebID protocol, Biometrics, and Permuted disposable feature vector (PDFV) can increase security for the user

Abstract

For networked communications, cyber security and authentication are critical components. This work deals with the issue of security and authentication as it involves features of the Semantic Web. The phrase "Semantic Web" alludes to the World Wide Web Consortium’s idea of standards to make internet data machine-readable and reusable. WebID is a technique for managing profile data connected with people and services at self-defined locations. While the WebID protocol alone allows users more control over their connections to online services, biometric authentication is an additional process that can add security and convenience for individuals. We will use Secure Sockets Layer certificates protocol in MEAN Stack’s Node.js for the frontend. If the user does have a WebID stored, they will gain permission to use the server on the network for that WebID group. If the user does not, then the user will register by the enrollment protocol to be add into the network with a WebID group.

WebID

  • WebID is a URI-based protocol of uniquely identifying a person, firm, organization, or other agent. Dan Brickely and Tim Berners-Lee created the phrase “WebID” in 2000
  • WebID is built on the architecture of the Semantic Web
  • The Semantic Web is a collaborative movement led by the World Wide Web Consortium, an international standards body (W3C)

Biometrics

  • Biometric authentication has inherent properties that make the process of recognition more convenient and secure as one does not have to memorize a biometric as one would a passcode
    • nor is a biometric something that can be stolen or misplaced, such as an access card.
  • There are several biometrics that can be used, with varying pros and cons for each
    • Facial biometrics are a very convenient biometric as cameras

Future Work

  • Future work will be focused on continuous active authentication schemes that integrate into a system using WebID
  • Hackers can capture and attempt to brute force guess the appropriate permutation order from a captured biometric if they can decrypt the data
  • Techniques that can obfuscate any captured data should be considered to prevent this
  • Storage is also a concern as there are typically multiple servers involved in a system using WebID
  • We will run tests on a simulated system using biometrics and WebID to determine vulnerabilities depending on where specific data is stored
  • With the combined WebID representation and biometrics, a user is granted more control over their online representation

Conclusion

  • As technology matures, the World Wide Web can evolve to exploit more aspects of the Semantic Web
  • Biometric authentication is likely to become more commercialized with more devices having tech to function as a biometric scanner
  • To get the most potential of the maturation of technology, the system presented in this paper addresses this future growth.
  • In this work, we have introduced a system that incorporates the WebID protocol,
    • with the permuted disposable feature vector (PDFV) approach for added security and more control to the user for authentication

Acknowledgments

  • This research is funded by the National Science Foundation (Award number 1900187, Collaborative Research: HBCU Excellence in Research: Computational Framework and Data Science for Identification).
  • This is a collaboration work with Takiva Richardson and Dr. Joseph Shelton from the Department of Computer Science, Virginia State University and Prof. Keith Coleman in the Department of Criminal Justice, North Carolina A&T State University

WebID Diagram

Permuted Disposable Feature Vector (PDFV)

  • The PDFV method improves upon prior research for increasing the number of unique representations for a biometric sample
    • similar to a one-time passcode
  • The proposed PDFV method is based on work that shows
    • the effectiveness of permuted histograms for unique representation