Design and implementation of a detailed hybrid security model for smart web portals using honeyword protection, keystroke dynamics verification, and fuzzy logic decision systems
摘要
Rapid technological advances in the form of web-based applications, have placed a great deal of pressure on organizations to provide secure access to their web-based systems while still meeting users’ needs for ease of use. To meet this increased demand, this paper introduces an innovative and effective multilayered authentication system for enabling secure access to ‘smart’ web portals employing three synergistic security mechanisms: honeywords; keystroke dynamics; and fuzzy logic. The honeyword layer provides an innovative way to detect when a password database has been breached by means of deception-based detection; keystroke dynamics provides a technique for continuous biometric verification of a user’s identity by monitoring the individual’s typing patterns; and fuzzy logic provides an adaptive decision engine to account for the natural variance in users’ typing patterns when determining if the inputted information is valid or not. The proposed multilayered authentication system was built and evaluated in a distributed web environment. Experimental results have demonstrated consistently low False Acceptance Rates (FARs) across the user population and have resulted in Equal Error Rates (EERs) between 0.02 and 0.04, indicating that the multilayered authentication framework is able to differentiate between valid and invalid inputs with excellence. The proposed multilayered authentication system is a practical and scalable solution for securing access to smart web portals.