Behavior-based continuous authentication for web apps, enhancing security by analyzing user interactions in real-time.
TrustNet is a Next.js application developed for the SuRaksha hackathon, focusing on enhancing web application security through behavior-based continuous authentication. Its primary purpose is to analyze user interactions in real-time within a simulated secure banking dashboard, assess potential risks, and respond with appropriate security measures. Key features include: - User Authentication: Secure login, signup, and logout via Firebase Authentication, with user profiles in Firestore. - Banking Dashboard Overview: Mock banking info (balance, transactions), quick actions, and user-specific security stats (events logged, high-risk flags, AI analyses), plus an event activity bar chart. - User Profile Management: View and edit display name, phone, address; static info like email, member since, last login. - Session Security Monitor: Real-time display of Confidence Score (0-100%), Risk Level (low, medium, high), AI Explanation, profile learning status, and recent keystroke/navigation details. - Behavioral Data Collection: Continuous background collection of keystroke dynamics, mouse movements, scroll activity, touch events, and navigation flow. - AI-Powered Risk Scoring: Genkit flow with Google Gemini analyzes behavioral data against a learned user profile (localStorage) or general patterns, outputting confidence, risk, and explanation. Handles sparse data. - Proactive Security Interventions: Medium risk triggers an AI-generated reverse-typing challenge; failure or dismissal locks session. High risk triggers an immediate session lock. - Activity Logs & Admin Dashboard: Real-time, sortable Firestore logs of all security events, color-coded by risk, with analytical charts (events by user, risk distribution). - SRS Document Page: Static display of the project's SRS document. The project showcases how continuous behavioral authentication, powered by AI, can add an intelligent security layer.
Traditional password-based authentication is vulnerable to phishing and credential theft. Once a user is logged in, their session is typically assumed to be secure. There is a need for a continuous, behavior-based authentication system that can detect anomalies and potential account takeovers in real-time.
Hackathon Project (Team). My primary role was developing the core AI risk-scoring engine using Genkit and designing the proactive security intervention logic. I also contributed to the front-end dashboard for the session security monitor.
Building a real-time data collection and analysis pipeline under hackathon pressure was intense. I learned to design a Genkit flow that could make rapid, stateful decisions based on a continuous stream of user behavior data. The key was balancing security with user experience—making the interventions effective but not overly intrusive. It was a great lesson in applied security AI.