Improving Service Credibility Using Password Authenticated Peer Services

Transcription

1 Improving Service Credibility Using Password Authenticated Peer Services Mathiarasu.G 1, Kanmani sivagar.a 2 Department of Computer science and Engineering,SRM UNIVERSITY, Tamilnadu, India. 1 Department of Computer science and Engineering,SRM UNIVERSITY, Tamilnadu, India. 2 ABSTRACT Password-Authenticated Key Exchange (PAKE) is where a client and a server, who share a password, authenticate each other and meanwhile establish a cryptographic key by exchange of messages. In a scenario where two servers cooperate to authenticate a client and if one server is compromised, the attacker still cannot pretend to be the client with the information from the compromised server. Two-server PAKE are either symmetric in the sense that two peer servers equally contribute to the authentication or asymmetric in the sense that one server authenticates the client with the help of another server. Current symmetric solution for two-server PAKE, where the client can establish different cryptographic keys with the two servers, respectively. This protocol runs in parallel and is more efficient than existing symmetric twoserver PAKE protocol. A solution to redirect the client request using PAKE, if one of the servers fails or crashes in case of Denial of Service attacks and resistance against Denial of service attacks Keywords - Password Aurhenticated Key Exchange,Cryptographic key,denial of service attack I. INTRODUCTION NOWADAYS, passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs) and etc. A computer user may require passwords for many purposes: logging in to computer accounts, retrieving from servers, accessing programs,databases, networks, web sites, and even reading the morning newspaper online.earlier password-based authentication systems transmitted a cryptographic hash of the password over a public channel which makes the hash value accessible to an attacker. When this is done, and it is very common,the attacker can work offline, rapidly testing possible passwords against the true password s hash value. Studies have consistently shown that a large fraction of userchosen passwords are readily guessed automatically. For example, according to Bruce Schneier, examining data from a 2006 phishing attack, 55% of MySpace passwords would be crackable in 8 hours using a commercially available Password Recovery Toolkit capable of testing 200,000 passwords per second in 2006 Recent research advances in password-based authentication have allowed a client and a server mutually to authenticate with a password and meanwhile to establish a cryptographic key for secure communications after authentication. In general, current solutions for password-based authentication follow two models. A:PASSWORD-AUTHENTICATED KEY EXCHANGE Two server password-based authentication protocols(two-server PAKE), where two servers cooperate to authenticate a client on the basis of Password Only and if one server is compromised due to Insider Attack or Denial Of Service Attack (DDOS), the attacker still cannot pretend to be the client with the information from the compromised server. Recent research advances in password-based authentication and follow two models.a passwordonly authentication protocol which is both practical and provably-secure under standard cryptographic assumption. Our Protocol is Symmetric and, can run in parallel to establishes secret session keys between the client and two servers, respectively. In :case one of the two servers shuts down due to the denial-of service attack, another server can continue to provide services to authenticated clients. In terms of parallel computation and reliable service, a symmetric protocol is superior to an asymmetric protocol ISSN: Page401

2 B:PKI Based Model The first model, called PKI-based model, assumes that the client keeps the server s public key in addition to share a password with the server. In this setting, the client can send the password to the server by public key encryption. Gong, Lomas, Needham, and Saltzer [1] were the first to present this kind of authentication protocols with heuristic resistant to offline dictionary attacks, and Halevi and Krawczyk [3] were the first to provide formal definitions and rigorous proofs of security for PKI-based model. C:Password Only model The second model is called password-only model.bellovin and Merritt [4] were the first to consider authentication based on password only, and introduced a set of so-called encrypted key exchange (EKE) protocols,where the password is used as a secret key to encrypt random numbers for key exchange purpose. Formal models of security for the password-only authentication were firstly given independently by Bellare, Pointcheval and Rogaway [5], and Boyko, MacKenzie, Patel and Swaminathan [6]. Katz et al. [7] were the first to give a password-only authentication protocol which is both practical and provably-secure under standard cryptographic assumption. II. RELATED WORKS In a single-server PAKE protocol, if the server is compromised,user passwords stored in the server are all disclosed. To address this issue, in 2000, Ford and Kaliski [8] proposed the first threshold PAKE protocol in the PKI-based model, in which n servers cooperate to authenticate a client. Their protocol remains secure as long as n 1 or few servers are compromised. Subsequently, in 2001, Joblon [9] removed the requirement for PKI and suggested a protocol with the similar property in the password-only model. Both the threshold PAKE protocols were not shown to be secure formally. In 2002, MacKenzie et al. [10] gave a protocol in the PKIbased setting, which requires only t out of n servers to cooperate in order to authenticate a client and is secure as long as t 1 or fewer servers are compromised. They were the first to provide a formal security proof for their threshold PAKE protocol in the random oracle model. In 2003, Di Raimondo and Gennaro [11] proposed a protocol in the passwordonly setting, which requires less than 1/3 of the servers to be compromised, with a formal security proof in the standard model.in 2003, Brainard et al. [12] developed the first twoserver protocol in the PKI-based setting. Their protocol and its variant assume a secure channel between the client and the server(s), which would be in practice implemented using public key techniques such as SSL. In 2005, Katz et al. [7] proposed the first two-server password-only authenticated key exchange protocol with a proof of security in the standard model. Their protocol extended and built upon the Katz- Ostrovsky-Yung PAKE protocol [14], called KOY protocol for brevity. In their protocol, a client C randomly chooses a password pw, and two servers A and B are provided random password shares pw1 and pw2 subject to pw1 + pw2 = pw. At high level, their protocol can be viewed as two executions of the KOY protocol, one between the client C and the server A, using the server B to assist with the authentication, and one between the client C and the server B, using the server A to assist with the authentication. The assistance of the other server is necessary since the password is split between two servers. In the end of their protocol, each server and the client agree on a secret session key. Katz et al. s protocol [7] is symmetric where two servers equally contribute to the client authentication and key exchange.for their basic protocol secure against a passive adversary,each party performs roughly twice the amount of works as the KOY protocol. For the protocol secure against active adversaries, the work of the client remains the same but the work of the servers increase by a factor of roughly 2-4. The advantage of Katz et al. s protocols is the protocol structure which supports two servers to compute in parallel, but its disadvantage is inefficiency for practical use. III. PRELIMINARIES A. Diffie-Hellman Key Exchange Protocol Diffie Hellman key exchange (D-H) is a specific method of exchanging cryptographic keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. The scheme was first published by Whitfield ISSN: Page402

3 Diffie and Martin Hellman in 1976, although it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency,by JamesH.Ellis, Clifford cocks and Malcolm J.Williamson but was kept classified. In 2002, Hellman suggested the algorithm be called Diffie Hellman Merkle key exchange in recognition of Ralph Merkle's contribution to the invention ofpublic-key cryptography (Hellman, 2002). Diffie-Hellman key exchange protocol can be used as follows. 1) Alice and Bob agree on a cyclic group G of large prime order q with a generator g. 2) Alice randomly chooses an integer a from Z q and computes X = ga, while Bob randomly chooses an integer b from Z q and computes Y = gb. Then Alice and Bob exchange X and Y. 3) Alice computes the secret key k1 = Y a = gba, while Bob computes the secret key k2 = Xb = gab.it is obvious that k1 = k2 and thus Alice and Bob have agreed on the same secret key, by which the subsequent communications between them can be protected.diffie-hellman key exchange protocol is secure against any passive adversary, who cannot interact with Alice and Bob, attempting to determine the secret key solely based upon observed data. B.Elgamal encryption The Elgamal encryption system is an asymmetric key encryption algorithm for publickey cryptography which is based on the Diffie Hellman key exchange. It was described by Taher Elgamal in ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption. It consists of key generation, encryption,and decryption algorithms as follows 1) Key Generation: On input a security parameter k, it publishes a cyclic group G of large prime order q with a generator g. Then it chooses a decryption key x randomly from Z q and computes an encryption key y = gx. 2) Encryption: On inputs a message m G and the encryption key y, it chooses an integer r randomly from Z q and outputs a ciphertext C = E(m, y) =(A,B) = (gr,m yr). 3) Decryption: On inputs a ciphertext (A,B), and the decryption key x, it outputs the plaintext m = D(C, x) = B/Ax. ElGamal encryption scheme is a probabilistic encryption scheme. If encrypting the same message with ElGamal encryption scheme several times, it will, in general,yield different ciphertexts. Tsiounis Yung [15] proved ElGamal encryption scheme to be semantically secure under the DDH assumption. ElGamal encryption scheme has useful homomorphic properties as follows: Given an encryption of m, E(m, y) = (A,B), one can compute (A, γb) = E(γm, y) for any γ in G,an encryption of γm, and one can also compute (Aα,Bα) = E(mα, y) for any α in Z q, an encryption of mα. Given encryptions of m1 and m2, E(m1, y) = (A1,B1) and E(m2, y) = (A2,B2), one can compute (A1A2,B1B2) = E(m1m2, y), an encryption of m1m2. IV. OUR PROTOCOL A.Secret Key Establishment The J2EE Environment is setup and Two Peer Servers are initialized and release the public parameters for the user by echange of keys using Diffe-Helman key Exchange.The Secret key is established between Two Servers for further secure communication for Peer Servers.The Secret Session key will ensure that the two servers are Genuinely involed in the process of User Registration and Autheication to provide Peer Services for the Genuine User. Our protocol runs in three phases - initialization, registration and authentication. Of Which Initialization comes Under Secret Key Establishment which uses Diffe-Helman key Exchange. The two peer servers S1 and S2 jointly choose a cyclic group G of large prime order q with a generator g1.next, S1 randomly chooses an integer s1 from Z* q and S2 randomly chooses an integer s2 from Z * q, and S1 and S2 exchange g1^s1 and g1^s2. After that, S1 and S2 jointly publish public system parameters G, q, g1, g2, where g2 = g^s1s2. ISSN: Page403

4 B.User Registration and Authetication: The public parameters released by Peer Servers will be used by client Registration Process, while a user Registering to the Peer Services for Encryption of Password Shares and providing Authetication Information to Server 1 and Server 2 Respectively. Registration and Autheticated Key Exchange are the Next Two Phases of our Protocol. C.Registration We refer to the concept of public key cryptosystem, the encryption key of one server should be unknown to another server and the client needs to remember a password only after registration. Prior to authentication, each client C is required to register both S1 and S2 through different secure channels. First of all, the client C generates decryption and encryption key pairs (xi, yi) where yi = g1^xi 1 for the server Si (i = 1, 2) using the public parameters published by the two servers. Next, the client C chooses a password pwc and encrypts the password using the encryption key y, according to El- Gamal encryption. At last, the client C delivers the password authentication information Auth(1) C = {x1, a1, b1, E(g2^pwC, y2)} to S1 through a secure channel, and the password authentication information Auth(2) C = {x2, a2, b2, E(g2^pwC, y1)} to S2 through another secure channel. After that, the client C remembers the password pwc only. D.Authentication and Key Exchange The two servers S1 and S2 have received the password authentication information of a client C during the registration.the following steps are involved in the process of Authetication. 1. The client C randomly chooses an integer r from Z * q, computes R = g1 ^ r * g 2 ^ pwc and then broadcasts a request message M1 = {C,Req,R} to the two servers S1 and S2 2.The Diffe-Helman Key Exchange Occurs between Peer Servers Which run in parallel and establishes a secret session to fetch the password authentication Information and the two servers mutually generate two values and send Hash functions to Client based on their Password Authetication Informations. 3.The client computes the Hash functions sent and Ex-or ing the Hashes will produce the Hash of his own Password. If the Password Hash and computed Hash are same the cli8ent can ensure that he is connected with Genuine Servers and can continue enjoying Services from Peer Servers with out worry. 4..So the user needs to Remember the Password Only. Not anything else. He is safe and secure under our Proposed Model. V. CONCLUSION Multiple Services are embedded into a single gateway that prevents the flow of our personal data over a public channel during third party transactions. The clients can enjoy the service even a server is disclosed by any kind of attacks even if it is shut down manually for new Deployment purpose. Our Session HandOver Mechanism will handover all the user session at the time of attack to another server. So user Session will retain safe and the requests will be redirected to active server from then. REFERENCES [1] Gong, L., Lomas, T. M. A., Needham, R. M. and Saltzer, J. H. (1993) Protecting poorly-chosen secret from guessing attacks.ieee J. on Selected Areas in Communications, 11(5), [2] Lomas, T. M. A., Gong, L., Saltzer, J. H. and Needham, R. M. (1989) Reducing risks from poorly-chosen keys. ACM Operating Systems Review, 23(5), [3] Halevi, S. and Krawczyk, H. (1999) Public-key cryptography and password protocols. ACM Transactions on Information and System Security, 2(3), [4] Bellovin, S. and Merritt, M. (1992) Encrypted key exchange:password-based protocol secure against dictionary attack. Proc.1992 IEEE Symposium on Research in Security and Privacy,pp [5] Bellare, M., Pointcheval, D. and Rogaway, P. (2000) Authenticated key exchange secure against dictionary attacks. Proc. Eurocrypt 00, pp [6] Boyko, V., Mackenzie, P., and Patel, S. (2000) Provably secure password-authenticated key exchange using Diffie-Hellman. Proc.Eurocrypt 00, pp [7] Katz, J., MacKenzie, P., Taban, G. and Gligor, V. (2005) Twoserver password-only authenticated key exchange. Proc. ACNS 05, pp [8] Ford, W. and Kaliski Jr, B. S. (2000) Server-assisted generation of a strong secret from a password. Proc. IEEE 9th ISSN: Page404

5 International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp [9] Jablon, D (2001) Password authentication using multiple servers.proc. RSA-CT 01, pp [10] Mackenize, P., Shrimpton, T. and Jakobsson, M. (2002) Threshold password-authenticated key exchange. Proc. Crypto 02, pp [11] Di Raimondo, M. and Gennaro, R. (2003) Provably secure threshold password authenticated key exchange. Proc. Eurocrypt 03,pp [12] Brainard, J., Jueles, A., Kaliski, B. S. and Szydlo, M. (2003) A new two-server approach for authentication with short secret. Proc.USENIX Security 03, pp [14] Katz, J., Ostrovsky, R. and Yung, M. (2001) Efficient passwordauthenticated key exchange using human-memorable passwords.proc. Eurocrypt 01, pp [15] Tsiounis, Y. and Yung, M. (1998) On the security of ElGamal based encryption. Proc. PKC 98, pp ISSN: Page405