A PROPOSED AUTHENTICATION SCHEME USING THE CONCEPT OF MINDMETRICS

Similar documents
ISSN: (Online) Volume 3, Issue 5, May 2015 International Journal of Advance Research in Computer Science and Management Studies

Other Topics in Cryptography. Truong Tuan Anh

CSC/ECE 774 Advanced Network Security

1. Diffie-Hellman Key Exchange

Password. authentication through passwords

Public-key Cryptography: Theory and Practice

A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

CSC 774 Network Security

Public Key Algorithms

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Enhanced Asymmetric Public Key Cryptography based on Diffie-Hellman and RSA Algorithm

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

ECEN 5022 Cryptography

Cryptographic Concepts

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

A weakness in Sun-Chen-Hwang s three-party key agreement protocols using passwords

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Hash Proof Systems and Password Protocols

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CS 161 Computer Security

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Number Theory and RSA Public-Key Encryption

Integrated Key Exchange Protocol Capable of Revealing Spoofing and Resisting Dictionary Attacks

Chapter 9. Public Key Cryptography, RSA And Key Management

CSC 474/574 Information Systems Security

Part VI. Public-key cryptography

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Improving Service Credibility Using Password Authenticated Peer Services

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

Brief Introduction to Provable Security

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Chapter 9 Public Key Cryptography. WANG YANG

Efficient Two Server Authentication and Verification Using ECC

Encryption and Forensics/Data Hiding

RSA. Public Key CryptoSystem

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

Strong Password Protocols

1 Identification protocols

Key Management and Distribution

Cryptographic Systems

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

An IBE Scheme to Exchange Authenticated Secret Keys

CS 161 Computer Security

Key Establishment and Authentication Protocols EECE 412

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA


Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Key Agreement. Guilin Wang. School of Computer Science, University of Birmingham

Public Key Cryptography

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Security in Voip Network Using Neural Network and Encryption Techniques

Remote User Authentication Scheme in Multi-server Environment using Smart Card

An Efficient Two-Server Password Only Authenticated Key Exchange Secure Against Dictionary Attacks

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Distributed ID-based Signature Using Tamper-Resistant Module

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Encryption. INST 346, Section 0201 April 3, 2018

CS 161 Computer Security

CSC 5930/9010 Modern Cryptography: Public Key Cryptography

CPSC 467b: Cryptography and Computer Security

Computer Security 3/23/18

Introduction to Cryptography Lecture 7

David Wetherall, with some slides from Radia Perlman s security lectures.

Key Exchange. Secure Software Systems

An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings

Introduction to Cryptography. Lecture 6

Chapter 10 : Private-Key Management and the Public-Key Revolution

Applied Cryptography and Computer Security CSE 664 Spring 2017

ID2S Password-Authenticated Key Exchange Protocols

PROTECTING CONVERSATIONS

CSE 565 Computer Security Fall 2018

CPSC 467: Cryptography and Computer Security

RSA Cryptography in the Textbook and in the Field. Gregory Quenell

CS 161 Computer Security

An overview and Cryptographic Challenges of RSA Bhawana

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

(2½ hours) Total Marks: 75

CS408 Cryptography & Internet Security

A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography

The Beta Cryptosystem

2.1 Basic Cryptography Concepts

Public-key encipherment concept

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Secure Multiparty Computation

CS 161 Computer Security

CPSC 467: Cryptography and Computer Security

Available online at ScienceDirect. Procedia Computer Science 78 (2016 ) 95 99

Computers and Security

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

CS3235 Seventh set of lecture slides

Authentication. Strong Password Protocol. IT352 Network Security Najwa AlGhamdi

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Public Key Algorithms

Cryptography. Seminar report. Submitted in partial fulfillment of the requirement for the award of degree. Of Computer Science

Transcription:

A PROPOSED AUTHENTICATION SCHEME USING THE CONCEPT OF MINDMETRICS Nitin Shinde 1, Lalit Shejwal 2, Uditkumar Gupta 3, Priyanka Pawar 4 1, 2, 3, 4 Department of Computer Engineering, Sinhgad Institute of Technology, Lonavala, Maharashtra, (India) ABSTRACT User Authentication in computer systems is an important cornerstone in today s computer era. The concept of a login id and password is one of the easiest ways for authentication. It is not only the easiest way, but also cost effective and highly efficient. Authentication process to a any computing system is composed of two parts i.e. identification and verification. Login Id is used for identification and password is used for verification. It is very important to secure both the phases of authentication process. In this paper, a system is proposed where security is provided to both the phases of authentication process without the involvement of any specialized devices. In identification phase, concept called mindmetrics is implemented where personal secret data instead of login id is used to identify the user. In verification phase, the concept of two server password is implemented to prevent the password from getting hack. The proposed system does not make use of any hardware device and is cost effective. I. INTRODUCTION Computer systems employ an authentication mechanism to allow access only to legitimate users. The authentication mechanism identifies the user through the login id and validates the password. If the login credentials are correct then the user gets access to the system. There are a number of ways to acquire other users password for illegal access. Password can be hacked by trying password-guessing attack where the attacker tries possible values for the victim user. Some of the weak passwords can be even broken through a dictionary attack or a hybrid attack. When the attacker acquires the crack passwords, they can easily access the system using the known login IDs for the cracked passwords. In this paper the concept of two server and cryptography technique is used to secure the verification phase. Password is a combination of random characters but login id formation has some pattern between the characters. Login Id is used for communication or accounting purposes, and hence should carry a meaningful pattern. Login Id can be a combination of users first and/or last names, part of social security number, combination of names and numbers, account number, or email addresses. Thus login IDs are publicly known or can be guessed easily. In other words, obtaining the login ID is generally not a barrier for the attackers, and the success of an attack depends on the difficulty of the password. Till today many systems are developed where great emphasis is given on verification phase and less on identification phase. In this paper the concept of mindmetrics is used during the identification phase. The term Mindmetrics is coined with the concept of Biometrics as it is similar 506 P a g e

to biometrics. Biometrics is a field of study which aims to identify or recognize people based on traits they have. Biometrics is used in authentication schemes to identify a user with legitimate ID holder. Mindmetrics uses some secret data instead of human characteristics as a token to identify the user. It utilizes personal secret data instead of a login ID to identify a user uniquely, hence mindmetrics. Thus by securing the identification and verification phase individually the overall security of the system is improved. Fig.1. Conventional Password-based System In figure 1, the architecture of conventional password based system is shown. The user registers with the system. During registration user has to mention a login id and a valid password with all the other necessary details. All the details other than password are stored in the database. The plaintext passwords are transformed into hash values with a one-way hash function, and stored in a password hash file. During the verification process, a new hash value is generated from the newly entered password, and compared with the stored hash value in the password hash file. If the hash values match, access is granted to the user. The password-based system allows anyone to try publicly known login IDs without any restriction and it is more prone towards the password-guessing attack. Thus by studying the conventional password based system it can be concluded that there is a need to secure the identification phase and strengthen the security of password verification. II. PROPOSED SYSTEM The proposed system has two servers. First is Identification Server and second is Verification Server. The proposed system separates the identification server and the verification server, thus it is scalable to a large system. Identification Server has its own local database. Verification Server is further connected to two more servers named Server 1 and Server 2. To establish a secure channel between verification server and server 1, verification server and server 2 a two way handshaking protocol named Deffie Hellman Key Exchange Protocol is implemented. The following figure 2 shows the detailed architecture of the proposed system. 507 P a g e

Fig.2. Proposed System Architecture In the proposed system the login ID is not considered a secret. This is because it is impossible to keep the login ID secret as it is used for many other purposes such as accounting or email. So an alternative secret is needed for identification to recognize a user uniquely. This secret is referred as Mindmetrics token. During registration the user submits the token along with login id and other details. The hash value for token is generated and is stored in token database in the tuple format as {token hash value, index}. On the basis of login id, fake id s are generated and stored in the index database in tuple format as {index, fake login ID, fake login ID, true login ID, fake login ID}. All these functions are carried out at Identification Server. During registration, verification server accepts the password. It splits the password in two parts say part1 and part2. Each of the password part is encrypted using ElGamal Algorithm and is sent to the respective servers. Password part1 is sent to server 1 and part 2 is sent to server 2. Server 1 and Server 2 store their respective part of passwords in their local database. During Login, system asks the user to enter the secret information required for identification. User submits the token. A new hash value is generated from the newly submitted token, and compared with the stored hash value in the token database. If the hash values match, token is validated and user enters in the next step of identification procedure. In this step multiple login ids are displayed to the user among which only one login id is correct. To enhance the security of this step the displayed login IDs are partially-obscured by replacing some characters in the login id with asterisks. If the user selects correct login id then only the user is allowed to enter the password. Thus the proposed system allows only the legitimate users to pass the identification stage. Here the password verification server is kept hidden, and users cannot access it unless they pass the identification server. Once the user is identified as legitimate user the login id of user is sent to the verification server. The verification server requests for the password information from both servers. Both the servers decrypt their part of password information and send it to verification server. The password information is merged at verification server. If merged information and the password entered by the user matches then the particular user gets authentication to the system. 508 P a g e

III. ALGORITHMS USED 3.1 Deffie Hellman Key Exchange Algorithm Diffie Hellman key exchange is a specific method of exchanging cryptographic keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. Consider two users Alice and Bob, who wish to exchange a secret key between them. Diffie-Hellman key exchange algorithm works as follows: 1. Alice and Bob agree on a cyclic group G of large prime order q with a generator g. 2. Alice randomly chooses an integer a from Z*q and computes X = g a. Alice sends X to Bob. 3. Bob randomly chooses an integer b from Z*q and computes Y = g b. Bob sends Y to Alice. 4. Alice computes the secret key k1 = Y a = g ba. 5. Bob computes the secret key k2 = X b = g ab. It is concluded that k1 = k2 and thus Alice and Bob have agreed on the same secret key, by which the subsequent communications between them can be protected. Diffie-Hellman key exchange protocol is secure against any passive adversary, who cannot interact with Alice and Bob, attempting to determine the secret key solely based upon observed data. 3.2 ElGamal Algorithm In cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie Hellman key exchange. The algorithm consists of three phases: key generation, encryption, and decryption. ElGamal Encryption Algorithm works as follows: 1] Key Generation: Participant A generates the public/private key pair a. Generate large prime p and generator g of the multiplicative Group Z*p of the integers modulo p. b. Select a random integer a, 1 a p - 2, and compute g a mod p. c. A s Public key is (p, g, g a ). A s Private key is a. 2] Encryption: Participant B encrypts a message m to A a. Obtain A s authentic public key (p, g, g a ). b. Represent the message as integers m in the range {0, 1, 2,.., p-1} c. Select a random integer k, 1 k p - 2. d. Compute γ = g k mod p and δ = m * (g a ) k e. Send ciphertext c = (γ, δ) to A. 3] Decryption Participant A receives encrypted message m from B 509 P a g e

a. Use private key a to compute (γ p-1-a ) mod p. b. Recover m by computing (γ -a ) * δ mod p. V. CONCLUSION In this paper, more efficient and secure authentication process is proposed. The proposed system overcomes all the drawbacks of conventional password based system. A new concept called mindmetrics is used to strengthen the identification process with the personal secret information. Mindmetrics is more advantageous than biometrics as it does not require any hardware device and is cost effective. It can be easily used on public e- commerce websites. The proposed system makes false login attempts difficult and increase in login attempts by attackers is blocked by identification server. The user is not allowed to enter the verification phase till it clears the identification phase. The proposed system makes use of symmetric protocol for two-server password authentication and key exchange. The proposed system is very efficient as compared to the traditional authentication protocols implemented on single server. The involvement of more than one server increases the security of authentication process and prevents the system from active and passive attacks. As a whole, the proposed authentication system is made more powerful and effective by combining the concept of mindmetrics and two-server authentication protocol. REFERENCES [1] Juyeon Jo, Yoohwan Kim, and Sungchul Lee, "Mindmetrics: Identifying users without their login IDs", IEEE 2014. [2] Xun Yi, San Ling, and Huaxiong Wang Efficient Two-Server Password-Only Authenticated Key Exchange, IEEE 2013 [3] Vignesh Kumar K, Angulakshmi T, Manivannan D, Seethalakshmi R, Swaminathan P Password Based Two Server Authentication System, JATIT 2012 [4] Mihir Bellare, David Pointcheval and Phillip Rogaway Authenticated Key Exchange Secure Against Dictionary Attacks. [5] Michel Abdalla. David Pointcheval Simple Password-Based Encrypted Key Exchange Protocols. [6] Steven M. Bellovin, Michael Merritt Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. [7] Alon Schclar, Lior Rokach, Adi Abramson, and Yuval Elovici, User Authentication Based on Representative Users, IEEE November 2012. [8] Anna Vapen, Nahid Shahmehri, 2-clickAuth: Optical Challenge-Response Authentication Using Mobile Handsets, International Journal of Mobile Computing and Multimedia Communications, April-June 2011. [9] Bob Zhang, Wei Li, Pei Qing, David Zhang, Palm-Print Classification by Global Features, IEEE March 2013. 510 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback