T. S. Thangavel scite author profile

Problem statement: Traditional user authentication system uses passwords for their secured accessibility in a central server, which is prone to attack by adversaries. The adversaries gain access to the contents of the user in attack prone servers. To overcome this problem, the multi-server systems were being proposed in which the user communicate in parallel with several or all of the servers for the purpose of authentication. Such system requires a large communication bandwidth and needs for synchronization at the user. Approach: Present an efficient two server user password authentication and reduce the usage of communication traffic and bandwidth consumption between the servers. Integration of quantum and classical key exchange model is deployed to safeguard user access security in large networks. The proposed work presented, a two server system, front end service server interacts directly to the user and the back end control server visible to the service server. The performance measure of the user password made for the transformed two long secrets held by both service and control server. Further the proposal applied quantum key distribution model along with classical key exchange in the two server authentication. Three-party Quantum key distribution used in this model, one with implicit user authentication and other with explicit mutual authentication, deployed for ecommerce buyer authentication in internet peer servers. Results: Effect of online and offline dictionary attacks prevailing in the single and multi-server systems are analyzed. The performance efficiency test carried out in terms success rate of authenticity for two server shows 35% better than single server. The performance of integrated Quantum Key Distribution (QKD) systems and classical public key model have shown experimentally better performance in terms of computational efficiency and security rounds (11% improvement) than traditional cryptic security model. Conclusion: With the results obtained it is concluded that intricate security principle of quantum theory and traditional public key model integration provides an improved security model for password authentication between the password exchanges of two servers.

show abstract

Provable Secured Hash Password Authentication

Thangavel¹,

Krishnan²

2010

IJCA

View full text Add to dashboard Cite

The techniques such as secured socket layer (SSL) with clientside certificates are well known in the security research community, most commercial web sites rely on a relatively weak form of password authentication, the browser simply sends a user"s plaintext password to a remote web server, often using SSL. Even when used over an encrypted connection, this form of password authentication is vulnerable to attack. In common password attacks, hackers exploit the fact that web users often use the same password at many different sites. This allows hackers to break into a low security site that simply stores username/passwords in the clear and use the retrieved passwords at a high security site. While password authentication could be abandoned in favor of hardware tokens or client certificates, both options are difficult to adopt because of the cost and inconvenience of hardware tokens and the overhead of managing client certificates.Recently, some collisions have been exposed for a variety of cryptographic hash functions including some of the most widely used today. Many other hash functions using similar constructions can however still be considered secure. Nevertheless, this has drawn attention on the need for new hash function designs. This work developed an improved secure hash function, whose security is directly related to the syndrome decoding problem from the theory of error-correcting codes. The proposal design and develop a user interface, and implementation of a browser extension, password hash, that strengthens web password authentication. Providing customized passwords, can reduce the threat of password attacks with no server changes and little or no change to the user experience. The proposed techniques are designed to transparently provide novice users with the benefits of password practices that are otherwise only feasible for security experts. Experimentation are done with Internet Explorer and Fire fox implementations and report the result of initial user.The hash is implemented using a Pseudo Random Function keyed by the password. Since the hash output is tailored to meet server password requirements, the resulting hashed password is handled normally at the server with no server modifications are required. This technique deters password phishing since the password received at a phishing site is not useful at any other domain. The cryptographic hash makes it difficult to compute hash(pwd,dom2) from hash(pwd,dom1) for any domain dom2 distinct from dom1. For the same reason, passwords gathered by breaking into a low security site are not useful at any other site. The hash attack is always exponential in terms of the length of the hash value. We also study the work-factor of this attack, along with other attacks from coding theory, for non asymptotic range, i.e. for practical values. Accordingly, we propose a few sets of parameters giving a good security and either a faster hashing or a shorter description for the function.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

T. S. Thangavel

Performance of integrated quantum and classical cryptographic model for password authentication

Integrated Quantum and Classical Key Scheme for Two Servers Password Authentication

Provable Secured Hash Password Authentication

Contact Info

Product

Resources

About