IBS
Password-Authenticated Key
Replace
Compacts using Security Schemas
KAILA DURGA BHAVANI1, G. SUDHAKAR2
1PG Scholar, Dept of CSE, Swarnandhra College of Engineering & Technology, Seetharampuram, Narsapur, AP, India.
2Associate Professor, Dept of CSE, Swarnandhra College of Engineering & Technology, Seetharampuram, Narsapur, AP, India.
ABSTRACT: Two Server Password only authenticated key exchange protocol is most secure
technique. It avoids dictionary attack and other threats. By using two servers it is possibility that
one of server may shut down due to some reason. So system will collapse. two-server
password-authenticated key exchange (PAKE) protocol, a client splits its password and stores two shares
of its password in the two servers, respectively, and the two servers then cooperate to
authenticate the client without knowing the password of the client. In case one server is
compromised by an adversary, the password of the client is required to remain secure.
Fashionable this newspaper this contemporary binary compilers that transmute somewhat binary
get-together security protocol to a binary waitperson technique fashionable the groundwork of
the uniqueness founded cryptography, named protocol. We suggestion conventions which
achieve unwritten authorization. Our calculation of recollection, communication is going to
provide the system which uses the encryption and collectively AES (Advance encryption
standard) algorithm. And also uses the diffeehellman for key exchange. We are going to provide
the solution for SQL_INJECTION attack which is commonly happens on the database. The
proposed scheme is a password-only system in the sense that it requires no public key
cryptosystem and, no PKI. In the given authentication schema we also use SMS integration API
for two step verification like Gmail, it will provide the additional security to end user.
Index Terms: DiffieHellman key exchange, El-gamal encryption, AES algorithm,
SQL_INJECTION attack, Client server communication, Ubiquitous information, Password
systems, Identity cryptography and Authentication.
1. INTRODUCTION
Two Server authentication techniques is
very secure technique for storing and
authenticating system [1]. Symmetric two
server system is reliable than Asymmetric
system. The recent advance research in
a client and a server mutually to authenticate
with a password and meanwhile to establish
a cryptographic key for secure
communications [2]. That protocol provided
more security for authentication purpose.
Based on the identity-based encryption
technique suggested an identity-based model
where the client needs to remember the
password only while the server keeps the
password in addition to private keys related
to its identity [3]. In this setting the client
can encrypt the password based on the
identity of the server. This model is between
the PKI based and the password only
models. Another model assumes that users,
without help of personal devices, are only
capable of storing “human-memorable”
passwords. Bellow in and Merritt [4] were
the first to introduce password-based
authenticated key exchange where two
parties, based only on their knowledge of a
password, establish a cryptographic key by
exchange of messages. In this system user is
secured by using two servers password
authentication process along with proper
mobile verification [5]. When user enters the
password, it will be forwarded to web server
using SOAP (Simple Object Access
Protocol). SOAP is a secure protocol which
is used to hold and sends entered password
to web server. At web Server the password
is encrypted using Diffee-hellman key
exchange protocol and ElGamal encryption
scheme as described [6]. We note that even
for applications running in local area
networks, particularly in commercial
environments, security is required to ensure
restricted access to data and to protect
communication according to regulations and
hierarchical structures specific to an
organization [7]. Although not an
independent service security is an enabling
feature without which the actual
end-services cannot be trusted or relied upon [8].
2. RELATED WORK
Data dispersal in remote sensor frameworks
is an essential and urgent undertaking. It
relies on upon the possibility of customary
correspondence system where we have a
sender and recipient [9]. The circumstance is
in a general sense a sender passing on a few
information and recipient assembling the
information sent, get ready it and sending a
few information back . While in data
dispersing, only half of this thought is
associated [10]. In key exchange, each
server sends the client its public key for
encryption with its identity-based signature
on it. The signature can be verified by the
client on the basis of the identity of the
client submits to the server one share of the
password encrypted with the public key of
the server [12]. With the decryption keys,
both servers can derive the same one-time
password, by which the two servers can run
a two-party PAKE protocol to authenticate
the client. In addition, we generalize the
compiler based on IBE by replacing the
Cramer-Shoup public key encryption
scheme with any public key encryption
scheme [13]. In addition to the membership
service, GCS-s provides reliable ordered
message delivery within a group. To secure
this service, group members must be
authenticated and both confidentiality and
integrity of client data must be guaranteed.
One notable work in this area is the
ensemble work at Cornell [14]. Ensemble
achieves data confidentiality by using a
shared group key obtained via group key
distribution protocols [15]. This model
assumes that all users and servers refer to
the common public parameters including the
public key of a private key generator. Also
this model is ID-Based, where the public
key of a server is its identity and public key
authentication is unnecessary. The public
key infrastructure (PKI) is not needed in
their model [16].
3. SYSTEM ARCHITECTURE
Protocol Description we needs an
identity-based signature scheme (IBS) as our
cryptographic building block. We eliminate
verification rudiments since our compiler,
our key exchange protocol is essentially the
Diffie-Hellman key exchange protocol [17].
We present the protocol by describing
initialization and execution and
Initialization. System architecture is the
conceptual model that defines the structure
behavior and more views of a system. [18].
The entered data will be directed towards
web server using SOAP protocol for further
processing. Diffee-Hellman Key Exchange
Protocol and Encryption Scheme. After
encryption encrypted password is broken
into two sub passwords on the basis of
length of total password. All the sub
passwords will be directed and stored in two
different servers [19].
4. PROPOSED SYSTEM
We propose a new compiler for ID2S PAKE
protocol based on any identity-based
signature scheme (IBS), such as the Paterson
et al.'s scheme. The client splits its password
into two shares and each server keeps one
share of the password in addition to a private
key related to its identity for signing [20]. In
key exchange each server sends the client
its public key for encryption with its
identity-based signature on it. The signature
can be verified by the client on the basis of
the identity of the server. The
Diffie-Hellman algorithm is overcoming the
disadvantage of existing system that if one
server shut down due to some reason so that
also our proposed system will work fine
[21].
Fig 2 Propose Architecture
5. PROPOSED ALGORITHAM
A. CLIENT REGISTER & LOGIN:
The client registers with server using client
id, name, password, address and so on. If he
want to share his password to another client,
first he login his form. After the login he
generates the passwords [23].
B. GENERATE PASSWORDS:
He generates a password. Then he split a
password into multiple parts. Followed by,
he shares the spitted passwords to each
server.
C. SHARE SPLITTED
PASSWORDS TO EACH
SERVER:
He shares each password blocks to each
server. A client splits its password and stores
multiple shares of its password in the two
servers, respectively, and the two servers
then cooperate to authenticate the client
without knowing the password of the client
[22].
D. ACCESS PASSWORDS FROM
SERVERS:
The destination client wants to get the
the each password parts and merges all.
Finally he accesses the whole password.
6. PRIVATE KEY GENERATOR
The task of Private Key Generator is to
generate the private key based on the public
parameters for the servers. In case of
Identity based Cryptography the decryption
key is obtained from PKG system. The
intention of this study is to secure the keys
from any misbehaving practices [24]. The
signing key is only known to the servers that
make the system more secured.
1. Identity based Signature (IBS):
It is the basic building block of the secured
system. The compiler consists of two servers
A and B and client C with two authenticated
keys. If the authentication part is removed
from the system, it operates like Diffie
Hellman Key Exchange protocol.
2. Identity based Encryption (IBE):
A high-level description of our compiler
based on identity based encryption (IBE).
The client C (knowing its password pwC)
runs the protocol P‟ with the two servers A
and B to establish two session keys
respectively.
Fig.3. Proposed workflow
We contemporaneous the procedure of
describing initialization and
accomplishment. Initialization. Given a
sanctuary constraint k ∈ Z∗, the
initialization comprises.
Parameter Generation: On input k, m
PKGs cooperate to run Setup P of the
two-party PAKE protocol P to generate
system parameters denoted spares. m
PKG cooperated to run Setup IBE of the
IBE scheme to generate public system
parameters for the IBE scheme, denoted
as prams IBE, and the secret master-key
IBE Assume that generator of IBE
plaintext group G with an order n. m
PKGs choose a public key encryption
scheme E, whose plaintext group is a
q and a generator g and select two hash
functions,
H1: {0,1}∗ → Z∗ n and
H2: {0,1}∗ → Z∗ q,
from a collision-resistant hash family.
The public system parameters for the
protocol P0 is prams = prams P and
main server must be defined in the main
regional process statement values .in this
arrangement the secret master-key IBE
is secretly shared by the KKGs in a
manner that any coalition of KKGs
cannot determine master-key IBE as
long as one of the KKGs is honest to
follow the protocol.
3. Authenticated Key Exchange
Protocol Secure
This paper introduces a new scheme called
Augmented Password AKE (APAKE), for
authenticated key exchange protocols. In
APAKE, a password is represented by a pair
of values that is randomly selected in a huge
space. We present an APAKE protocol [25].
The protocol is secure against the attacks
including offline dictionary attack and
server compromise allowing for subsequent
off-line dictionary attack. The protocol has a
pass number of two, and it requires minor
computational amounts. We also present a
EKE protocol de-signed by simple
modification of the APAKE protocol while
preserving the security of the APAKE
protocol.
7. CONCLUSIONS AND FUTURE
WORK
Diffie-Hellman and Elagabalus encryption
algorithms are basic building blocks of the
explained protocol. Here it is important to
consider that if one server shutdown due to
some reason then there is facility to the
servers to take periodic backup. By using
periodic backup technique the redundancy in
the data an be avoided. We propose a novel
Password Authenticated Key Exchange
Protocol (PAKE) that heightens the security
of the client server systems. We initiate the
secure process by verifying two-party
protocol to two-server protocols on the basis
of identity based cryptography. Our
compilers are in particular suitable for the
applications of password-based
authentication an identity-based system has
already established. Proposed work has
multiple servers. So Storage Space is high.
To insert user‟s precise information such as
password we use SOAP protocol. To
configure the SOAP we use web services.
We are able to use some other newly defined
of servers and able to provide more security
in the main region. Along with that we are
able to generated new security key words
8. REFERENCES
[1] M. Abdalla, P. A. Fouque, and D.
Pointcheval. Password-based authenticated
key exchange in the three-party setting. In
Proc. PKC‟05, pages 65-84, 2005.
[2] W. Ford and B.S. Kaliski Jr.,
“Server-Assisted Generation of a Strong Secret from
a Password,” Proc. IEEE Ninth Int‟l
Workshop Enabling Technologies:
Infrastructure for Collaborative Enterprises,
pp. 176-180, 2000.
[3] J. Brainard, A. Jueles, B.S. Kaliski, and
M. Szydlo, “A New TwoServer Approach for Authentication with Short Secret,” Proc.
12th Conf. USENIX Security Symp., pp.
201-214, 2003
[4]
S.M.BellovinandM.Merritt.Encryptedkeyexc
hange:Pass wordbased protocol secure
against dictionary attack. In Proc.1992IEEE
Symposium on Research in Security and
Privacy, pages 72-84, 1992.
[5]. Y. Yang, F. Bao, and R.H. Deng, A
New Architecture for Authentication and
Key Exchange Using Password for
Federated Enterprise, Proc. 20th IFIP Intl
Information Security Conf. (SEC05), pp.
95-111, 2005.
[6]. S. Halevi and H. Krawczyk, Public-Key
Cryptography and Password Protocols,
ACM Trans. Information and System
Security, vol2, no3, pp 230-268, 1999
[7] S. M. Bellovin and M. Merritt.
Encrypted key exchange: Password-based
protocol secure against dictionary attack. In
Proc. 1992 IEEE Symposium on Research in
Security and Privacy, pages 72-84, 1992.
[8] J. Bender, M. Fischlin, andD. Kugler.
Security analysis of the PACE
key-agreement protocol. In Proc. ISC‟09, pages
33-48, 2009.
[9]
J.Brainard,A.Juels,B.Kaliski,andM.Szydlo.N
ightingale:A new two-server approach for
authentication with short secrets. InProc.
12th USENIX Security Symp., pages
201-213, 2003.
[10] E. Bresson, O. Chevassut, and D.
Pointcheval. Security proofs for an efficient
password-based key exchange. In Proc.
CCS‟03, pages 241-250, 2003.
[11]. S. M. Bellovin and M. Merritt,
„Encrypted key exchange: Passwordbased protocol secure against dictionary attack‟. In
Proc. 1992 IEEE Symposium on Research in
Security and Privacy, pages 72-84, 1992.
[12]. J. Bender, M. Fischlin, and D. Kugler,
agreement protocol‟, In Proc. ISC‟09, pages
33-48, 2009.
[13]. D. Boneh and M. Franklin, „Identity based encryption from the Weil pairing‟. In Proc. Crypto‟01, pages 213-229, 2001.
[14] E. Bresson, O. Chevassut, andD.
Pointcheval. New security results on
encrypted key exchange. In Proc. PKC‟04,
pages 145-158, 2004.
[15] B. Clifford Neuman and Theodore
Ts‟o. Kerberos: An authentica-tion service
for computer networks. IEEE
Communications, 32 (9): 33-38, 1994.
[16] R. Cramer and V. Shoup. A practical
public key cryptosystem provably secure
against adaptive chosen ciphertext attack. In
Proc. Crypto‟98, pages 13-25, 1998.
[17] W. Diffie and M. Hellman. New
directions in cryptography. IEEE
Transactions on Information Theory, 32(2):
644-654, 1976. [15] W. Ford and
[18]. D.Jablon,Password Authentication
Using Multiple Servers, Proc. Conf. Topics
in Cryptology.The Cryptographers Track at
RSA,pp.344-360, 2001.
[19]. J. Brainard, A. Jueles, B.S. Kaliski,
and M. Szydlo, A New TwoServer
Approach for Authentication with Short
Secret, Proc. 12th Conf. USENIX Security
Symp., pp. 201-214, 2003.
[20] D. Jablon. Password authentication
using multiple servers. In Proc. CT-RSA‟01,
pages 344-360, 2001.
[21] S. Jiang and G. Gong. Password based
key exchange with mutual authentication. In
Proc. SAC‟04, pages 267-279, 2004
[22]. J. Brainard, A. Juels, B. Kaliski, and
M. Szydlo, „Nightingale: A new two-server
approach for authentication with short
secrets‟ InProc. 12th USENIX Security
Symp., pages 201-213, 2003.
[23]. E. Bresson, O. Chevassut, and D.
Pointcheval, „Security proofs for an efficient
password-based key exchange‟ In Proc.
CCS‟03, pages 241- 250, 2003.
[24]. J. Brainard, A. Juels, B. Kaliski, and
M. Szydlo, „Nightingale: A new two-server
approach for authentication with short
secrets‟ InProc. 12th USENIX Security
Symp., pages 201-213, 2003
[25]. M. Bellare, D. Pointcheval, and P.
