文章基本信息

标题：Efficient Two Server Authentication and Verification Using ECC
本地全文：下载
作者：Seema P. Nakhate ; Prof. R. M. Goudar
期刊名称：International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN：2320-9798
电子版ISSN：2320-9801
出版年度：2014
卷号：2
期号：11
出版社：S&S Publications
摘要：A Password Authenticated Key Exchange(PAKE) protocol is a cryptographic protocol that allows twoparties client and server, who share knowledge of a password to mutually authenticate each other and establish acryptographic keys by exchanging messages and without explicitly revealing the password. Generally storage ofallpasswords necessary for authentication of clients is present in single server. But when such a server is compromised, alarge number of client’s passwords are exposed at once. In such schemes, the capability of verifying a password is splitamong two or more servers. If any server is compromised, the attacker still cannot pretend to be the client and he/shecannot access the information from the compromised server. Current solutions for two-server PAKE are either symmetricin the sense that two peer servers equally contribute to the authentication or asymmetric in the sense that one serverauthenticates the client with the help of another server. In this paper, a symmetric solution for two-server PAKE, wherewhen a user is registered as a client its related information of username & password will be forwarded to web server usingweb services where it will be encrypted using Diffie-Hellman key exchange and ECC algorithm and a public key isgenerated which will be notified to client for decryption purpose. The encrypted data is broken & distributed among no.of active servers of system which will be united if & only if trusted user is logged in for system. To maintain the privacy,system is also provided with two steps mobile based verification system by sending a random number to authentic user’smobile.
关键词：Diffie-Hellman key exchange; Elliptic curve cryptography;Password-authenticated key exchange