Year-end Sale % OFF 
Abstract
The password-based authentication is widely used in client-server systems. This research presents a non-exchanged password scheme for password-based authentication. This scheme constructs a Digital Signature (DS) that is derived from the user password. The digital signature is then exchanged instead of the password itself for the purpose of authentication. Therefore, we refer to it as a Password-Based Digital Signature (PBDS) scheme. It consists of three phases, in the first phase a password-based Permutation (P) is computed using the Key-Based Random Permutation (KBRP) method. The second phase utilizes P to derive a Key (K) using the Password-Based Key Derivation (PBKD) algorithm. The third phase uses P and K to generate the exchanged DS. The scheme has a number of features that shows its advantages over other password authentication approaches.
Highlights
The client-server distributed system architecture consists of a server, which has a record of the username-password database and a number of clients willing to exchange information with the server
The possible number of digital signatures is equal to half of the key length; even though, if the intruder traps all the exchange signatures he can not construct the user password
In order to demonstrate the strength of this new scheme, a number of scenarios are simulated and the exchanged digital signatures are computed for different passwords
Summary
The client-server distributed system architecture consists of a server, which has a record of the username-password database and a number of clients willing to exchange information with the server. In conventional password authentication approach, the client usually exchanges either its password or a variation of it (e.g., encrypted form) with the server. The server compares the received password with the one stored in the username-password database, to grant or deny the client access to the system In this case, client has no chance of being authenticated or allowed to access the system unless it exchanges its password or a variation of it across the network. Client has no chance of being authenticated or allowed to access the system unless it exchanges its password or a variation of it across the network This phase in the authentication process may expose the client password to be composed by an adversary or a man-in-the-middle. In order to demonstrate the strength of this new scheme, a number of scenarios are simulated and the exchanged digital signatures are computed for different passwords
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
