Abstract

Communications takes place between unknown entities with no prior relationship and no common security domain. These entities are mostly based on challenge-response authentication protocol in which one party presents a “challenge” and another party must provide a valid “response” to be authenticated. The simplest example of a challenge-response protocol is password authentication, where the challenge is asking for the password and the valid response is the correct password. This type of system suffers from weak authentication and is open with vulnerabilities. An adversary can take advantage of these vulnerabilities as backdoors. A malicious developer can modify source or binary code or insert malicious code in original source code to bypass authentication programming logic.Proposed approach eliminates these backdoors from authentication system and provides trusted authentication between parties. Authentication system has been designed which consist functions which are involved in generating verification signature and comparing challenge and response. The approach includes two steps; first, verify whether authentication system is temper proof. Second, is to separate execution of authentication system from other applications running on server. The execution of authentication system needs to be kept secure at low level where instructions are translated and memory is allocated for execution. Proposed approach reduces the possibility of return oriented programming attacks. Also it prevents authentication system from getting affected by extra parameters, global variables and malicious application running on server, and do not let authentication logic to bypass.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.