User Authentication using Secret Key Sharing

Abstract

Due to the growth of internet usage by individuals, the security of personal information has become a prime concern, so that unauthorized person does not get access to the confidential information. Authentication of user is the solution to the problem. Secret sharing is the method for increasing security of data by distributing the secret among a group of participants. In secret sharing, only when a desired number of participants come together only then the secret can be recovered. In this paper, we have analyzed different secret sharing schemes and classified them based on their characteristics.Many mechanisms have been designed for authenticating user in wireless mobile environment. But none of these mechanisms concern the security of user’s secret key and other sensitive data stored in mobile phone in case the device comes in hands of attacker. We propose a system that performs two factor authentication (i.e. two mobile devices are required) with server for getting access to banking system. The authentication process cannot be successfully completed by the mobile devices alone and during the process reconstruction of the key is not needed so that neither device can hold a complete key. The proposed key sharing scheme using authentication protocol analyzes the security to check that in the practical applications all known security requirements are fulfilled, particularly the key exposure attack resistance.