Secure Remote Password Research Articles

Authentication in Peer-to-Peer Cloud using AES and SRP

The system focuses on proposing a robust authentication framework based on these Secure Remote Password (SRP) protocol to enhance the security of data exchange in Peer-to- Peer (P2P) cloud environments. The Advanced Encryption Standard (AES) algorithm provides encryption and the SRP protocol leverages cryptographic primitives to establish mutual authentication between cloud servers and users, ensures that data, remains protected against any vulnerabilities. The system encompasses various stages, including user registration, key establishment, and secure data transmission. After user registration, the SRP protocol employs a zero-knowledge proof mechanism to maintain the security of data available on cloud servers, mitigating the risks associated with password leaks and unauthorized access. Furthermore, the protocol facilitates secure key exchange to establish a confidential communication channel between peers, enabling encrypted data transmission. The system integrates SRP protocol and AES encryption, fortifying data security in P2P cloud environments through robust authentication, ensuring a comprehensive defence against potential vulnerabilities.

Improved SRP algorithm and bidirectional heterogeneous LTE‐R authentication key

AbstractDue to the problems that International Mobile Subscriber Identity is not encrypted during transmission, key disclosure, and high authentication overhead in Evolved Packet System‐Authentication and Key Agreement, the next generation of high‐speed railway Long‐Term Evolution for Railway train ground authentication protocol, this paper describes the improved Secure Remote Password algorithm and two‐way heterogeneous Long‐Term Evolution for Railway authentication key agreement scheme. First, the improved Secure Remote Password algorithm is used to encrypt the message transmission between User Equipment and Mobility Management Entity, solving the problem of International Mobile Subscriber Identity being not encrypted during transmission. Then, a two‐way heterogeneous digital signature method of Public Key Infrastructure and Identity‐Based Cryptosystem is proposed to authenticate and negotiate with the Mobility Management Entity and Home Subscriber Server, which improves the security of the root key and can effectively prevent man in the middle, replay and other attacks. Finally, in the research results, the random oracle model is used to verify, and the results show that our method is superior to the comparison method in security and authentication cost, and can meet the Long‐Term Evolution for Railway communication requirements.

Securing Session Initiation Protocol

The session initiation protocol (SIP) is widely used for multimedia communication as a signaling protocol for managing, establishing, maintaining, and terminating multimedia sessions among participants. However, SIP is exposed to a variety of security threats. To overcome the security flaws of SIP, it needs to support a number of security services: authentication, confidentiality, and integrity. Few solutions have been introduced in the literature to secure SIP, which can support these security services. Most of them are based on internet security standards and have many drawbacks. This work introduces a new protocol for securing SIP called secure-SIP (S-SIP). S-SIP consists of two protocols: the SIP authentication (A-SIP) protocol and the key management and protection (KP-SIP) protocol. A-SIP is a novel mutual authentication protocol. KP-SIP is used to secure SIP signaling messages and exchange session keys among entities. It provides different security services for SIP: integrity, confidentiality, and key management. A-SIP is based on the secure remote password (SRP) protocol, which is one of standard password-based authentication protocols supported by the transport layer security (TLS) standard. However, A-SIP is more secure and efficient than SRP because it covers its security flaws and weaknesses, which are illustrated and proven in this work. Through comprehensive informal and formal security analyses, we demonstrate that S-SIP is secure and can address SIP vulnerabilities. In addition, the proposed protocols were compared with many related protocols in terms of security and performance. It was found that the proposed protocols are more secure and have better performance.

A Survey on Hadoop Security and Comparative Analysis on Authentication Frameworks in Hadoop Clusters

This paper presents a survey on various security frameworks which aim to secure Hadoop clusters and the files stored there. Most of the Hadoop platforms rely on Kerberos Authentication Protocol for user authentication. It is known that Kerberos itself has some vulnerabilities like Password Guessing Attacks, Single Point of Failure, Insider Attacks, and Time Synchronization problems. A new authentication framework that can address most of the identified issues and is computationally feasible than other schemes is introduced in this paper. The proposed framework is based on Secure Remote Password Protocol (SRP), Threshold Cryptography, and Blockchain Technology. The system focus on eradicating Password Guessing Attacks and Single Point of Failure in Kerberos Enabled Hadoop Clusters. The analysis results strengthen the claim that the proposed scheme beats the others in terms of computational efficiency and feasibility while offering the same security features. The paper is concluded with directions for future work.

Enhanced IoT Wi-Fi protocol standard’s security using secure remote password

In the Internet of Things (IoT) environment, a network of devices is connected to exchange information to perform a specific task. Wi-Fi technology plays a significant role in IoT based applications. Most of the Wi-Fi-based IoT devices are manufactured without proper security protocols. Consequently, the low-security model makes the IoT devices vulnerable to intermediate attacks. The attacker can quickly target a vulnerable IoT device and breaches that vulnerable device's connected network devices. So, this research suggests a password protection based security solution to enhance Wi-Fi-based IoT network security. This password protection approach utilizes the secure remote password protocol (SRPP) in Wi-Fi network protocols to avoid brute force attack and dictionary attack in Wi-Fi-based IoT applications. The performance of the IoT security solution is implemented and evaluated in the GNS3 simulator. The simulation analysis report shows that the suggested password protection approach supports scalability, integrity and data protection against intermediate attacks.

A Three-Tier Authentication Scheme for Kerberized Hadoop Environment

Abstract Apache Hadoop answers the quest of handling Bigdata for most organizations. It offers distributed storage and data analysis via Hadoop Distributed File System (HDFS) and Map-Reduce frameworks. Hadoop depends on third-party security providers like Kerberos for its security requirements. Kerberos by itself comes with many security loopholes like Single point of Failure (SoF), Dictionary Attacks, Time Synchronization and Insider Attacks. This paper suggests a solution that aims to eradicate the security issues in the Hadoop Cluster with a focus on Dictionary Attacks and Single Point of Failure. The scheme roots on Secure Remote Password Protocol, Blockchain Technology and Threshold Cryptography. Practical Byzantine Fault Tolerance mechanism (PBFT) is deployed at the blockchain as the consensus mechanism. The proposed scheme outperforms many of the existing schemes in terms of computational overhead and storage requirements without compromising the security level offered by the system. Riverbed Modeller (AE) Simulation results strengthen the aforesaid claims.

A password-authenticated secure channel for App to Java Card applet communication

Purpose – The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. Design/methodology/approach – A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. Findings – To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. Originality/value – By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

Efficient Authentication and Key Management Mechanisms for Smart Grid Communications

A smart grid (SG) consists of many subsystems and networks, all working together as a system of systems, many of which are vulnerable and can be attacked remotely. Therefore, security has been identified as one of the most challenging topics in SG development, and designing a mutual authentication scheme and a key management protocol is the first important step. This paper proposes an efficient scheme that mutually authenticates a smart meter of a home area network and an authentication server in SG by utilizing an initial password, by decreasing the number of steps in the secure remote password protocol from five to three and the number of exchanged packets from four to three. Furthermore, we propose an efficient key management protocol based on our enhanced identity-based cryptography for secure SG communications using the public key infrastructure. Our proposed mechanisms are capable of preventing various attacks while reducing the management overhead. The improved efficiency for key management is realized by periodically refreshing all public/private key pairs as well as any multicast keys in all the nodes using only one newly generated function broadcasted by the key generator entity. Security and performance analyses are presented to demonstrate these desirable attributes.

ASROP : AD HOC Secure Routing Protocol

Mobile ad hoc networks (MANETs) are a new concept of wireless communications for mobile devices, which offer communications over a shared wireless channel without any pre -existing infrastructure. Their wireless nature and self-organizing capabilities are some of MANET's biggest advantages, as well as their biggest security restrictions. Forming end -to-end secure paths in such MANETs is more challenging than in conventional wireless cellular/wired networks due to the lack of central authorities. An atta cker can easily disrupt the routing process by injecting false control messages, changing the paths of packets or simply by blocking the packets of other nodes. In this paper, we propose a novel efficient secure routing protocol, named ASRoP, to effectivel y secure the routing discovery process in ad hoc networks. ASRoP provides powerful security extensions to the reactive AODV protocol, based on Diffie -Hellman (DH) algorithms and our modified secure remote password protocol. The simulation results show the efficiency of the proposed ASRoP protocol, and its cost towards both the users and the network. ASRoP promises to offer a real opportunity to prevent attacks related to lack of authentication without degrading routing performance.

Secure Execution of Distributed Session Programs

The development of the SJ Framework for session-based distributed programming is part of recent and ongoing research into integrating session types and practical, real-world programming languages. SJ programs featuring session types (protocols) are statically checked by the SJ compiler to verify the key property of communication safety, meaning that parties engaged in a session only communicate messages, including higher-order communications via session delegation, that are compatible with the message types expected by the recipient. This paper presents current work on security aspects of the SJ Framework. Firstly, we discuss our implementation experience from improving the SJ Runtime platform with security measures to protect and augment communication safety at runtime. We implement a transport component for secure session execution that uses a modified TLS connection with authentication based on the Secure Remote Password (SRP) protocol. The key technical point is the delicate treatment of secure session delegation to counter a previous vulnerability. We find that the modular design of the SJ Runtime, based on the notion of an Abstract Transport for session communication, supports rapid extension to utilise additional transports whilst separating this concern from the application-level session programming task. In the second part of this abstract, we formally prove the target security properties by modelling the extended SJ delegation protocols in the pi-calculus.