Provable Secured Hash Password Authentication

T.S.Thangavel; A. Krishnan

Call for Paper

June Edition

IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

An Efficient Hybrid Parallel Prefix Adders for Reverse Converters using QCA Technology

Nov

2016

Computerized Preventive Maintenance Management System (CPMMS) for Haematology Department Equipments

January

2015

Security Enhancement in Cloud Storage using ARIA and Elgamal Algorithms

Aug

2017

EARRA: Enhanced Adaptive Rate Response Adjustment Technique for Congestion Control in Networks

Jun

2017

Reseach Article

Provable Secured Hash Password Authentication

by T.S.Thangavel, A. Krishnan

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 1 - Number 19

Year of Publication: 2010

Authors: T.S.Thangavel, A. Krishnan

10.5120/406-602

T.S.Thangavel, A. Krishnan . Provable Secured Hash Password Authentication. International Journal of Computer Applications. 1, 19 ( February 2010), 38-45. DOI=10.5120/406-602

@article{ 10.5120/406-602,

author = { T.S.Thangavel, A. Krishnan },

title = { Provable Secured Hash Password Authentication },

journal = { International Journal of Computer Applications },

issue_date = { February 2010 },

volume = { 1 },

number = { 19 },

month = { February },

year = { 2010 },

issn = { 0975-8887 },

pages = { 38-45 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume1/number19/406-602/ },

doi = { 10.5120/406-602 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-06T19:46:54.073660+05:30

%A T.S.Thangavel

%A A. Krishnan

%T Provable Secured Hash Password Authentication

%J International Journal of Computer Applications

%@ 0975-8887

%V 1

%N 19

%P 38-45

%D 2010

%I Foundation of Computer Science (FCS), NY, USA

Abstract

The techniques such as secured socket layer (SSL) with client-side certificates are well known in the security research community, most commercial web sites rely on a relatively weak form of password authentication, the browser simply sends a user’s plaintext password to a remote web server, often using SSL. Even when used over an encrypted connection, this form of password authentication is vulnerable to attack. In common password attacks, hackers exploit the fact that web users often use the same password at many different sites. This allows hackers to break into a low security site that simply stores username/passwords in the clear and use the retrieved passwords at a high security site. While password authentication could be abandoned in favor of hardware tokens or client certificates, both options are difficult to adopt because of the cost and inconvenience of hardware tokens and the overhead of managing client certificates.

References

N. Chou, R. Ledesma, Y. Teraguchi, and J. Mitchell, “Client-side defense against web based identity theft “, In Proceedings of Network and Distributed Systems Security (NDSS), 2004.
J. A. Halderman, B.Waters, and E. Felten “A convenient method for securely managing passwords” To appear in Proceedings of the 14th International World Wide Web Conference (WWW 2005), 2005.
F. Hao, P. Zieli´nski, “A 2-round anonymous veto protocol,” Proceedings of the 14th International Workshop on Security Protocols, SPW’06, Cambridge, UK, May 2006.
Muxiang Zhang, “Analysis of the SPEKE password-authenticated key exchange protocol,” IEEE Communications Letters, Vol. 8, No. 1, pp. 63-65, January 2004.
Z. Zhao, Z. Dong, Y. Wang, “Security analysis of a password-based authentication protocol proposed to IEEE 1363,” Theoretical Computer Science, Vol. 352, No. 1, pp. 280–287, 2006.
C.Ellison, C.Hall, R.Milbert, and B.Schneier, “Protecting secret keys with personal entropy” Journal of Future Generation Computer Systems”, February 2000.
P.Mackenzie, T.Shrimpton, and M.Jakobsson, “Threshold password-authenticated key exchange” In M.Yung, editor, CRYPTO 2002.
Abdalla M., Catalano D., Chevalier C., and Pointcheval D., “Efficient Two-Party Password-Based Key Exchange Protocol in the UC Framework”, Springer-Verlag Berlin, PP. 335 – 351, 2008.

Index Terms

Computer Science

Information Sciences

Keywords

Password Authentication Hash Functions Message Digest Secure Socket Layer Random Password Generator Pseudo Random Function