Notification: Our email services are now fully restored after a brief, temporary outage caused by a denial-of-service (DoS) attack. If you sent an email on Dec 6 and haven't received a response, please resend your email.
CFP last date
20 December 2024
Reseach Article

Fortification of Transport Layer Security Protocol

Published on December 2011 by Kuljeet Kaur
Network Security and Cryptography
Foundation of Computer Science USA
NSC - Number 2
December 2011
Authors: Kuljeet Kaur
055cc2d9-bd39-4d20-b9b1-664708be50d8

Kuljeet Kaur . Fortification of Transport Layer Security Protocol. Network Security and Cryptography. NSC, 2 (December 2011), 11-14.

@article{
author = { Kuljeet Kaur },
title = { Fortification of Transport Layer Security Protocol },
journal = { Network Security and Cryptography },
issue_date = { December 2011 },
volume = { NSC },
number = { 2 },
month = { December },
year = { 2011 },
issn = 0975-8887,
pages = { 11-14 },
numpages = 4,
url = { /specialissues/nsc/number2/4328-spe020t/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Special Issue Article
%1 Network Security and Cryptography
%A Kuljeet Kaur
%T Fortification of Transport Layer Security Protocol
%J Network Security and Cryptography
%@ 0975-8887
%V NSC
%N 2
%P 11-14
%D 2011
%I International Journal of Computer Applications
Abstract

Proving an identity over a public link is complex when there is communication between Client and Server. Secure Shell protocol is deployed, to determine a client's identity through Password-based key exchange schemes, over a public network, by sharing a (short) password only, with a session key. Most of the existing schemes are vulnerable to various dictionary attacks. SSL is the de facto standard today for securing end to end transport. While the protocol seems rather secure there are a number of risks which lurk in its use. The focus of the paper is on the analysis of very efficient schemes on password-based authenticated key-exchange methods. In this paper analysis of AuthA key exchange scheme and DH-EKE is done and complete proof of its security is generated. Evidences are generated to show that the AuthA and DH_EKE protocol and its multiple modes of operation are secure under the computational Diffie-Hellman intractability assumption and help in fortification of transport layer security protocol.

References
  1. M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Secure Against Dictionary Attacks. In Eurocrypt '00, LNCS 1807, pages 139{155. Springer-Verlag, Berlin, 2000.
  2. M. Bellare and P. Rogaway. The AuthA Protocol for Password-Based Authenticated Key Exchange. Contributions to IEEE P1363. March 2000. Available from http://grouper.ieee.org/groups/1363/.
  3. M. Bellare and P. Rogaway. Random Oracles Are Practical: a Paradigm for Designing E_cient Protocols. In Proc. of the 1st CCS, pages 62{73. ACM Press, New York, 1993.
  4. S. M. Bellovin and M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks. In Proc. of the Symposium on Security and Privacy, pages 72{84. IEEE, 1992.
  5. C. Boyd, P. Montague, and K. Nguyen. Elliptic Curve Based Password Authenticated Key Exchange Protocols. In ACISP '01, LNCS 2119, pages 487{501. Springer-Verlag, Berlin, 2001.
  6. E. Bresson, O. Chevassut, and D. Pointcheval. Encrypted Key Exchange using Mask Generation Function. Work in progress.
  7. T. Berners-Lee, R. T. Fielding, H. F. Nielsen, J. Gettys, and J. Mogul. Hypertext transfer protocol – HTTP/1.1. Internet Request for Comment RFC 2068, Jan. 1997.
  8. W. Diffie and M. Hellman. New directions in cryptography.IEEE Transactions on Information Theory, IT- 22(6):644–654, Nov. 1976.
  9. D. P. Jablon. Strong password-only authenticated key exchange. Computer Communication Review, 26(5):5– 26, Sep 1996.
  10. T. Wu. The secure remote password protocol. In Symposiumon Network and Distributed Systems Security (NDSS ’98), pages 97–111, San Diego, California, Mar. 1998. Internet Society.
Index Terms

Computer Science
Information Sciences

Keywords

Password Authentication Secured Socket Lock