CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
SFLA-Based Line Balancing and Task Optimization in Master-Slave Controlled Hanger Transportation Systems for Garment Production

Duc Hoang Nguyen
Random Articles
Reseach Article

Provable Secured Hash Password Authentication

by T.S.Thangavel, A. Krishnan
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 1 - Number 19
Year of Publication: 2010
Authors: T.S.Thangavel, A. Krishnan
10.5120/406-602

T.S.Thangavel, A. Krishnan . Provable Secured Hash Password Authentication. International Journal of Computer Applications. 1, 19 ( February 2010), 38-45. DOI=10.5120/406-602

@article{ 10.5120/406-602,
author = { T.S.Thangavel, A. Krishnan },
title = { Provable Secured Hash Password Authentication },
journal = { International Journal of Computer Applications },
issue_date = { February 2010 },
volume = { 1 },
number = { 19 },
month = { February },
year = { 2010 },
issn = { 0975-8887 },
pages = { 38-45 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume1/number19/406-602/ },
doi = { 10.5120/406-602 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:46:54.073660+05:30
%A T.S.Thangavel
%A A. Krishnan
%T Provable Secured Hash Password Authentication
%J International Journal of Computer Applications
%@ 0975-8887
%V 1
%N 19
%P 38-45
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The techniques such as secured socket layer (SSL) with client-side certificates are well known in the security research community, most commercial web sites rely on a relatively weak form of password authentication, the browser simply sends a user’s plaintext password to a remote web server, often using SSL. Even when used over an encrypted connection, this form of password authentication is vulnerable to attack. In common password attacks, hackers exploit the fact that web users often use the same password at many different sites. This allows hackers to break into a low security site that simply stores username/passwords in the clear and use the retrieved passwords at a high security site. While password authentication could be abandoned in favor of hardware tokens or client certificates, both options are difficult to adopt because of the cost and inconvenience of hardware tokens and the overhead of managing client certificates.

References
  1. N. Chou, R. Ledesma, Y. Teraguchi, and J. Mitchell, “Client-side defense against web based identity theft “, In Proceedings of Network and Distributed Systems Security (NDSS), 2004.
  2. J. A. Halderman, B.Waters, and E. Felten “A convenient method for securely managing passwords” To appear in Proceedings of the 14th International World Wide Web Conference (WWW 2005), 2005.
  3. F. Hao, P. Zieli´nski, “A 2-round anonymous veto protocol,” Proceedings of the 14th International Workshop on Security Protocols, SPW’06, Cambridge, UK, May 2006.
  4. Muxiang Zhang, “Analysis of the SPEKE password-authenticated key exchange protocol,” IEEE Communications Letters, Vol. 8, No. 1, pp. 63-65, January 2004.
  5. Z. Zhao, Z. Dong, Y. Wang, “Security analysis of a password-based authentication protocol proposed to IEEE 1363,” Theoretical Computer Science, Vol. 352, No. 1, pp. 280–287, 2006.
  6. C.Ellison, C.Hall, R.Milbert, and B.Schneier, “Protecting secret keys with personal entropy” Journal of Future Generation Computer Systems”, February 2000.
  7. P.Mackenzie, T.Shrimpton, and M.Jakobsson, “Threshold password-authenticated key exchange” In M.Yung, editor, CRYPTO 2002.
  8. Abdalla M., Catalano D., Chevalier C., and Pointcheval D., “Efficient Two-Party Password-Based Key Exchange Protocol in the UC Framework”, Springer-Verlag Berlin, PP. 335 – 351, 2008.
Index Terms

Computer Science
Information Sciences

Keywords

Password Authentication Hash Functions Message Digest Secure Socket Layer Random Password Generator Pseudo Random Function

Powered by PhDFocusTM