Get documents about "Robust Resilient Two Server Password Authentication Vs Single Server
Document Sample
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, May 2010
Robust Resilient Two Server Password
Authentication Vs Single Server
T.S.THANGAVEL Dr.A.KRISHNAN
Department of M.Sc (IT) Department of Electronic and Communication Engg.
K.S.Rangasamy College of Technology K.S.Rangasamy College of Technology
Tiruchengode Tiruchengode
Tamilnadu Tamilnadu
India India
Abstract devices with different forms of connectivity and
different software platforms. Such users often find
it convenient to authenticate by means of
The authentication system stores the passwords and short secrets, to recover lost
password in a Central Server, and the possibility for
passwords by answering questions, and to make
the intruder to obtain the password is very easy and
can gain access to the contents of the user. For the similar use of relatively weak secrets.
purpose of authentication, the multi-server systems
we proposed to communicate with one or all of the Most password-based user authentication
servers. It requires high communication bandwidth at systems place total trust on the authentication
the same time is not easy to maintain and also the server where passwords or easily derived password
protocols are highly expensive. The Two Server
Authentication System avoids this problem, which
verification data are stored in a central database.
uses the passwords and the session keys, rather than These systems could be easily compromised by
performing the cryptographic techniques. It consists offline dictionary attacks initiated at the server
of two servers, the front end and the back end server. side. Compromise of the authentication server by
The front end server communicates with the user, either outsiders or insiders subjects all user
whereas the back end control server is only visible to passwords to exposure and may have serious
the service server. These two servers are responsible problems. To overcome these problems in the
for the authentication. The password is split into two single server system many of the systems has been
words, which is one with the service server and the proposed such as multi-server systems, public key
other with the control server. Both the servers are
validated during the form validation process. The
cryptography and password systems, threshold
system is suitable for both the computation and password authentication systems, two server
communication system. The servers are also used for password authentication systems.
the multiple clients and also for the single server
systems. The proposed work continues the line of
research on the two-server paradigm in [10], [11],
Keywords: Password-Authentication, extend the model by imposing different levels of
Two Servers password, Cryptosystem, single sever trust upon the two servers, and adopt a very
Secure Password, Service sever, control server. different method at the technical level in the
protocol design. As a result, we propose a practical
two-server password authentication and key
I. INTRODUCTION exchange system that is secure against offline
The multi-user systems require the users dictionary attacks by servers when they are
to provide their passwords along with their user controlled by adversaries. The proposed scheme is
identification. The password serves to authenticate a password-only system in the sense that it requires
the ID of the individual logging on to the system. no public key cryptosystem and, thus, no PKI. This
This is required to determine if the user is makes the system very attractive considering PKIs
authorized to gain access to the system. This ID are proven notoriously expensive to deploy in real
also determines the privileges accorded to the user. world. Moreover, the proposed system is
The short secrets are convenient, particularly for an particularly suitable for resource constrained users
increasingly mobile user population. Many users due to its efficiency in terms of both computation
are interested in employing a variety of computing and communication. The paper work, generalize
231 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, May 2010
the basic two-server model to architecture of a The system in [6], believed to be the first
single back-end server supporting multiple front- multiserver password system, splits a password
end servers and envision interesting applications in among multiple servers. However, the servers in
federated enterprises. [6] need to use public keys. An improved version
of [6] was proposed in [7], which eliminates the
II. LITERATURE REVIEW use of public keys by the servers. Further and more
rigorous extensions were due to [8], where the
Public key techniques are absolutely former built a t-out-of-n threshold PAKE protocol
necessary to make password systems secure against and provided a formal security proof under the
offline dictionary attacks, whereas the involvement random oracle model [5] and the latter presented
of public key cryptosystems under a PKI (e.g., two provably secure threshold PAKE protocols
public key encryption and digital signature under the standard model. While the protocols are
schemes) is not essential. There are two separate theoretically significant, they have low efficiency
approaches to the development of secure password and high operational overhead. In these multi-
systems one is a combined use of a password and server password systems, either the servers are
public key cryptosystem under a PKI, and the other equally exposed to the users and a user has to
is a password only approach. In these systems, the communicate in parallel with several or all servers
use of public keys entails the deployment and for authentication, or a gateway is introduced
maintenance of a PKI for public key certification between the users and the servers.
and adds to users the burden of checking key
validity. To eliminate this drawback, password- Recently, Brainard et al. [1] proposed a
only protocols (password authenticated key two-server password system in which one server
exchange or PAKE) have been extensively studied, exposes itself to users and the other is hidden from
e.g., [2], [3], [4]. The PAKE protocols do not the public. While this two-server setting is
involve any public key cryptosystem under a PKI interesting, it is not a password-only system: Both
and, therefore, are much more attractive for real- servers need to have public keys to protect the
world applications. Any use of public key communication channels from users to servers. As
cryptosystem under a PKI in a password we have stressed earlier, this makes it difficult to
authentication system should be avoided since, fully enjoy the benefits of a password system. In
otherwise, the benefits brought by the use of addition, the system in [1] only performs unilateral
password would be counteracted to a great extent. authentication and relies on the Secure Socket
Layer (SSL) to establish a session key between a
Most of the existing password systems user and the front-end server. Subsequently, Yang
were designed over a single server, where each user et al. [9] extended and tailored this two-server
shares a password or some password verification system to the context of federated enterprises,
data (PVD) with a single authentication server where the back-end server is managed by an
(e.g., [2], [3], [4] ). These systems are essentially enterprise headquarters and each affiliating
intended to defeat offline dictionary attacks by organization operates a front-end server. An
outside attackers and assume that the sever is improvement made in [9] is that only the back-end
completely trusted in protecting the user password server holds a public key. Nevertheless, the system
database. Unfortunately, attackers in practice take in [9] is still not a password-only system.
on a variety of forms, such as hackers, viruses,
worms, accidents, mis-configurations, and III. MODES OF SERVER PASSWORD
disgruntled system administrators. As a result, no AUTHENTICATION MODELS
security measures and precautions can guarantee
that a system will never be penetrated. Once an In the single-server model as shown in
authentication server is compromised, all the user fig1, where a single server is involved and it keeps
passwords or PVD fall in the hands of the a database of user passwords. Most of the existing
attackers, who are definitely effective in offline password systems follow this single-server model,
dictionary attacks against the user passwords. To but the single server results in a single point of
eliminate this single point of vulnerability inherent vulnerability in terms of offline dictionary attacks
in the single-server systems, password systems against the user password database.
based on multiple servers were proposed. The
principle is distributing the password database as
well as the authentication function to multiple
servers so that an attacker is forced to compromise
several servers to be successful in offline dictionary
attacks.
Fig 1: Single Server Password model
232 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, May 2010
a) In the two-server model, a user ends up
In the multi-server model, the server side establishing a session key only with the public
comprises multiple servers for the purpose of server, and the role of the back-end server is
removing the single point of vulnerability, the merely to assist the public server in user
servers are equally exposed to users and a user has authentication, while in the multi-server models, a
to communicate in parallel with several or all user establishes a session key (either different or
servers for authentication. The main problem with the same) with each of the servers.
the plain multi-server model is the demand on b) From a security point of view, servers
communication bandwidth and the need for in the multi-server models are equally exposed to
synchronization at the user side since a user has to outside attackers (recall that the gateway in the
engage in simultaneous communications with gateway augmented multi-server model does not
multiple servers. This may cause problems to enforce security), while in the two-server model,
resource-constrained mobile devices such as hand only the public server faces such a problem. This
phones and PDAs. improves the server side security and the overall
system security in the two-server model.
In two server model, different levels of
trust upon the two servers with respect to outside
attackers can be made. The back-end server is more
trustworthy than the public server. This is logical
since the back-end server is located in the back-end
and is hidden from the public, and it is thus less
likely to be attacked. Two-server model has
successfully eliminated drawbacks in the plain
multi-server model (i.e., simultaneous
Fig 2: Gateway Augmented Multi-server model
communications between a user and multiple
servers) and the gateway augmented multi-server
In the gateway augmented multi-server
model (i.e., redundancy) while allowing us to
model as shown fig2, gateway is positioned as a
distribute user passwords and the authentication
relaying point between users and servers and a user
functionality to two servers in order to eliminate a
only needs to contact the gateway. Apparently, the
single point of vulnerability in the single-server
introduction of the gateway removes the demand of
model. As a result, the two-server model appears to
simultaneous communications by a user with
be a sound model for practical applications.
multiple servers as in the plain multi-server model.
However, the gateway introduces an additional
The existing systems upon the two-server
layer in the architecture, which appears
model are not suffice, in turn motivated to present a
“redundant” since the purpose of the gateway is
password-only system over the two-server model.
simply to relay messages between users and
In the proposed system, the public server acts as a
servers, and it does not in any way involve in
service server that provides application services,
service provision, authentication, and other security
while the back-end server is a control server whose
enforcements. From security perspective, more
sole purpose is to assist the service server in user
components generally imply more points of
authentication (the service server, of course, also
vulnerabilities.
participates in user authentication). In the plain
multi-server model and the gateway augmented
multi-server model, several or all servers equally
participate in service provision as well as user
authentication, which is implied by the fact that a
user negotiates a session key with each server. The
two-server model is generalized to architecture that
Fig 3: Two server model
a control server supports multiple service servers.
The two-server model comprises two
servers at the server side, one of which is a public IV. FUNCTIONAL ARCHITECTURE
server exposing itself to users and the other of OF TWO SERVER PASSWORD
which is a back-end server staying behind the AUTHENTICATION SYSTEM
scene; users contact only the public server, but the
two servers work together to authenticate users. Three types of entities are involved in our
The differences between the two-server model and system, i.e., users, a service server (SS) that is the
the earlier multi-server models are public server in the two server model, and a control
server (CS) that is the back-end server. In this
setting, users only communicate with SS and do not
233 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, May 2010
necessarily know CS. For the purpose of user The user contacts only the service server
authentication, a user U has a password which is but both the control and service servers are
transformed into two long secrets, which are held responsible for the authentication of the user. The
by SS and CS, respectively. Based on their user has a password which is transformed into
respective shares, SS and CS together validate two long secrets which are held by service server
users during user login. CS is controlled by a and control server. Both the system using their
passive adversary and SS is controlled by an active respective shares validate user during the login.
adversary in terms of offline dictionary attacks to The servers compute function to verify the user
user passwords, but they do not collude (otherwise, and finally a session key is being established
it equates the single-server model). between the user and service server for the
confirmation of the user and the server. The
A passive adversary follows honest-but- service server (Fig 5) which is an active
curious behavior, that is, it honestly executes the adversary acts arbitrarily to uncover the
protocol according to the protocol specification and passwords and could control the corruption of the
does not modify data, but it eavesdrops on password.
communication channels, collects protocol
transcripts and tries to derive user passwords from The user can use the same password to
the transcripts, moreover, when an passive register to different servers, the service server
adversary controls a server, it knows all internal connect either to distinct control servers or to the
states of knowledge known to the server, including same control server. It makes the system user
its private key (if any) and the shares of user friendly. The system could be adapted to any
passwords. In contrast, an active adversary can act existing FTP and web applications that are
arbitrarily in order to uncover user passwords. available today by adding a control server.
Besides, we assume a secret communication
channel between SS and CS for this basic protocol. In our experimental implementation, a
This security model exploits the different levels of password is split into two random numbers.
trust upon the two servers. This holds with respect Therefore, a user can use the same password to
to outside attackers. As far as inside attackers are register to different service servers; they connect
concerned, justifications come from our application either to distinct control servers or to the same
and generalization of the system to the architecture control server.
of a single control server supporting multiple
service servers, where the control server affords This is a highly desirable feature since it
and deserves enforcing more stringent security makes the system user friendly. A big
measurements against inside attackers. The back- inconvenience in the traditional password
end server is strictly passive and is not allowed to systems is that a user has to memorize different
eavesdrop on communication channels, while CS in passwords for different applications. The system
our setting is allowed for eavesdropping. has no compatibility problem with the single-
server model. This is of importance, as most of
the existing password systems use a single server.
Fig 4: Generalized Two Server Architecture of a
single control server with multiple service server
V EXPERIMENTAL PERFORMANCE Fig 5: Service Server Key generation for user
EVALUATION password (bifurcated)
234 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, May 2010
The generalization as well as the • Password is split into two random
applications of the two-server password system numbers.
well support the underlying security model, in the • User use the same password to register to
sense that the enterprise headquarter naturally different service servers
assume adequate funds and strong security • They connect either to distinct control
expertise and, therefore, affords and is capable of servers or to the same control server.
maintaining a highly trustworthy control server • The service server, an active adversary,
against both inside attackers and outside attackers. acts arbitrarily to uncover the passwords
Without the concern of a single point of and control the corruption of the
vulnerability, affiliating organizations that operate password,
service servers are offloaded to some extent from • Control server, a passive adversary, acts
strict security management, so they can dedicate according to the authentic function.
their limited expertise and resources to their core • To initiate a request for service, User U
competencies and to enhancing service provision to sends his identity together with a service
the users. From the perspective of users, they are request to SS in M1.
able to assume the higher creditability of the
• SS first relays the request to CS by
enterprise while engaging in business with
sending the user ID in M2.,
individual affiliating organizations.
• Then selects a random number b1 and
computes B1 using his password share 1.
A. Performance Measure
• Upon receiving M2, CS chooses a random
number b2 and computesB2 using his
The exponentiations dominate each
password share 2.
party’s computation overhead, the two server
password authentication system only count the • CS then sends B2 in M3 to SS.
number of exponentiations as the computation • Upon reception of B2, SS computes and
performance. The digits before “/” denote the total sends B to U in M4.
number of exponentiations performed by each • After receiving M4, U selects and
party, and the digits following “/” denote the computes A and Su.
number of exponentiations that can be computed • U then sends A and Su to SS in M5.
offline. One round is a one-way transmission of • Getting the message, SS computes S1 and
messages. The proposed two protocols demonstrate sends S1, A and Su to CS in M6.
performance quite efficient in terms of both • Upon receipt of M6, CS computes S2 and
computation and communication to all parties. checks whether Su.
Take U, for example, it needs to calculate 3 and 4 • If it holds, CS is assured of the
exponentiations in the two protocols, respectively, authenticity of U, and continues the
and 2 of them can be performed offline. This protocol by sending S2 to SS in M7
means U only computes 1 and 2 exponentiations in otherwise, CS aborts the protocol.
real time in the respective protocols, the • Assuming SS receives S2 in M7, it checks
communication overhead for U is particularly low whether Su.
in terms of both bits and rounds. The table 1 listed • If it holds, SS is convinced of the
below indicates the computation performance in authenticity of U.
terms of time and success rate (number of rounds) • At this stage, both servers have
of the two server password authentication and authenticated U.
single server authentication • SS then computes and sends Ss to U in
M8 and afterward computes a session key
Table 1: Performance measure on Two server and K otherwise, SS aborts the protocol.
Single server password authentication scheme • Upon receiving M8, U checks if h(0, Sou)
= Ss.
Scheme Time of Success rate • If it holds, U has validated the servers and
Authenticity then computes a session key K otherwise,
(milliseconds) % U aborts the protocol.
Two server 10 96
password C.Discussions
authentication
Single server 8 87 With two-server password system, single
point of vulnerability, is totally eliminated. Without
B. Implementation compromising both servers, no attacker can find
user passwords through offline dictionary attacks.
The implementation procedure is discussed below: The control server being isolated from the public,
the chance for it being attacked is substantially
235 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, May 2010
minimized, thereby increasing the security of the against Dictionary Attacks,” Proc. IEEE Symp.
overall system. The system is also resilient to Research in Security and Privacy, pp. 72-84, 1992.
offline dictionary attacks by outside attackers. This
allows users to use easy to remember passwords [3] S. Bellovin and M. Merritt, “Augmented
and still have strong authentication and key Encrypted Key Exchange: A Password-Based
exchange. The system has no compatibility Protocol Secure against Dictionary Attacks and
problem with the single-server model. The Password File Compromise,” Proc. ACM Conf.
generalization of the two-server password system Computer and Comm. Security, pp. 244-250, 1993.
well supports the underlying security model. In
reality, adversaries take on a variety of forms and [4] M. Bellare, D. Pointcheval, and P. Rogaway,
no security measures and precautions can guarantee “Authenticated Key Exchange Secure Against
that a system will never be penetrated. By avoiding Dictionary Attacks,” Advances in Cryptology
a single point of vulnerability, it gives a system (Eurocrypt ’00), pp. 139-155, 2000.
more time to react to attacks. The password-based
authentication and key exchange system that is [5] M. Bellare and P. Rogaway, “Random Oracles
built upon a novel two-server model, where only are Practical: A Paradigm for Designing Efficient
one server communicates to users while the other Protocols,” Proc. ACM Computer and Comm.
server stays transparent to the public. Compared Security, pp. 62-73, 1993.
with previous solutions, our system possesses many
advantages, such as the elimination of a single [6] W. Ford and B.S. Kaliski Jr., “Server-Assisted
point of vulnerability, avoidance of PKI, and high Generation of a Strong Secret from a Password,”
efficiency. Proc. IEEE Ninth Int’l Workshop Enabling
Technologies, 2000.
VI. CONCLUSION
[7] D.P. Jablon, “Password Authentication Using
The Two-Server password authentication Multiple Servers,” RSA Security Conf., pp. 344-
architecture consists of two servers, namely control 360, 2001.
server and service server. The control server is
controlled by a passive adversary whereas the [8] P. Mackenzie, T. Shrimpton, and M. Jakobsson,
service server is controlled by an active adversary. “Threshold Password-Authenticated Key
The factor, vulnerability is eliminated in this Exchange,” Proc. Advances in Cryptology
process. Both servers are required without which (Eurocrypt ’02), pp. 385-400, 2002.
the attacker cannot find the user passwords. The
control server is isolated from the public. So the [9] Y.J. Yang, F. Bao, and R.H. Deng, “A New
possibility of being it attacked is minimized hence Architecture for Authentication and Key Exchange
the overall system is protected. The password is Using Password for Federated Enterprises,” Proc.
split into two random numbers. The user can use 20th Int’l Federation for Information Processing
the same password for both the servers. Hence the Int’l Information Security Conf. (SEC ’05), 2005.
overall system is user friendly. Both the inside
attackers and the outside attackers cannot easily [10] Yanjiang Yang, Robert H. Deng, and Feng
enter into the system. The two server system is Bao, “A Practical Password-Based Two Server
highly used for practical applications. Authentication and Key Exchange System,” IEEE
Transaction on Secure and Dependable
In contrast to existing multi-server Computing,Vol.3, No.2,April-June 2006
password systems, the two server system has great
potential for practical applications. It can be [11] C. Ellison, C. Hall, R. Milbert, and B.
directly applied to fortify existing standard single- Schneier. Protecting secret keys with personal
server password applications, e.g., FTP and Web entropy. Journal of Future Generation Computer
applications. Systems, 16(4):311-318, February 2000.
References [12] N. Frykholm and A. Juels. Error-tolerant
password recovery. In P. Samarati, editor, 8th
[1] J. Brainard, A. Juels, B. Kaliski, and M. Szydlo, ACM Conference on Computer and
“A New Two Server Approach for Authentication Communications Security, pages 1-9. ACM Press,
with Short Secrets,” Proc. USENIX Security 2001.
Symp., 2003.
[2] S. Bellovin and M. Merritt, “Encrypted Key
Exchange: Password Based Protocols Secure
236 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
(IJCSIS) International Journal of Computer Science and Information Security,
Vol. 8, No. 2, May 2010
Author’s Profile
1
T.S.Thangavel received the Bsc
degree in Computer Science (Bharathiyar
University) in 1991 and the Msc degree in
computer science(Bharathidasan University ) in
1993 and the Mphil degree in Computer Science
(Bharathidasan university) in 2003. He is pursuing
the PhD degree in department of science and
humanities (Anna university). He is working as an
assistant professor in MCA department at
K.S.Rangasamy College of Technology,
Tiruchengode
2
Dr. A. Krishnan received his
Ph.D degree in Electrical
Engineering from IIT, Kanpur.
He is now working as an
Academic Dean at
K.S.Rangasamy College of
Technology, Tiruchengode and research guide at
Anna University Chennai. His research interest
includes Control system, Digital Filters, Power
Electronics, Digital Signal processing,
Communication Networks. He has been published
more than 165 technical papers at various National/
International Conference and journals.
237 http://sites.google.com/site/ijcsis/
ISSN 1947-5500
Related docs
Other docs by ijcsis
Comparative Analysis between Split and HierarchyMap Treemap Algorithms for Visualizing Hierarchical Data
Views: 15 | Downloads: 0
Non-Preemptive Multi-Constrain Scheduling for Multiprocessor with Hopfield Neural Network
Views: 5 | Downloads: 0
Reliable Multipath Routing Protocol (RMRP) For Mobile Ad Hoc Networks Using Adaptive Video Compression
Views: 10 | Downloads: 1
Single CCTA-Based Four Input Single Output Voltage-Mode Universal Biquad Filter
Views: 36 | Downloads: 0
A Cloud Computing Architecture for E-Learning Platform, Supporting Multimedia Content
Views: 42 | Downloads: 0
