39,680 research outputs found

    Innovative Remote user Authentication Protocol for Multi-Server Structural Design Based on ECC

    Get PDF
    We have achieved an era where preferred web services are accessible over the networks by click of a button. In such a situation, remote user authentication performs the most part in determining the genuine users of a web service on the World Wide Web. Scientists have suggested a number of security password centered authentication techniques which depend on single server for authentication. But, with remarkable improvements in technology, it is probable to interact with several web servers in authenticating their clients to experience greater protection. In this paper, we recommend an efficient security password centered authentication protocol for multiserver structure. The method provides common authentication using intelligent card and is depending on Elliptic Curve Cryptography, thus offers best protection at a low price. In 2011, Sood et al. suggested a multi-server structure protocol utilizing smart cards. In this papers, we enhance Sood et al. plan by improving its protection and decreasing the computation cost. The protocol is in accordance with the idea of powerful identification that uses a nonce centered system and has no time synchronization issue. DOI: 10.17762/ijritcc2321-8169.15062

    Contribution to securing wireless mesh networks

    Get PDF
    A wireless mesh network (WMN) comprises of mesh access points (MAPs)/mesh routers and mesh clients (MCs), where MAPs are normally static and they form the backbone of WMNs. MCs are wireless devices and dynamic in nature, communicating among themselves over possibly multi-hop paths, with or without the help of MAPs. Security has been a primary concern in order to provide protected communication in WMNs due to the open peer-to-peer network topology, shared wireless medium, stringent resource constraints and highly dynamic environment. These challenges clearly make a case for building multi-layer security solution that achieves both wide-range protection and desirable network performance. In this thesis, we attempt to provide necessary security features to WMNs routing operations in an efficient manner. To achieve this goal, first we will review the literature about the WMNs in detail, like WMN’s architecture, applications, routing protocols, security requirements. Then, we will propose two different secure routing protocols for WMNs which provide security in terms of routing, data and users as well. The first protocol is a cross-layer secure protocol for routing, data exchange and Address Resolution Protocol (ARP) problems (in case of LAN based upon WMNs). Our protocol is a ticket-based ad hoc on demand distance vector (TAODV) protocol, a secure routing protocol that is based on the design of the Ad Hoc on demand distance vector (AODV) protocol. Due to the availability of a backbone, we incorporate the Authentication Server (AS) for the issuance of tickets which are further used for secure routing, transfer of public keys and MAC addresses in one single step. By incorporating the public keys, source and destination can easily generate their shared secret key based upon Fixed Diffie-Hellman key exchange protocol for data encryption and decryption. Our protocol is secure against both active as well as passive attacks. The second proposed protocol is to “achieve user anonymity in WMNs”. This protocol is also ticket-based protocol. The ticket is issued by Network Operator (NO) which provides user anonymity, user authentication and data confidentiality/privacy throughout the WMN. Our protocol is inspired by the blind Nyberg-Rueppel digital signature scheme. In this protocol NO issues tickets to valid users only and these users can then use these tickets to access Internet or to access services provided by Internet Gateway (IGW). IGW can only verify these tickets whether tickets are valid or not but can not check “Identity of ticket holder”. This way, user anonymity has been achieved along with user authentication and data privacy throughout WMN

    Web3 Chain Authentication and Authorization Security Standard (CAA)

    Get PDF
    Web3 is the next evolution of the internet, which uses blockchains, cryptocurrencies, and NFTs to return ownership and authority to the consumers. The potential of Web3 is highlighted by the creation of decentralized applications (dApps), which are more secure, transparent, and tamper-proof than their centralized counterparts, allowing for new business models that were previously impossible on the traditional internet.Web3 also focuses on user privacy, where users have more control over their personal data and can choose to share only what they want. The emergence of Web3 represents an exciting new frontier in blockchain technology, and its focus on decentralization, user privacy, and trustless systems has the potential to transform the way we interact with the internet.Web3 authentication is required for enhanced security, increased privacy, and simplified user interface. Traditional login procedures and an authorization flow using web3 authentication work together seamlessly. However, there are several challenges associated with Web3, including scalability and regulatory issues. Chain Authentication and Authorization (CAA) is a multi-layer security mechanism that allows users to choose the security layer that suits them, just like a heavy iron chain, where the user and CAA developers act as blacksmith and form their security protocol that suits them. CAA is a solution to the challenges associated with Web3 authentication and authorization, and it focuses on creating a secure and decentralized authentication and authorization system that is scalable, flexible, and user-friendly

    Password authenticated key agreement protocol for multi-servers architecture

    Get PDF
    [[abstract]]This paper proposes an efficient password authenticated key agreement protocol for multi-servers architecture. The authenticated key agreement protocol is a good solution to provide authentication and confidentiality. The identity authentication and confidentiality are two important primary security services for the open network environment. The proposed scheme allows user to access multi-server securely by keeping one weak password and a smart card only. The client user and server will authenticate each other in the proposed scheme. They will agree a secret common session key for each request in the ending of the proposed scheme. Furthermore, the proposed scheme is based on straight line of geometry and symmetric cryptosystem. It does not use the overload cryptography operations, it is more efficient than the previous results.[[conferencetype]]ĺś‹éš›[[conferencedate]]20050613~20050616[[iscallforpapers]]Y[[conferencelocation]]Taipei, Taiwa

    Security Schemes for Hack Resilient Applications Using “SNHA” (Securing Network, Host, and Application) Service

    Get PDF
    The very nature of web applications - their ability to collate, process and disseminate information over the Internet - exposes them in two ways. First and most obviously, they have total exposure by nature of being publicly accessible. Second, they process data elements from within HTTP requests - a protocol that can employ a myriad of encoding and encapsulation techniques. Any service available on the Internet requires authentication. Simple, one factor authentication schemes are vulnerable to hacking and require lot of discipline among authorized users - in the form of complying with strong password, One Time Password and password salt. The challenges start from making the authentication setup of the network services as secure and as simple as possible. In order to overcome this problem, we will develop a portal and authentication setup to address the problem of the directly making the authentication setup and the web services of the organization accessible from the internet. For our purposes we will concentrate on the combination of web servers and application servers interfacing to provide user authentication as multi-tenant applications. Keyword: - Network security, Web-Security, Multi tenant, Web-service, SAAS, SOP, WCF, multilevel authentication, one time password (OTP), Salt password
    • …
    corecore