TITLE

An Approach of Cryptography for Web User Authentication using Secure Remote Password Protocol

AUTHOR(S)
Dewangan, Revati Raman; Parganiha, Vivek; Thombre, Deepali
PUB. DATE
January 2012
SOURCE
International Journal of Computer Science Engineering & Technolo;Jan2012, Vol. 2 Issue 1, p823
SOURCE TYPE
Academic Journal
DOC. TYPE
Article
ABSTRACT
This research paper describes generation of a crypt key for user of web application using SRP techniques for the purpose of secure authentication in web. A numbers of web sites offer different kinds of users in world wide to access web application using unique user name and corresponding a password for securing them to others, even though they are now hacked by professional hackers. To avoid this kind of hacking of user's accounts; our approach is to provide a secure cryptography key using the techniques SRP (SRP-6) along with their username and password. This key will be unique for a particular user. Whenever user attempts to login the web application a new unique key will be generated by the application in each an every single attempt then the newly generated key will be validated by server side. In many web applications, it is desirable to have users log in by giving some unique login name and a password before accessing pages. There are many ways to implement this, each with different advantages and disadvantages. The considerations involved are complex enough and the majority of authentication systems in use on the web today have at least some fixable security weaknesses. There are two standard authentication systems which are described in the HTTP protocol documents: "basic authentication" which is supported by most browsers and HTTP servers, and "digest authentication" which isn't. The Secure Remote Password (SRP) protocol is an implementation of a public key exchange handshake described in the Internet standards working group request for comments 2945(RFC2945). This mechanism is suitable for negotiating secure connections using a user-supplied password, while eliminating the security problems traditionally associated with reusable passwords. This system also performs a secure key exchange in the process of authentication, allowing security layers (privacy and/or integrity protection) to be enabled during the session. Trusted key servers and certificate infrastructures are not required, and clients are not required to store or manage any long-term keys.
ACCESSION #
72069885

 

Share

Read the Article

Courtesy of THE LIBRARY OF VIRGINIA

Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics