An Approach of Cryptography for Web User Authentication using Secure Remote Password Protocol

Dewangan, Revati Raman; Parganiha, Vivek; Thombre, Deepali
January 2012
International Journal of Computer Science Engineering & Technolo;Jan2012, Vol. 2 Issue 1, p823
Academic Journal
This research paper describes generation of a crypt key for user of web application using SRP techniques for the purpose of secure authentication in web. A numbers of web sites offer different kinds of users in world wide to access web application using unique user name and corresponding a password for securing them to others, even though they are now hacked by professional hackers. To avoid this kind of hacking of user's accounts; our approach is to provide a secure cryptography key using the techniques SRP (SRP-6) along with their username and password. This key will be unique for a particular user. Whenever user attempts to login the web application a new unique key will be generated by the application in each an every single attempt then the newly generated key will be validated by server side. In many web applications, it is desirable to have users log in by giving some unique login name and a password before accessing pages. There are many ways to implement this, each with different advantages and disadvantages. The considerations involved are complex enough and the majority of authentication systems in use on the web today have at least some fixable security weaknesses. There are two standard authentication systems which are described in the HTTP protocol documents: "basic authentication" which is supported by most browsers and HTTP servers, and "digest authentication" which isn't. The Secure Remote Password (SRP) protocol is an implementation of a public key exchange handshake described in the Internet standards working group request for comments 2945(RFC2945). This mechanism is suitable for negotiating secure connections using a user-supplied password, while eliminating the security problems traditionally associated with reusable passwords. This system also performs a secure key exchange in the process of authentication, allowing security layers (privacy and/or integrity protection) to be enabled during the session. Trusted key servers and certificate infrastructures are not required, and clients are not required to store or manage any long-term keys.


Related Articles

  • Catch a Hacker by Thinking Like One. BAVISI, SANJAY; HAILEY, STEVE // SDA Asia Magazine;2008, Vol. 22/23, p32 

    The article focuses on the five phases of a systematic approach used by computer hackers. In reconnaissance phase, hackers identify the domain and subdomain names of the target and then gather information about them through public sources such as newsgroups. They will then scan servers and...

  • Passwords. Maiffret, Marc // SC Magazine: For IT Security Professionals (15476693);Oct2014, Vol. 25 Issue 10, p13 

    The article presents information on passwords as one of the oldest and most important measures used in cyber security and mentions topics such as proper password management and best practices including using complex passwords, rotating passwords frequently, and delegating access to servers.

  • Anonymous Proxy.  // Network Dictionary;2007, p36 

    An encyclopedia entry for "Anonymous Proxy" is presented. In computer security, this term refers to a proxy server that can be used for anonymous Web browsing. It retains the anonymity of the real user because only information on the proxy server will be visible to outsiders.

  • Provide Secure Access to OWA Attachments.  // Windows IT Pro;Dec2005, Vol. 11 Issue 12, p18 

    The article reports that Messageware released AttachView 7.0, a server-based software that provides increased Microsoft Outlook Web Access (OWA) security features. It is noted that to prevent security threats and protect corporate standards, Messageware AttachView provides security Web access to...

  • Tech Rx.  // Men's Health;Sep2004, Vol. 19 Issue 7, p118 

    Answers several questions about technology. Explanation on the $400 rule; Information on the best way to track all the Web passwords.

  • An uncertain world. Richards, Justin // ITNOW;Sep2006, Vol. 48 Issue 5, p12 

    The article highlights World Wide Web trends and problems affecting businesses and individuals worldwide. Different measures are needed to secure the cyber world as threats to security and privacy are expected. Robert Mueller, head of the U.S. Federal Bureau of Investigation (FBI) states that...

  • How to plug Web holes? Perry, Joellen // U.S. News & World Report;02/12/2001, Vol. 130 Issue 6, p40 

    Focuses on the necessity of fixing flaws in a widely used Web infrastructure program. Criminal computer hackers who take advantage of flaws; Popularity of the infrastructure program; Damage which could be done by hackers.

  • Web-based management. Passmore, David // Business Communications Review;Oct96, Vol. 26 Issue 10, p16 

    Discusses developments in World Wide Web-based management which involves the use of World Wide Web server and browser technology. Network management vendors' addition of Web browser interfaces to existing systems; Formation of the Web-Based Enterprise Management; Development of Sun's Java...

  • Net surfing in Mexico. Chorost, Michael // Hispanic;May1995, Vol. 8 Issue 4, p64 

    Presents a guide to Web servers in Mexico. How Web servers distribute information on the Internet; MexPlaza, a Web page that bills itself as a Mexican shopping center on the Internet; Mexican FAQ list; Mexican newspaper services on-line; A map of Web servers in Mexico available through the...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics