REVIEW ON CLOUD SERVER SECURITY USING PASSWORD AUTHENTICATED KEY EXCHANGE
Keywords:
authentication, Limitation, maliciousAbstract
Battle between ethical or white hat Security hackers and malicious or black hat Security hackers is a long war, which has no end. While ethical Security hacker help to understand companies’ their System security needs, malicious Security hackers intrudes illegally and harm network for their personal benefits. objective Enhancement of Password Authentication system is to prevent Security hacker’s Attack make remote servers more secure.It is necessary to keep password safe and secure. There may be a chance to hack password by outside onlookers to access data provided by user. So, it is necessary to follow techniques to preserve password from onlookers to hack it. Several techniques are used here for password authentication. Public Key Info systems is one of technique used under public key infrastructure in which public keys are used to create to avoid password hacking. Limitation of this system is that user has to check validity of key each and every time in password system. It consumes more time for execution. Then, another system called Password only protocols or Password Authenticated Key Exchange or PAKE which does use public key system for password authentication. So, it is easy for users to use this system for real world applications.
References
Boyko, V.; P. MacKenzie; S. Patel (2000). "Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman". Advances in Cryptology -- Eurocrypt 2000, LNCS. Lecture Notes in Computer Science (Springer-Verlag) 1807: 156. doi:10.1007/3-540-45539-6_12. ISBN 978-3-540-67517-4.
Abdalla, M.; D. Pointcheval (2005). "Simple Password-Based Encrypted Key Exchange Protocols" (PDF). Topics in Cryptology – CT-RSA 2005. Lecture Notes in Computer Science (Springer Berlin Heidelberg) 3376: 191–208. doi:10.1007/978-3-540-30574-3_14. ISBN 978-3-540-24399-1.
Bellare, M.; D. Pointcheval; P. Rogaway (2000). "Authenticated Key Exchange Secure against Dictionary Attacks". Advances in Cryptology -- Eurocrypt 2000 LNCS. Lecture Notes in Computer Science (Springer-Verlag) 1807: 139. doi:10.1007/3-540-45539-6_11. ISBN 978-3-540-67517-4.
Bellovin, S. M.; M. Merritt (May 1992). "Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks". Proceedings of the I.E.E.E. Symposium on Research in Security and Privacy (Oakland): 72. doi:10.1109/RISP.1992.213269. ISBN 0-8186-2825-1.
Ford, W.; B. Kaliski (14–16 June 2000). "Server-Assisted Generation of a Strong Secret from a Password". Proceedings of the IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (Gaithersburg MD: NIST): 176. doi:10.1109/ENABL.2000.883724. ISBN 0-7695-0798-0.
Goldreich, O.; Y. Lindell (2001). "Session-Key Generation Using Human Passwords Only". Advances in Cryptology -- Crypto 2001 LNCS (Springer-Verlag) 2139.
"IEEE Std 1363.2-2008: IEEE Standard Specifications for Password-Based Public-Key Cryptographic Techniques". IEEE. 2009.
Katz, J.; R. Ostrovsky; M. Yung (2001). "Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords" 2045. Springer-Vergal.
T. Wu. The SRP-3 Secure Remote Password Protocol. IETF RFC 2945.
D. Taylor, T. Wu, N. Mavrogiannopoulos, T. Perrin. Using the Secure Remote Password (SRP) Protocol for TLS Authentication. IETF RFC 5054
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2016 International Journal for Research Publication and Seminar
This work is licensed under a Creative Commons Attribution 4.0 International License.
Re-users must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. This license allows for redistribution, commercial and non-commercial, as long as the original work is properly credited.