Browse > Article
http://dx.doi.org/10.5762/KAIS.2011.12.3.1350

A Secure Authentication Model Using Two Passwords in Client Server Systems  

Lee, Jae-Woo (Division of Computer Science & Information, Kyungbok College)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.12, no.3, 2011 , pp. 1350-1355 More about this Journal
Abstract
It is very important issues to protect many system resources using authorized client authentication in distributed client server systems. So it is not enough to prevent unauthorized opponents from attacking our systems that client authentication is performed using only the client's identifier and password. In this paper, we propose a secure authentication database modeling with two authentication keys such as a client authentication key and a server authentication key. The proposed authentication model can be used making high quality of computer security using two authentication keys during transaction processing. The two authentication keys are created by client and server, and are used in every request transaction without user's extra input. Using the proposed authentication keys, we can detect intrusion during authorized client's transaction processing because we can know intrusion immediately through comparing stored authentication keys in client server systems when hackers attack our network or computer systems.
Keywords
Authentication Database; Secure Transaction; Client Server System;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 William Stallings, Network Security Essentials : Application and Standards, Prentice Hall, 1999.
2 William Stallings, Cryptography and Network Security : Principles and Practice, Prentice Hall, 1999.
3 Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security : Private Communication in a Public World, Prentice Hall, 1995.
4 Ravi Sandhu and Pierangela Samarati, "Authentication, Access Control, and Audit," ACM Computing Surveys, 28(1), pp.241-243, March 1996.   DOI
5 B.C. Neuman and Theodore Ts'o. Kerberos, "An Authentication Service for Computer Networks," IEEE Communications, 32(9), pp.33-38, September 1994.   DOI
6 Shai Halevi and Hugo Krawczyk, "Public-key Cryptography and Password Protocols," ACM Transactions on Information and System Security, 2(3), pp.230-268, August 1999.   DOI
7 James Giles, Reiner Sailer, Dinesh Verma, and Suresh Chari, "Authentication for Distributed Web Caches," Lecture Notes in Computer Science, Vol. 2502, Springer-Verlag, pp.126-145, 2002.   DOI
8 Ferdinand J. Dafelmair, "Survivability Strategy for a Security Critical Process," Lecture Notes in Computer Science, Vol. 2434, Springer-Verlag, pp.61-69, 2002.   DOI
9 Jonathan Katz, Rafail Ostrovsky, and Moti Yung, "Forward Secrecy in Password-Only Key Exchange Protocols," Lecture Notes in Computer Science, Vol. 2576, Springer-Verlag, pp.29-44, 2002.
10 Yasunori Ishihara, Shuichiro Ako, and Toru Fujiwara, "Security against Inference Attacks on Negative Information in Object-Oriented Databases," Lecture Notes in Computer Science, Vol. 2513, Springer-Verlag, pp.49-60, 2002.
11 Donk-Kwan Kim, Seung-Soo Shin, "Three-Factor authentication system based on one time password," Proceedings of the KAIS Fall conference, The Korea Academia-Industrial cooperation Society, pp.25-28, 2008.