The study of security models for sensitive data systems has been taken on for years. Throughout this century, the thought of seeking the system security to the supply of system development lifecycle received Brobdingnagian improvement within the system and software system assurance domain. This paper expounds the understanding security by illustrating information security study development progress since pre-computer age and presents an outline of Internet and cyberization security by summarizing the established order of cyberization. Then a security model referred to as PDRL, which incorporates six core security attributes of sensitive data systems, is planned to safeguard the protection of sensitive data systems within the whole system life-cycle. Within the past, many key agreement protocols square measure planned on watchword based mostly mechanism. These protocols square measure prone to wordbook attacks. Storing plain text version of watchword on server isn't secure continuously. During this paper we have a tendency to utilize the service of a trustworthy third party, i.e., the Key Distribution server (KDS) for key agreement between the hosts. Now-a-days in massive operating environments 2 party key agreement protocols square measure being seldom used. During this planned theme, rather than storing plain text version of watchword we have a tendency to store a technique hash of the watchword at the server. Each host and server agrees upon family of independent unidirectional hash functions, victimization that host authentication is completed once a bunch applies for session key with KDS. Host establishes just once key with server victimization that server authentication is completed. Thanks to this man-in-the middle attacks square measure defeated. The planned protocol relies on Diffie-Hellman key
[1]
Steven M. Bellovin,et al.
Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise
,
1993,
CCS '93.
[2]
Mihir Bellare,et al.
Provably secure session key distribution: the three party case
,
1995,
STOC '95.
[3]
Hung-Min Sun,et al.
Three-party encrypted key exchange: attacks and a solution
,
2000,
OPSR.
[4]
Gene Tsudik,et al.
On simple and secure key distribution
,
1993,
CCS '93.
[5]
Maurizio Adriano Strangio,et al.
An optimal round two-party password-authenticated key agreement protocol
,
2006,
First International Conference on Availability, Reliability and Security (ARES'06).
[6]
Patrick Horster,et al.
Undetectable on-line password guessing attacks
,
1995,
OPSR.
[7]
Gene Tsudik,et al.
Refinement and extension of encrypted key exchange
,
1995,
OPSR.
[8]
Steven M. Bellovin,et al.
Encrypted key exchange: password-based protocols secure against dictionary attacks
,
1992,
Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.
[9]
Alfred Menezes,et al.
Handbook of Applied Cryptography
,
2018
.
[10]
Whitfield Diffie,et al.
New Directions in Cryptography
,
1976,
IEEE Trans. Inf. Theory.
[11]
Hung-Min Sun,et al.
Simple authenticated key agreement protocol resistant to password guessing attacks
,
2002,
OPSR.
[12]
Jerome H. Saltzer,et al.
Protecting Poorly Chosen Secrets from Guessing Attacks
,
1993,
IEEE J. Sel. Areas Commun..
[13]
Behrouz A. Forouzan,et al.
Cryptography and network security
,
1998
.