In the distributed environment, authentication and key exchange mechanisms play a major role. In general, for authentication, the client and the server mutually exchange a common cryptographic key. In earlier, passwords were stored on a single server. If an intruder gains access to the server by using some malicious attacks, then all the passwords stored in the database be compromised. So the e-commerce application security is endangered. In order to improve the efficiency and performance of the authentication scheme, we introduce multiple servers to store the passwords and participate in the key exchange and authentication schemes. This ensures entire systems' security even if a single server is compromised. The randomly generated nonce for each session corresponding to two-level security mechanism where the scope of an attacker pretends as legitimate user and login to the system is completely restricted. In this method, passwords are stored in their equivalent hash values and stored on multiple servers. This makes the attacker difficult to reverse engineer and intercept to determine the password even from segments of hash value. In this paper, we model a safe and secure password-based authentication scheme using a key exchange.
[1]
J. Cheon,et al.
Survey on Identity based and Hierarchical Identity based Encryption Schemes
,
2016
.
[2]
Jonathan Katz,et al.
Two-server password-only authenticated key exchange
,
2005,
J. Comput. Syst. Sci..
[3]
Whitfield Diffie,et al.
New Directions in Cryptography
,
1976,
IEEE Trans. Inf. Theory.
[4]
Robert H. Deng,et al.
A practical password-based two-server authentication and key exchange system
,
2006,
IEEE Transactions on Dependable and Secure Computing.
[5]
David P. Jablon.
Password Authentication Using Multiple Servers
,
2001,
CT-RSA.
[6]
Rafail Ostrovsky,et al.
Efficient Password-Authenticated Key Exchange Using Human-Memorable Passwords
,
2001,
EUROCRYPT.