MODELING AND STUDYING AUTHENTICATORS OF WEB SITES BASED ON SRP PROTOCOL
DOI:
https://doi.org/10.26906/SUNZ.2019.3.080Keywords:
Authentication, Web Sites, Information Security, SRP-ProtocolAbstract
Analysis of simulation and research of site authenticator based on SRP-protocol. It is proved that the proposed approach is resistant to mediator attacks. The client, according to the SRP protocol, does not send the user password to the server, but calculates the key based on it. Having a password verifier received at registration, the server can also calculate this key. On the open channel is not the key itself, but the special checking values. Developed a mobile client application for the Android OS and Free make for the server in PHP. The application performs user registration and authentication procedures in accordance with the SRP protocol. Because it is assumed that the user will work with the website from another device, the application generates a special key value based on the session key. To access the site from any device in the form of authentication, the client enters the value of not the password itself, but the access key that is sent to the server and verifies.Downloads
References
Виростков Д. Обзор способов и протоколов аутентификации в веб-приложениях [Електронний ресурс] / Д. Виростков // Хабр. – 2015. – Режим доступу до ресурсу: https://habr.com/company/dataart/blog/262817
Давлетханов М. Концепция одноразовых паролей в системе аутентификации [Електронний ресурс] / М. Давлетханов // BYTE. – 2006. – Режим доступу до ресурсу: https://www.bytemag.ru/articles/detail.php?ID=9101
Kuchuk G.A. An Approach To Development Of Complex Metric For Multiservice Network Security Assessment / G.A. Kuchuk, A.A. Kovalenko, A.A. Mozhaev // Statistical Methods Of Signal and Data Processing (SMSDP – 2010): Proc. Int. Conf., October 13-14, 2010.– Kiev: NAU, RED, IEEE Ukraine section joint SP, 2010. – P. 158 – 160.
Kuchuk G., Nechausov S., Kharchenko, V. Two-stage optimization of resource allocation for hybrid cloud data store. International Conference on Information and Digital Technologies. Zilina, 2015. P. 266-271. DOI: http://dx.doi.org/10.1109/DT.2015.7222982
Федоров А. SRP-6: аутентификация без передачи пароля. 2011. URL : https://habr.com/post/121021.
Фергюсон Н. Практическая криптографія / н. Фергюсон, Б. Шнайер, Вильямс 2004, 432 с.
Amin Salih M., Yuvaraj D., Sivaram M., Porkodi V. Detection And Removal Of Black Hole Attack In Mobile Ad Hoc Networks Using Grp Protocol. International Journal of Advanced Research in Computer Science. Vol. 9, No 6. P. 1–6, DOI: http://dx.doi.org/10.26483/ijarcs.v9i6.6335
Yogesh Awasthi, R P Agarwal, B K Sharma, "Intellectual property right protection of browser based software through watermarking technique", International Journal of Computer Applications, vol. 97, no. 12, 2014, pp. 32-36.
Yogesh Awasthi, R P Agarwal, B K Sharma, "Two Phase Watermarking for Security in Database", International Journal of Computing, vol. 4, no. 4, 2014, pp. 821-824
Saravanan S., Hailu M., Gouse G.M., Lavanya M., Vijaysai R. Optimized Secure Scan Flip Flop to Thwart Side Channel Attack in Crypto-Chip. International Conference on Advances of Science and Technology, ICAST 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Vol 274. Springer, Cham. DOI: https://doi.org/10.1007/978-3-030-15357-1_34
Manikandan V, Porkodi V, Mohammed AS, Sivaram M, “Privacy Preserving Data Mining Using Threshold Based Fuzzy cmeans Clustering”, ICTACT Journal on Soft Computing, Vol. 9, Is. 1, 2018, pp.1813-1816. DOI: 10.21917/ijsc.2018.0252
Ruban, I. Redistribution of base stations load in mobile communication networks / I. Ruban, H. Kuchuk, A. Kovalenko // Innovative technologies and scientific solutions for industries. – 2017. – No 1 (1) – P. 75-81. – DOI : https://doi.org/10.30837/2522-9818.2017.1.075
Teilor.D Using the Secure Remote Password (SRP) Protocol for TLS Authentication [Електронний ресурс] / Д. Тейлор // IETF. – 2007. – Режим доступу до ресурсу: https://tools.ietf.org/html/rfc5054#ref-MODP;
Semenov S. Identification of the state of an object under conditions of fuzzy input data / S. Semenov, O. Sira, S. Gavrylenko, N. Kuchuk // Eastern-european journal of enterprise technologies.– Kharkiv. 2019 No. 4(97). P.22-30 (SCOPUS)
