Web Applications Login Authentication Scheme Using Hybrid Cryptography with User Anonymity

Full Text (PDF, 488KB), PP.42-50

Views: 0 Downloads: 0

Author(s)

Bello Alhaji Buhari 1,* Afolayan Ayodele Obiniyi 2

1. Department of Mathematics, Computer Science Unit, Usmanu Danfodiyo University, Sokoto – Nigeria

2. Department of Computer Science, Ahmadu Bello University, Zaria – Nigeria

* Corresponding author.

DOI: https://doi.org/10.5815/ijieeb.2022.05.05

Received: 27 Jun. 2021 / Revised: 10 Sep. 2021 / Accepted: 13 Jul. 2022 / Published: 8 Oct. 2022

Index Terms

Cryptography, Private key, Public key, Hash function, Authentication, Web login, Web application

Abstract

It is a common requirement for modern web applications as many if not all services that need personalization and control of access move online. Due to increase in these services becoming online, login authentications become targets to attackers. Therefore, there is need for secure and efficient web application login authentication schemes to ensure users access control, security and privacy. Present schemes have limitations such as users spent a lot of time browsing to create image portfolios than to create passwords and PINs, subject to active impersonation attack, some will only suit well for financial transaction system due to the TIC involved, some may have hash collisions, some require addition BLE device to be install and available on the authentication systems and cannot be used for higher data rates and long distance unlike cellular and WiFi devices, some involves reuse of password at single or multiple service providers which may lead to a password reuse attack called domino effect and some work well in application that needs to share permission with other applications like social media applications inform of APIs and improvising of user anonymity. We propose an improved web application login authentication scheme using hybrid cryptography with user anonymity. The improved scheme used blowfish – the most efficient private key algorithm, Elgamal – very secure public key algorithm and SHA-2 hash function combined together to enable high performance and security. The methods are thoroughly discussed and its security evaluated to show that it provides password protection, user privacy, perfect forward secrecy, mutual authentication and security against impersonation attack.

Cite This Paper

Bello Alhaji Buhari, Afolayan Ayodele Obiniyi, "Web Applications Login Authentication Scheme Using Hybrid Cryptography with User Anonymity", International Journal of Information Engineering and Electronic Business(IJIEEB), Vol.14, No.5, pp. 42-50, 2022. DOI:10.5815/ijieeb.2022.05.05

Reference

[1]Patel, S., Sahoo, A., Mohanta, B. K., Panda, S. S., & Jena, D. (2019, March). DAuth: A Decentralized Web Authentication System using Ethereum based Blockchain. In 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN) (pp. 1-5). IEEE.
[2]Anwar, N., & Supriyanto, S. (2019). Forensic Authentication of WhatsApp Messenger Using the Information Retrieval Approach. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 8(3), 206-212.
[3]Dhamija, R., & Perrig, A. (2000, August). Deja Vu-A User Study: Using Images for Authentication. In USENIX Security Symposium (Vol. 9, pp. 4-4).
[4]Van Der Horst, T. W., & Seamons, K. E. (2007, September). Simple authentication for the web. In 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops-SecureComm 2007 (pp. 473-482). IEEE.
[5]Tiwari, A., Sanyal, S., Abraham, A., Knapskog, S. J., & Sanyal, S. (2011). A multi-factor security protocol for wireless payment-secure web authentication using mobile devices. arXiv preprint arXiv:1111.3010.
[6]Wang, S. Q., Wang, J. Y., & Li, Y. Z. (2013). The web security password authentication based the single-block hash function. IERI Procedia, 4, 2-7.
[7]Varshney, G., Misra, M., & Atrey, P. (2017, October). A new secure authentication scheme for web login using BLE smart devices. In 2017 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID) (pp. 95-98). IEEE.
[8]Zeidler, C., & Asghar, M. R. (2018, August). AuthStore: Password-based Authentication and Encrypted Data Storage in Untrusted Environments. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 996-1001). IEEE.
[9]Lewi, K., Rain, C., Weis, S. A., Lee, Y., Xiong, H., & Yang, B. (2018). Scaling Backend Authentication at Facebook. IACR Cryptology ePrint Archive, 2018, 413.
[10]Mohammed, S. J., & Mehdi, S. A. (2020). Web application authentication using ZKP and novel 6D chaotic system. Indonesian Journal of Electrical Engineering and Computer Science, 20(3), 1522-1529.
[11]Gupta, N., & Kapoor, V. (2020). Hybrid cryptographic technique to secure data in web application. Journal of Discrete Mathematical Sciences and Cryptography, 23(1), 125-135.
[12]Garfinkel, S. L. (2003). Email-based identification and authentication: An alternative to PKI?. IEEE security & privacy, 1(6), 20-26.
[13]Thomas, C. G., & Jose, R. T. (2015). A comparative study on different hashing algorithms. International Journal of Innovative Research in Computer and Communication Engineering, 3(7), 170-175.
[14]Lashkari, A. H., Farmand, S., Zakaria, D., Bin, O., & Saleh, D. (2009). Shoulder surfing attack in graphical password authentication. arXiv preprint arXiv:0912.0951.
[15]Suresh, S., & Prakash, G. (2015). On reviewing the limitations of graphical password scheme. Journal of Computer Science and Engineering Research: 2014, 1(1), 31-35.
[16]Harding, A., Van Der Horst, T. W., & Seamons, K. E. (2008, March). Wireless authentication using remote passwords. In Proceedings of the first ACM conference on Wireless network security (pp. 24-29).
[17]Nimbe, P., Frimpong, S. O., & Opoku, M. (2014). An Efficient Strategy for Collision Resolution in Hash Tables. International Journal of Computer Applications, 99(10), 35-41.
[18]Rfwireless-world.com. (2020). Advantages of BLE (Bluetooth Low Energy) | disadvantages of BLE (Bluetooth Low Energy). [online] Available at: https://www.rfwireless-world.com/Terminology/Advantages-and-Disadvantages-of-BLE-Bluetooth-Low-Energy.html [Accessed 5 Feb. 2020].
[19]Ives, B., Walsh, K. R., & Schneider, H. (2004). The domino effect of password reuse. Communications of the ACM, 47(4), 75-78.6
[20]Jacob, N. M. (2016). Vulnerability of data security using MD5 function in php database design. International Journal of Science and Engineering (IJSE), 1(1), 11-15.
[21]Buhari, B. A., Obiniyi, A. A., Sunday, K., & Shehu, S. (2019). Performance evaluation of symmetric data encryption algorithms: Aes and blowfish. Saudi Journal of Engineering and Technology, 4, 407-414.
[22]Al Hasib, A., & Haque, A. A. M. M. (2008). A comparative study of the performance and security issues of AES and RSA cryptography. InConvergence and Hybrid Information Technology. ICCIT'08. Third International Conference on (Vol. 2, pp. 505-510). IEEE.
[23]Singh, R., & Kumar, S. (2012). Elgamal’s algorithm in cryptography.International Journal of Scientific & Engineering Research, 3(12), 1-4.
[24]Toan, N. D. & Hong B. T. (2017) Building Background to the Elgamal Algorithm International Journal of Mathematical Sciences and Computing(IJMSC), Vol.3, No.3, pp.39-49. DOI: 10.5815/ijmsc.2017.03.04.
[25]Rubab, S., & Javed, Y. (2015). Efficient Image Steganogrphic Algorithms Utilizing Transforms: Wavelet and Contourlet with Blowfish Encryption. International Journal of Computer Network & Information Security, 7(2).
[26]Buhari, B. A., Mubarak, A., Bodinga, B. A., & Sifawa, M. D. (2022). Design of a Secure Virtual File Storage System on Cloud using Hybrid Cryptography. International Journal of Advanced Networking and Applications, 13(5), 5143-5151.
[27]Zhang, Y., He, Z., Wan, M., Zhan, M., Zhang, M., Peng, K., ... & Gu, H. (2021). A new message expansion structure for full pipeline SHA-2. IEEE Transactions on Circuits and Systems I: Regular Papers, 68(4), 1553-1566.