期刊名称:International Journal of Computer Science and Information Technologies
电子版ISSN:0975-9646
出版年度:2017
卷号:8
期号:1
页码:20-26
出版社:TechScience Publications
摘要:Today almost all organizations in the world arenetwork-centric paradigm and to safeguard the data in aworld where technology is advancing, systems are changingrapidly and information flows freely requires efficient securechannel at the endpoint. Security is the heart of IT revolutionand more specifically user authentication and keyestablishment are the rudimentary services in securecommunications. Though many systems, schemes bank onpublic key digital certificate user authentication and keyestablishment, failed in getting authenticated due to someforgery attacks. Public key Digital certificate though gainedpopularity in the public key infrastructure (PKI) in providingauthentication to user public key, itself cannot be used tosafeguard an authenticate user. In this paper, we propose anovel approach using GDC for user authentication and keyestablishment. A GDC is a kind of Digital Certificate whichcontains user’s public information and Digital signaturewhich is issued and signed by the trusted CertificateAuthority. The advantage of GDC is that, unlike the publickey Digital Certificate, it does not contain user’s public key.So, the digital signature can never be revealed to the verifierand this is where a digital signature of GDC becomes asecurity factor that can be used for user authentication. Usingthis phenomenon, we have implemented a Discrete LogarithmProtocol which satisfies in achieving user authentication andsecret key establishment. In addition to this, by using theshared-secret key, we have also exchanged the data betweenthe entities through AES (Advanced Encryption Standard) orTDEA(Triple Data Encryption Algorithm) Cryptographicalgorithm.
关键词:Generalized digital certificate; user authentication;key establishment; shared-secret key; forgery attacks; data;exchange (encryption and decryption).
