Secured Dynamic ID-Based Two-Factor Authenticated Key Exchange Protocol With Extended Security Model in Cloud

IPASJ International Journal of Information Technology (IIJIT)
Web Site: http://www.ipasj.org/IIJIT/IIJIT.htm

A Publisher for Research Motivation ........ Email:editoriijit@ipasj.org
Volume 6, Issue 7, July 2018 ISSN 2321-5976
Secured Dynamic ID-Based Two-Factor

Authenticated Key Exchange Protocol With
Extended Security Model In Cloud
G.RAJASEKAR, Dr.T.NIRMALRAJ
ABSTRACT
Data sharing for increased productivity and efficiency is one of the primary requirements today for any
organization. However, protecting online data is critical to the success, which leads to the requirement of efficient
and secure cryptographic schemes for the same. A session password is a password uniquely generated for every
session. The scheme allows the system to automatically generate a session password each time the user logs in. The
session password is generated randomly based on the randomly generated grid. The grid is used as a medium for
password generation. While registration the user must normally enter his username and password while registering
into the system. Now the system stores this password and uses it to generate a unique session password while user
logs in the next time. Proposed system analyzes the security and usability of the proposed scheme, and shows the
support of the scheme to protect from shoulder surfing attack. A data sharing scheme on the cloud is only successful
if data owners can delegate the access rights to their data efficiently to multiple users, who can then access the data
directly from the cloud servers. Data sharing is based on the given time interval which given by the data owner to
the receiver, after the time interval the receiver cant able get the file with the old session key.
INTRODUCTION ABOUT TWO – FACTOR AUTHENTICATION
With the rapid development of low-power and highly efficient networks, mobile users can pay bills, buy goods
online, and carry out electronic transactions by subscribing to various remote services. Though mobile computing
devices are highly portable, they are usually unprotected and easy to be stolen or get lost. Unless precautions are taken,
an unauthorized person may gain access to the information stored on them. For instance, illegal access may be acquired
by intruders if the data is "sniffed out of the air" in wireless communications or some malware is installed. The lack of
authentication and privacy may cause even more severe results like crippled devices, personal data loss, disclosure of
non-public data, or charge of abused usage against the device owner. Mobile computing devices are of great security
concern not only because of the data stored on them, but also for that they may provide access to other services that
store or display non-public data.
The most common method used for authentication is textual password. The vulnerabilities of this method like
eves dropping, dictionary attack, social engineering and shoulder surfing are well known. Random and lengthy
passwords can make the system secure. The alternative techniques are graphical passwords and biometrics. But these
two techniques have their own disadvantages. Bio metrics, such as finger prints, eye scan or face recognition have been
introduced but not yet widely adopted to all the places. The major drawback of this approach is that such systems can be
expensive and the identification process can be slow in older days. There are many graphical password schemes that are
proposed in the last decade. But most of them suffer from shoulder surfing which is becoming quite a big problem.
There are graphical passwords schemes that have been proposed which are resistant to shoulder-surfing but they have
their own drawbacks like usability issues or taking more time for user to login or having tolerance levels. Personal
Digital Assistants are being used by the people to store their personal and confidential information like passwords and
PIN numbers. Authentication should be provided for the usage of these devices.
RELATED WORKS
Volume 6, Issue 7, July 2018 Page 21

OBJECTIVES
The main objective is to avoid shoulder surfing attack using pair based scheme which will generate session
password for the particular session or transaction where there will be virtual keyboard which will shuffle at every
another transaction accordingly.
EXISTING SYSTEM
 A graphical authentication technique, where the user has to select some images from a set of random pictures
when user is going to register and then at the time of login user must have to select the same sequence of
images which he has pre-defined at the time of registration.
 A colour keyboard implementation, where alphabets and numbers of keyboard are given with different colours.
After the user click, all keys on the keyboard shuffles every time. Here, user has to note down particular
position of key before pressing desired key. Then a button named ‘Hide Keys’ have to be pressed, which will
hide all characters from the keys and empty keys will be displayed before user. Then user has to click on that
key which has the desired key earlier. For which the user can make use of key colour for remembering it.
 In existing Research, RSA with DES algorithm had used. In the proposed Storage Management the concept of
cloud storage along with enhanced more security using encryption techniques where either storing complete
file or data on single cloud system. This system will split the file in different parts then encrypt it & store on
different cloud. The data needed to be decrypted & re-arranged that file will be stored in meta-data
management server for efficient retrieval of original file. Further, it is tested in cloud environment. Some
research uses DES and Triple DES Algorithm. An effective and secure data access control scheme with
efficient decryption and revocation.
Some Of The Existing Algorithms In Cloud Security
RSA ALGORITHM
RSA algorithm is public key encryption. This algorithm is brought to life by Ron Rivest, Adi Shamir and Len
Adelman in 1977. It is hottest asymmetric key cryptographic algorithm. It may well used to provide secrecy. There in
algorithm uses the top number to come up with people key and key depending on mathematical fact and multiplying
huge numbers together. It uses the block size data during which plain text and cipher text are integers between 0 and n
for a lot of n values. Size n is known as 1024 bits. The real challenge in the case of RSA algorithm would be the
selection and generation of the public and private key. Within this two di_erent keys can be used encryption and
decryption. As sender knows about the encryption key and receiver knows about the decryption key, the way we can
generate encryption and decryption get into RSA. The whole process are made in below:
Choose two different large random prime numbers p and q such

Calculate n=pq
n is the modulus for the public key and the private keys
Compute the totient ϕ(n)=(p-1)(q-1)
Choose an integer e such that 1 < e < ϕ(n) and e is co-prime to ϕ(n).
e is released as the public key exponent
Compute d to satisfy the congruence relation de=1 (mod ϕ(n))
d is kept as the private key exponent
DES ALGORITHM
Data Encryption Standard (DES) also known as the Data Encryption Algorithm. Des algorithm provide
improvement over the RSA algorithm. The speeds of Des encryption can be several M per second, it can be well suited
for encrypted numerous message, RSA algorithm will be based upon the issue of factoring, and it is computing velocity
is slower than DES, RSA algorithm is merely well suited for once. DES is really a block cipher. It encrypts the data in
block height and width of 64 bits each. That’s 64 bits are plain text goes as the input to DES, which produce 64 items
of cipher text. Same key and algorithm can be used as encryption and decryption. DES uses 56 bits key but initial key is
made up of 64 bits. Key is 56 items of 8,16,24,32,40,48,56,64 are discarded. Two fundamental features of cryptography
Diffusion and Confusion rounds. In each round key and data bits are shifted, permuted, XOR ed and sent through, 8
round 64 bit plain-text is handed to initial permutation(IP). Then IP generates two halves left plain=text(LPT) and
right plain-text(RPT). Each LPT and RPT goes through 16 rounds. At the last LPT and RPT are rejoined. Decryption is
same process perform rounds in reverse order.
DISADVANTAGES OF EXITSTING METHOD

 User expects a safe solution to provide the high level of Automation and management.
 The Data transmitted to the users through networks which may be insecure.
 So, that the internet security problems will affect the cloud, with greater risks due to valuable resources
stored within the cloud and cloud vulnerability.
 A graphical authentication technique and A colour keyboard implementation, these techniques are
vulnerable to shoulder surfing attack.
 Receiver can retrieve the file for a long time with the same key, and this receiver can also distribute to
other more users.
PROPOSED SYSTEM
Session Grid algorithm
The session password is generated randomly based on the randomly generated grid. The grid is used as a
medium for password generation. While registration the user must normally enter his username and password while
registering into the system. Now the system stores this password and uses it to generate a unique session password
while user logs in the next time. This session based authentication system uses the user password and compares
alphabets contained alongside a 6*6 grid with letters a-z and numbers 0-9. The user needs to know the original
password and the generation scheme to enter the exact password.
 In this project, it is proposed an improved text-based shoulder surfing resistant scheme by using pair based
scheme is used for alphabet, digit , symbols where session password will form at every session or transaction
using virtual shuffling keyboard.
 At the time of registration user have to submit password. Particularly the length of the password is 8 and it can
be named as secret key.
 The secret key consists of even or odd number of characters.
 Then next stage is the login phase, when the user enters his username as an interface, the 6 x 6 grid display of
row and column size screened before user.
 The grid display consists of alphabets and numbers. These are sequentially placed on the grid at every cell and
this interface changes every time according to every transaction.
 According to pair based scheme, user have taken first letter from his registered password as row wise and
second letter as column wise and then the intersection which will form will be the part of session password.
 As each and every time the keyboard will shuffle, the session password will also change and hence
automatically security is getting to login.
 Data sharing is based on the given time interval which given by the data owner to the receiver, after the time
interval the receiver cant able get the file with the old session key.
The allocation steps of this pattern is:

1. Calculate deserved logic core of each session Deserved logic core = session priority/ sum of the priority of all the
sessions * all the available logic core.
2. Logic core allocated to each session= Min(ground(Deserved logic core, amount of unexecuted tasks).
3. For sessions whose amount of unexecuted tasks is less than deserved logic core, make the difference added to the
left logic core, and delete these sessions from unallocated session list.
4. Calculate the allocation proportion for each unallocated session: priority /owned logic
core. And sort sessions which cannot get available resource based on this proportion.
5. Allocate one logic core to the session having the highest proportion.
6.Repeat step iv until all the logic core is allocated.

SESSION GRID MODEL
An example of this Session scheduling Grid algorithm:

There are N OPEN sessions in the system; they are labeled as S1, S2… Sn. 0=< N < 1000000;
The priority of S1, S2,…,Sn is labeled as P1,
P2,……, Pn;
The minimum service instance amount of S1, S2, …,Sn is labeled as M1, M2,…,Mn;
The amount of unexecuted tasks of S1, S2,…, Sn is labeled as T1, T2, …, Tn;
The sum of unexecuted tasks of all OPEN sessions is labeled as T;
The sum of minimum service instance of all OPEN sessions is labeled as M;
The sum of priority of all OPEN sessions is 5 labeled as P;
The amount of current resource allocated to a service is labeled as R;
The pre-start mount of service instance of a service is labeled as L;
Resource request factor is labeled as H, resource release factor is labeled as L;
T = T1 + T2 + … +Tn
M = M1 + M2 + … + Mn
P = P1 + P2 + … + Pn
The minimum amount of service instance allocated to session S1 :
Min(S1) = Max (M1, Round (T1/H) + 1).
The maximum amount of service instance allocated to session S1 :
Max(S1) = Max (M1, Round (T1/L) + 1).
So, the minimum amount of service instance allocated to session Sn :
Min(Sn) = Max (Mn, Round (Tn/H) + 1).
The maximum amount of service instance allocated to session Sn :
Max(Sn) = Max (Mn, Round (Tn/L) + 1).
Assumed that the available minimum amount and maximum amount of service instance of this grid computing system
is labeled as Min(S) and Max(S), then:
Min(S) = Min(S1) + Min(S2) + …. + Min(Sn).
Max(S) = Max(S1) + Max(S2) + …. + Max(Sn).
ADVANTAGES
 Proposed system analyzes the security and usability of the proposed scheme, and shows the support of the
scheme to shoulder surfing attack.
 It must provide in order to prevent hackers from accessing the data present in account of particulars.
 The vulnerabilities like dictionary attack, social engineering and shoulder surfing attack, are avoidable by using
this proposed scheme.

IMPLEMENT OF PROPOSED DESIGN

SYSTEM ARCHITECTURE
The overall processing architecture of the proposed system. It provides how the data transferred to the cloud and the
encryption and decryption
rocess.
SYSTEM ARCHITECTURE DIAGRAM
Session Grid algorithm

The session password is generated randomly based on the randomly generated grid. The grid is used as a
medium for password generation. While registration the user must normally enter his username and password while
registering into the system. Now the system stores this password and uses it to generate a unique session password
while user logs in the next time. This session based authentication system uses the user password and compares
alphabets contained alongside a 6*6 grid with letters a-z and numbers 0-9. The user needs to know the original
password and the generation scheme to enter the exact password.
File upload and Encryption

Each file which is to be uploaded is encrypted with encryption key. Once file is encrypted, next step is to
upload it to the storage system along with data decryption key. Owner speciﬁes the set of attributes for access structure,

it then encrypts the file. Finally, owner uploads encrypted file and encryption key and set of attributes to the storage
system.
User Upload file Encryption

Process
Encrypted
files stored
FILE UPLOAD AND ENCRYPTION
File Decryption and Download
User requests the file by providing details and in response system replies with encrypted file. Before that the
system will check the role and signature of the users whether the receiver have the same role as the sender mentioned.
It will avoid the unauthorized users or hackers. The receiver receives the encrypted file, and he has correct role and
signature, if it’s correct, the original file gets decrypted for the receiver. This allows them to access information without
authorization and thus poses a risk to information privacy.
View Shared Choose a file

Receiver to
files
downloa
Give the
generated key
FILE DECRYPTION AND DOWNLOAD
HOMEPAGE
The above figure shows Home Screen. It contains Two modules. First one is Sign up and second one is Sign
in. First we need to click the Signup for registering the name and other details in the data registration page.
File Decryption
Original File
Access
REGISTRATION PAGE
The above figure shows Data Registration. The data owner registration need to fill the details like Full name,
User name, Registration Password, Profession, mobile number, mail id etc., after filling all the details, then click the
submit button. After that submission button, it shows the “Successfully Registered” message in the same window.
LOGIN PAGE
LOGIN PAGE

The above figure shows User login. User can enter the username and password and then click submit button to
login. Here the grid shows dummy for just user knows that download key generated from the grid only.
USER HOMEPAGE
The above figure indicates User Page for File Upload, File Share and Download Files. User can select any one
the above three for his further action.
FILE UPLOAD PAGE

The above figure indicates file uploading. In this data owner has to click choose file button, then data owner
chooses their personal file to upload in cloud storage and then click the send file button. The chosen file stored in Cloud
storage.
SHARE FILE PAGE
SHARE FILE PAGE

The above figure indicates the Share the Data. Here the user can share any data, that is which is one uploaded
in the cloud. That may be text(.doc, .docx, .txt, .odt, .pdf, .rtf, . picture(.jpeg,.tiff.gif,.bmp, .png, .pgm,.etc.) or other
file. The user can select the file and set the time for download the file. It means the receiver can download the file on
the particular time limit only, otherwise the file will be automatically destroyed.
CONCLUSSION
There are many techniques which are proposed for preventing shoulder surfing attack, with all proposed
techniques the session based password scheme using shuffling keyboard with Pair Based method is more effective and
secure to shoulder surfing attack, as this technique is providing a particular session password for every session or
transaction Also, it is easy to use and handle, hence in near future, this technique has scope to use in many fields for
the security purpose. In this paper, we proposed an Anonymous Two-Factor AKE scheme which preserves security
against various attacks including de-synchronization attack, lost-smart-card attack and password guessing attack, and
supports several desirable properties including perfect forward secrecy, anonymity or untraceability, adaptively
password change, no centralized password storage, and no long-term public key. Furthermore, our protocol maintain
high efficiency in terms of storage requirement, communication cost as well as computational complexity. Our protocol
requires only a few number of message flows and all the transmitted messages are short in size. Additional, the
proposed scheme is provably secure in our extended security model of AKE. Therefore, the proposed scheme is suitable
for deployment in various low-power networks, in particular, the pervasive and mobile computing networks.
REFERENCES
[1] Li Yang, Jian-Feng Ma, and Qi Jiang, “Mutual Authentication Scheme with Smart Cards and Password under
Trusted Computing”, International Journal of Network Security, Vol.14, No.3, PP. 156–163, 2012.
[2] ] A. K. Awasthi and S. Lal “An enhanced remote user authentication scheme using smart cards”, IEEE Trans.
Consumer Electron., vol. 50, No. 2, pp. - , May 2014
[3] Al-Sakib Khan Pathan and Choong Seon, “An Improved Timestamp-Based Password Authentication Scheme Using
Smart Cards”, IEEE Trans. Communication Technology, DOI: 10.1109/ICACT.2007

[4] Ding Wang, Ping Wang, Chun-guang Ma, and Zhong Chen,” Robust Smart Card based Password Authentication
Scheme against Smart Card Security Breach”, IEEE Trans. On Information Forensics, Vol 10, Issue 9, 2015.
[5] Qi Xie, “Security Analysis of a Single Sign-On Mechanism for Distributed Computer Networks”, IEEE
Transactions On Industrial Informatics, VOL. 9, NO. 1, FEBRUARY 2013.
[6] G.Wang, J.Yu and Q.Xie, "Security analysis of a single sign-On Mechanism for Distributed Computer Networks",
IEEE Trans. Ind. Inf., vol. 9, no. 1, pp. 294-302, 2013.
[7] L. Barolli and F. Xhafa, "JXTA-OVERLAY: A P2P platform for distributed, collaborative and ubiquitous
computing", IEEE Trans. Ind. Electron., vol. 58, no. 6, pp. 2163-2172, Oct. 2010
[8] Y. Huang, W. Lin, and H. Li, "Efficient Implementation of RFID Mutual Authentication Protocol", IEEE Trans.
Ind. Electron., vol.59, no. 12, pp. 4784 - 4791, 2012.
[9] B.Wang and M. Ma, "A server independent authentication scheme for RFID systems", IEEE Trans. Ind. Inf., vol. 8,
no. 3, pp. 689-696, Aug. 2012.
[10] B. Fabian, T. Ermakova, and C. Muller, "SHARDIS: A privacy enhanced discovery service for RFID-based
product information", IEEE Trans. Ind. Inf., vol. 8, no. 3, pp. 07-718, Aug. 2012
[11] M. Hwang, and L. Li, "A new remote user authentication scheme using smart cards", IEEE Trans. Consum.
Electron., 2016, 46(1): 28-30.
AUTHOR
G.RAJASEKAR received the B.C.A., degree from University of Madras in 2001, M.Sc(IT) degree from
Alagappa University in 2007, B.Ed., degree from Indira Gandhi National Open University (IGNOU) in
2004respectively. He is currently working as a Computer Instructor, Chennai . Hr. Sec. School, CIT
Nagar, Chennai - 600 035.
Dr.T.NIRMALRAJ M.Sc.,M.Phil, Ph.D., Working as a Assistant Professor in SCSVMV

University, Kanchipuram. His Area of Interest lies in Networking. He published a paper titled
Comparative and Technical Analysis of Broadband Access Technologies in Pacific Journals of
Science and Technology. Volume No:12(1)292-297.

Secured Dynamic ID-Based Two-Factor Authenticated Key Exchange Protocol With Extended Security Model in Cloud

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Secured Dynamic ID-Based Two-Factor Authenticated Key Exchange Protocol With Extended Security Model in Cloud

Uploaded by

Copyright:

Available Formats

IPASJ International Journal of Information Technology (IIJIT)

Web Site: http://www.ipasj.org/IIJIT/IIJIT.htm

Secured Dynamic ID-Based Two-Factor

INTRODUCTION ABOUT TWO – FACTOR AUTHENTICATION

Volume 6, Issue 7, July 2018 Page 21

Choose two different large random prime numbers p and q such

DISADVANTAGES OF EXITSTING METHOD

 The secret key consists of even or odd number of characters.

The allocation steps of this pattern is:

Volume 6, Issue 7, July 2018 Page 23

SESSION GRID MODEL

An example of this Session scheduling Grid algorithm:

Volume 6, Issue 7, July 2018 Page 24

IMPLEMENT OF PROPOSED DESIGN

SYSTEM ARCHITECTURE DIAGRAM

Session Grid algorithm

File upload and Encryption

Volume 6, Issue 7, July 2018 Page 25

User Upload file Encryption

View Shared Choose a file

Volume 6, Issue 7, July 2018 Page 26

FILE UPLOAD PAGE

SHARE FILE PAGE

Volume 6, Issue 7, July 2018 Page 27

Dr.T.NIRMALRAJ M.Sc.,M.Phil, Ph.D., Working as a Assistant Professor in SCSVMV

Volume 6, Issue 7, July 2018 Page 28

You might also like