International Journal of Network Security & Its Applications (IJNSA) Vol. 11, No.4, July 2019
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORDLESS HANDSHAKE Ioannis A. Pikrammenos, Panagiotis Tolis and Panagiotis Perakis School of Computing, Mediterranean College – University of Derby, Athens, Greece
ABSTRACT In this paper the idea of an enhanced security authentication procedure is presented. This procedure prohibits the transmission of the user’s password over the network while still providing the same authentication service. To achieve that, Kerberos Protocol and a secure password repository are adopted, namely a smart card. The conditional access to a smart card system provides a secure place to keep credentials safe. Then, by referencing to them through identifiers, an authentication system may perform its scope without revealing the secrets at all. This elevates the trustworthiness of the mechanism while at the same time it achieves to reduce the overhead of the authentication systems due to the elaborate encryptions procedures.
KEYWORDS Kerberos v5, LDAP, authentication, password handling, smart card
1. INTRODUCTION In this paper a methodology is introduced, capable to prevent the exposure of the user’s password during the authentication phase in a network. The methodology focuses on well-known authentication mechanisms and provides a stepwise approach of security performance improvement. The method achieves to utilize a set of pre-computed passwords hidden to anyone but the authentication system. The method identifies passwords through their position in a list and uses them in random order. The change of passwords infrequent intervals leaves little room for attackers while the system-oriented generation and usage of passwords (transparent to the user) allow for security best practices to be applied. The enhanced capabilities of password utilization improve the performance of the systems as the cryptographic functions are not necessarily applied in a repeatable manner. Several technologies have been reviewed in order to compose a solution available for both open source and proprietary operating systems. The paper is divided as follows; the first section consists of a literature review followed by a section analysing the authentication protocols. Next section embodies the security features of each proposal. The last section presents the proposed solution and its main outcomes. A discussion about challenges and future work are followed by conclusions.
1.1. Authentication and identification Authentication comes from the Greek lemma αὐθεντικός (authentikos) which means “the act of confirming the truth of an attribute of a single piece of data claimed to be true by an entity”. Such attributes indicate the identity of the data by profiling it through its characteristics. Identification refers to the act of stating/indicating a claim purportedly attesting to an entity’s DOI: 10.5121/ijnsa.2019.11401
1