Nowdays, passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines and so on. A computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing programs, databases, networks, web sites, and even reading the morning newspaper online. Earlier password-based authentication systems transmitted a cryptographic hash of the password over a public channel which makes the hash value accessible to an attacker. When this is done, and it is very common, the attacker can work offline, rapidly testing possible passwords against the true password’s hash value. Studies have consistently shown that a large fraction of user-chosen passwords are readily guessed automatically. Recent research advances in password-based authentication have allowed a client and a server mutually to authenticate with a password and meanwhile to establish a cryptographic key for secure communications after authentication. In our system, there exist two servers a group of clients. The two servers cooperate to authenticate clients and provide services to authenticated clients. Prior to authentication, each client chooses a password pw client and generates the password authentication information. The client sends, respective, through different secure channels during the client registration. After that, the client remembers the password only, and the two servers keep the password authentication information.
You are here: Home / IEEE Projects 2013-14 / Two server password only Authentication and key exchange