Integrated Quantum and Classical Key Scheme for Two Servers Password Authentication

Abstract

Problem statement: Traditional user authentication system uses passwords for their secured accessibility in a central server, which is prone to attack by adversaries. The adversaries gain access to the contents of the user in attack prone servers. To overcome this problem, the multi-server systems were being proposed in which the user communicate in parallel with several or all of the servers for the purpose of authentication. Such system requires a large communication bandwidth and needs for synchronization at the user. Approach: Present an efficient two server user password authentication and reduce the usage of communication traffic and bandwidth consumption between the servers. Integration of quantum and classical key exchange model is deployed to safeguard user access security in large networks. The proposed work presented, a two server system, front end service server interacts directly to the user and the back end control server visible to the service server. The performance measure of the user password made for the transformed two long secrets held by both service and control server. Further the proposal applied quantum key distribution model along with classical key exchange in the two server authentication. Three-party Quantum key distribution used in this model, one with implicit user authentication and other with explicit mutual authentication, deployed for ecommerce buyer authentication in internet peer servers. Results: Effect of online and offline dictionary attacks prevailing in the single and multi-server systems are analyzed. The performance efficiency test carried out in terms success rate of authenticity for two server shows 35% better than single server. The performance of integrated Quantum Key Distribution (QKD) systems and classical public key model have shown experimentally better performance in terms of computational efficiency and security rounds (11% improvement) than traditional cryptic security model. Conclusion: With the results obtained it is concluded that intricate security principle of quantum theory and traditional public key model integration provides an improved security model for password authentication between the password exchanges of two servers.