A New Secure Passwordless Multi-Server Modified Authenticated Master-Key Agreement Scheme Based on Hardware-Software and Iriscode Identifiers Through SSL/TLS Protocol for E-learning and Similar Web-based Services

Abstract

There is a growing concern about systems security and how to organize it. This is because the internet which is the backbone of all systems is regarded as unsafe. Also, the internet transmits all connection transactions in the E-learning and similar web-based systems and as a result, intruders and attackers by abusing security holes can compromise the system. The E-learning and other similar systems should be safe against threats and manipulation by intruders and should protect the privacy of users. The purpose of this paper is to provide an authentication model based on hardware, software and iriscode identifiers through the SSL/TLS protocol, in order to significantly improve the security and privacy level, while at the same time, maintain the system performance at an acceptable level. There are major differences between our model and other similar works, such as: no need to password in registration and login phase, using of iriscode identifier, isolation of users profiles based on hardware and software identifiers of relying party, enhancing master secret key exchange phase in the SSL/TLS protocol, no need to password change phase, strong performance in comparison with other approaches because of using SHA-3 function and removing password change phase, capability of providing authentication services over large networks and internet. Also according to conducted studies and tests, the mentioned solution can significantly improve the system security, as well as maintain its function at an acceptable level. Therefore the proposed model easily can be used for immunize E-learning and similar web-based systems that works through internet. The proposed model improves the 32.50% security and 63.58% execution time in comparison to average of five newest methods.