Secure Authentication: Eliminating Possible Backdoors in Client-Server Endorsement

Communications takes place between unknown entities with no prior relationship and no common security domain. These entities are mostly based on challenge-response authentication protocol in which one party presents a “challenge” and another party must provide a valid “response” to be authenticated....

Full description

Saved in:
Bibliographic Details
Published in:Procedia computer science 2016, Vol.85, p.606-615
Main Authors: Jyotiyana, Jai Prakash, Mishra, Arun
Format: Article
Language:English
Subjects:
Authentication
Backdoors
Code Insertion
Dynamic Binary Translator
Security
Software Fault Isolation
Source Code Modification
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Communications takes place between unknown entities with no prior relationship and no common security domain. These entities are mostly based on challenge-response authentication protocol in which one party presents a “challenge” and another party must provide a valid “response” to be authenticated. The simplest example of a challenge-response protocol is password authentication, where the challenge is asking for the password and the valid response is the correct password. This type of system suffers from weak authentication and is open with vulnerabilities. An adversary can take advantage of these vulnerabilities as backdoors. A malicious developer can modify source or binary code or insert malicious code in original source code to bypass authentication programming logic. Proposed approach eliminates these backdoors from authentication system and provides trusted authentication between parties. Authentication system has been designed which consist functions which are involved in generating verification signature and comparing challenge and response. The approach includes two steps; first, verify whether authentication system is temper proof. Second, is to separate execution of authentication system from other applications running on server. The execution of authentication system needs to be kept secure at low level where instructions are translated and memory is allocated for execution. Proposed approach reduces the possibility of return oriented programming attacks. Also it prevents authentication system from getting affected by extra parameters, global variables and malicious application running on server, and do not let authentication logic to bypass.
ISSN:1877-0509
1877-0509
DOI:10.1016/j.procs.2016.05.227