Pub. online:6 May 2020Type:Research ArticleOpen Access
Journal:Informatica
Volume 31, Issue 2 (2020), pp. 277–298
Abstract
The vulnerable part of communications between user and server is the poor authentication level at the user’s side. For example, in e-banking systems for user authentication are used passwords that can be lost or swindled by a person maliciously impersonating bank.
To increase the security of e-banking system users should be supplied by the elements of public key infrastructure (PKI) but not necessary to the extent of standard requirements which are too complicated for ordinary users.
In this paper, we propose two versions of authenticated key agreement protocol (AKAP) which can be simply realized on the user’s side. AKAP is a collection of cryptographic functions having provable security properties.
It is proved that AKAP1 is secure against active adversary under discrete logarithm assumption when formulated certain conditions hold. AKAP2 provides user’s anonymity against eavesdropping adversary. The partial security of AKAP2 is investigated which relies on the security of asymmetric encryption function.
Key Exchange Protocol Defined over a Non-Commuting Group Based on an NP-Complete Decisional Problem
Journal:Informatica
Volume 31, Issue 3 (2020), pp. 459–479
Abstract
After Morris and Thompson wrote the first paper on password security in 1979, strict password policies have been enforced to make sure users follow the rules on passwords. Many such policies require users to select and use a system-generated password. The objective of this paper is to analyse the effectiveness of strict password management policies with respect to how users remember system-generated passwords of different textual types – plaintext strings, passphrases, and hybrid graphical-textual PsychoPass passwords. In an experiment, participants were assigned a random string, passphrase, and PsychoPass passwords and had to memorize them. Surprisingly, no one has remembered either the random string or the passphrase, whereas only 10% of the participants remembered their PsychoPass password. The policies where administrators let systems assign passwords to users are not appropriate. Although PsychoPass passwords are easier to remember, the recall rate of any system-assigned password is below the acceptable level. The findings of this study explain that system-assigned strong passwords are inappropriate and put unacceptable memory burden on users.
The security analysis of the key exchange protocol based on the matrix power function defined over a family of non-commuting groups