Higher Security for Login System Using RSA and One-time Pad Schemes

Authors

  • Kritsanapong Somsuk Department of Computer and Communication Engineering, Faculty of Technology, Udon Thani Rajabhat University, UDRU, Udonthani, Thailand.

Keywords:

Login System, RSA Scheme, One-time Pad (OPT), Security, Li Ming –Xin’s Method, Time,

Abstract

The aim of this paper is to propose a new methodology to increase the security for Login System using RSA and One-time pad (OTP). In the past, the application of RSA with Login System focused on keeping the private key in the server. However, this approach has limitation, in which the overall system can be broken whenever the private key is recovered. Therefore, this paper proposes a different method where the RSA’s private key used for exchanging OTP’s key is kept at the client’s side, whilst the public key and modulus are kept in the database. Furthermore, as a preventive measure from the attackers, the OTP’s key is generated in the server. If it is created at the client’s side, the attackers can trap both the encrypted key and encrypted password from client. Accordingly, they can send both of them to the server without encrypting again and without knowing the password. In addition, the RSA’s process in the server is an encryption process only. That means it takes only a small computation cost for computing modular exponentiation because the public key is always small when compared with the private key. Assuming that the client’s private key is recovered, only the client system whose private key can be found will be broken, which implies that it does not affect to other clients. The experimental results show that although users must remember their private keys and consumes more time, the new proposed system is very strong and secure. Therefore, users who use this system can access the web application without worrying the attackers.

References

L.M. Xin, K. Feng, “An improved sign-in scheme based on RSA cryptosystem”, International Conference on Computer Application and System Modeling, Taiyuan, 2010, pp.35 – 37.

R.L. Rivest, A. Shamir, L. Adleman, “A method for obtaining digital signatures and public key cryptosystems”, Communications of ACM, vol. 21, 1978, pp. 120 – 126.

W.Diffie, M.E. Hellman, “New directions in cryptography”, IEEE Transactions on Information Theory, vol. 22, 1976, pp. 644–654.

M. Sarvabhatla, C.M. Reddy , C.S. Vorugunti, “A Secure and Light Weight Authentication Service in Hadoop using One Time Pad”, International Symposium on Big Data and Cloud Computin, Chennai, 2015, pp.81-86.

J.A. Buchmann. “Introduction to Cryptography”, United States of America: Springer-Verlag, 2000.

Big-integer: https://www.npmjs.com/package/big-integer.

O. Nibouche, M. Nibouche, A. Bouridane, “Highspeed FPGA implementation of RSA encryption algorithm”,Electronics, circuits and Systems, vol. 1, 2003, pp. 204-207.

A.Mazzero, L.Romano, G.P. Saggese, N. Mazzocca, “FPGA-based Implementation of a serial RSA processor”, Design, Automation and Test in Europe Conference and Exhibition, 2003, pp. 582 – 587.

J. Elbirt. “Understanding and Applying Cryptography and Data Security”, United Kingdom: Auerbach Publications, 2009.

Class: Math_BigInteger: https://pear.php.net/package/Math_BigInteger /docs/latest/ Math_BigInteger/Math_BigInteger.html.

K. Kim, B. Ndibanje, S. Park, H. Lee, “New Security Login System Using Tap and Gesture on Smartphone Touchscreen”, International Conference on Advanced Communication Technology, Pyeongchang, 2016, pp. 628 – 633.

A. Waheed, M.A. Shah, A. Khan, “Secure login Protocols: An Analysis on Modern Attacks and Solutions”, International Conference on Automation and Computing, Colchester, 2016, pp. 535 – 541.

W. Trappe, L. Washington. “Introduction to Cryptography with Coding Theory”, United States of America: Pearson, 2005.

Downloads

Published

2018-02-15

How to Cite

Somsuk, K. (2018). Higher Security for Login System Using RSA and One-time Pad Schemes. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(1-8), 99–103. Retrieved from https://jtec.utem.edu.my/jtec/article/view/3743

Issue

Vol. 10 No. 1-8: Breakthrough To Excellence in Communication and Computer Engineering IV

Section

Articles

License

TRANSFER OF COPYRIGHT AGREEMENT

The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):

  1. All proprietary right other than copyright, such as patent rights
  2. The right to make further copies of all or part of the published article for my use in classroom teaching
  3. The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
  4. The right to make copies of the published work for internal distribution within the institution that employs me

I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.