Research Article Open Access

A Non-Exchanged Password Scheme for Password-Based Authentication in Client-Server Systems

Shakir M. Hussain and Hussein Al-Bahadili

Abstract

The password-based authentication is widely used in client-server systems. This research presents a non-exchanged password scheme for password-based authentication. This scheme constructs a Digital Signature (DS) that is derived from the user password. The digital signature is then exchanged instead of the password itself for the purpose of authentication. Therefore, we refer to it as a Password-Based Digital Signature (PBDS) scheme. It consists of three phases, in the first phase a password-based Permutation (P) is computed using the Key-Based Random Permutation (KBRP) method. The second phase utilizes P to derive a Key (K) using the Password-Based Key Derivation (PBKD) algorithm. The third phase uses P and K to generate the exchanged DS. The scheme has a number of features that shows its advantages over other password authentication approaches.

American Journal of Applied Sciences
Volume 5 No. 12, 2008, 1630-1634

DOI: https://doi.org/10.3844/ajassp.2008.1630.1634

Submitted On: 4 January 2008 Published On: 31 December 2008

How to Cite: Hussain, S. M. & Al-Bahadili, H. (2008). A Non-Exchanged Password Scheme for Password-Based Authentication in Client-Server Systems . American Journal of Applied Sciences, 5(12), 1630-1634. https://doi.org/10.3844/ajassp.2008.1630.1634

  • 2,078 Views
  • 1,905 Downloads
  • 4 Citations

Download

Keywords

  • Password-based authentication
  • KBRP method
  • PBKD algorithm
  • key derivation