Development of Authentication Protocol for Enhancing Security in E Commerce Application

Abstract

With the growth of ecommerce application and widespread utility of internet. Users can access information from faraway server from anywhere anytime through public channel. With the augmentation of malicious attacks, network and information has become an salient issue for web-based services. Thus there is requirement to be observant about the security and validity of users. Authentication of users is one of solution to address the security and legality concerns of users and it is a technique of verifying legitimacy of user. However, an assailant may impersonate as a server to communicate with the user and may grab the user s secret information. Further, the authentication process of the real server too can be passed by adversary, by using the stolen secret information of the user.Therefore,mutual authentication is required is order to protect from an impersonation attack(i.e., forgery attack).Other security requirement of user authentication include ability to protect from insider and outsider attack, denial-of-service-attack, man-in middle attack,eurograbber attack in this web based world ,it is a need of an hour to construct efficient and robust faraway user authentication mechanism to meet such kind security requirements. Depends on cryptographic approaches, various authentication mechanism using smart card have earlier been proposed in faraway server environment. The main objective of this thesis is to provide secure remote user two server authentication scheme using smart card that meets all security requirements. In faraway server environment, this research is based on identity based authentication scheme using smart card. Based on this cryptanalysis, secure authentication schemes using smart card are proposed in the thesis. These schemes meet all the necessary security requirements of authentication scheme and safeguard from various attacks. This research also provides performance analysis, computational overhead, single and multiple server performance on the basis of time consumption, analysis of storage