In this section I will present the procedure that a user has to follow in order to successfully authenticate and gain access to his personal account. It is divided into two sections. The registration procedure in which a new member of the website is inserted into the database and the login procedure in which this member tries to access his account. The registration procedure happens only once whereas the login procedure can occur whenever the user wants. But first we must mention some things about the Diffie-Hellman protocol that is used here in this section.
DIFFIE-HELLMAN PROTOCOL(KEY EXCHANGE)
It is a cryptographical method for secure exchange of keys between two sides. I will explain the basic idea and how it is implemented inside our procedure. We have two users here, A and B and both of them want to share the same key but they cannot do it because they try to transfer data through an insecure communication channel. Let's assume that a third user C(eavesdropper) is watching the connection between the two users A and B in order to find out which is the key.
With Diffie-Hellman it is possible for A and B to agree to a key without letting C know about it. And the procedure is described in the steps below.
1. User A has a prime number(p) and a generator number (g). Those numbers are integers. User A sends those numbers to B so B now has p and g. Since C is in the middle he also gets to know p and g.
2. User A has another number (a) which is also an integer. User B has a similar number (b) stored. Those two numbers are not transmitted and they are different for A and B.
3. The procedure for the calculation of a common secret key starts. User A calculates an expression A=g^a mod p. He then sends A to user B. Accordingly B calculates another expression B=g^b mod p and sends B to user A. So since C is watching closely, he also gains access to A and B expressions.
4. Now that user A has B expression he calculates the expression SKEY=B^a mod p. Accordingly B user calculates the expression SKEY=A^b mod p. On the other hand user C cannot calculate SKEY because a and b numbers are never transmitted through the channel.
In our case user A is the server and user B is the user's smartphone. So this is what SKEY column represents at the database that we introduced in the previous section.
REGISTRATION
Let's assume that a new user visits a website and wants to create an account. The following figure illustrates the registration form.
DIFFIE-HELLMAN PROTOCOL(KEY EXCHANGE)
It is a cryptographical method for secure exchange of keys between two sides. I will explain the basic idea and how it is implemented inside our procedure. We have two users here, A and B and both of them want to share the same key but they cannot do it because they try to transfer data through an insecure communication channel. Let's assume that a third user C(eavesdropper) is watching the connection between the two users A and B in order to find out which is the key.
With Diffie-Hellman it is possible for A and B to agree to a key without letting C know about it. And the procedure is described in the steps below.
1. User A has a prime number(p) and a generator number (g). Those numbers are integers. User A sends those numbers to B so B now has p and g. Since C is in the middle he also gets to know p and g.
2. User A has another number (a) which is also an integer. User B has a similar number (b) stored. Those two numbers are not transmitted and they are different for A and B.
3. The procedure for the calculation of a common secret key starts. User A calculates an expression A=g^a mod p. He then sends A to user B. Accordingly B calculates another expression B=g^b mod p and sends B to user A. So since C is watching closely, he also gains access to A and B expressions.
4. Now that user A has B expression he calculates the expression SKEY=B^a mod p. Accordingly B user calculates the expression SKEY=A^b mod p. On the other hand user C cannot calculate SKEY because a and b numbers are never transmitted through the channel.
In our case user A is the server and user B is the user's smartphone. So this is what SKEY column represents at the database that we introduced in the previous section.
REGISTRATION
Let's assume that a new user visits a website and wants to create an account. The following figure illustrates the registration form.
Figure 1.
We assume that the new user selects "Jack" as a username and a password. He then fills all the rest information and hits register. The registration procedure won't be completed imediately as a challenge is presented to him in the form of a qr code as shown in the figure below.
Figure 2.
Now the website expects the user to insert the correct response in the fields below the QR code. The challenge i calculated after the Diffie-Hellman protocol (server, smartphone) takes effect. Now the user has to use his smartphone and our android app in order to produce a valid response to this challenge. Otherwise his account will not be created. So we open the AST app (Android Security Token) that we created and the menu below is shown.
Figure 3.
In order to unlock the app the user has to choose a password. Then, since he wants to register to a website he has to hit the Register button from the menu above in order to gain access to the registration QR scanner as shown in Figure 4.
Copyright © All Rights Reserved
Figure 4.
Once the QR code scanner is accessed he app to be user-friendly, this response (which is a number) takes the form of small common language wordthe user scans the challenge presented to his screen and a response is calculated. Just because we want ts taken from a dictionary. So what we have in the end is the answer below:
Figure 5.
These four words represent the response. The new user then inserts those words in the empty fields of Figure 2 and his account is created. The SKEY column is now calculated and stored in the database. The SKEY is a unique number for every user and it is used as a cipher key for the login procedure that will follow in PART 2.
Copyright © All Rights Reserved
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου