Publication Date

2012

Document Type

Thesis

Committee Members

Travis Doom (Committee Member), Andrew Hsu (Other), Jack Jean (Committee Member), Meilin Liu (Advisor), Mateen Rizki (Other)

Degree Name

Master of Science (MS)

Abstract

User authentication plays a very important role in building a secure computing system. In this thesis, we first studied and investigated existing user authentication schemes and some basic concepts of smart cards. We then proposed and implemented an improved user authentication scheme based on the smart card, specifically, Java card. We simulated a web server, and implemented the user authentication scheme with the Java card by programming a Java card applet and a Java program to send commands and receive responses from the card.

The proposed user authentication scheme has two phases: the registration phase and the user authentication phase. In the registration phase, the server triggers the Java card to generate a secret value and store it. Then the Java card uses this secret value and hashes the username and password combination, which is stored in the web server's authentication database. The user's login request to the web server will start the user authentication phase, where the smart card will compute the hash, using the username and password entered, and return it to the web server for user verification. The implementation of the proposed user authentication scheme proved the correctness and effectiveness of the scheme. Compared with the previous user authentication schemes, our proposed authentication scheme is more secure because it implements a two-factor authentication. Even if the user's password is compromised, a user would still need the smart card to log into the system.

Page Count

60

Department or Program

Department of Computer Science

Year Degree Awarded

2012


Share

COinS