Web Applications Login Authentication Scheme Using Hybrid Cryptography with User Anonymity

• Published in: International journal of information engineering and electronic business Vol. 14; no. 5; p. 42
• Main Authors: Bello Alhaji Buhari, Afolayan, Ayodele Obiniyi
• Format: Journal Article
• Language: English
• Published: Hong Kong Modern Education and Computer Science Press 01.10.2022
• Subjects: Access control; Applications programs; Authentication; Cryptography; Encryption; Hash based algorithms; Passwords; Privacy; Secrecy aspects; Security
• ISSN: 2074-9023; 2074-9031
• DOI: 10.5815/ijieeb.2022.05.05

It is a common requirement for modern web applications as many if not all services that need personalization and control of access move online. Due to increase in these services becoming online, login authentications become targets to attackers. Therefore, there is need for secure and efficient web application login authentication schemes to ensure users access control, security and privacy. Present schemes have limitations such as users spent a lot of time browsing to create image portfolios than to create passwords and PINs, subject to active impersonation attack, some will only suit well for financial transaction system due to the TIC involved, some may have hash collisions, some require addition BLE device to be install and available on the authentication systems and cannot be used for higher data rates and long distance unlike cellular and WiFi devices, some involves reuse of password at single or multiple service providers which may lead to a password reuse attack called domino effect and some work well in application that needs to share permission with other applications like social media applications inform of APIs and improvising of user anonymity. We propose an improved web application login authentication scheme using hybrid cryptography with user anonymity. The improved scheme used blowfish – the most efficient private key algorithm, Elgamal – very secure public key algorithm and SHA-2 hash function combined together to enable high performance and security. The methods are thoroughly discussed and its security evaluated to show that it provides password protection, user privacy, perfect forward secrecy, mutual authentication and security against impersonation attack.