الفهرس 
ABSTRACTOnly 14 pages are availabe for public view
 |  | from | 96 |  |  |
| | | from | 96 | | |
Abstract
The need for information security can be traced back thousands of years. As time went on, society became more complex and so did information security. Although the technologies have changed, the underlying reasoning behind security was that people need a secure method of exchanging messages. As recently, the general consensus was that all a user had to do to protect their network was install a firewall in front of their Internet connection and load anti-virus software on their network. Today, things are quite different. Hacking tools can be found
on the Internet and used by beginner hackers.Authentication is used by a system to determine whether or not a given user is who they claim to be. Authentication is the cornerstone of information security since a weak authentication mechanism will cause the rest of the security to be fragile. Unless a proper user authentication and key establishment are being achieved, an adversary (i.e. hackers) can impersonate a legal user and get unauthorized access. Cryptographic algorithm for encryption and integrity cannot perform their function unless secure keys have been established and the users know which parties share such keys. It is essential that protocols for providing and key establishment are fit for their purpose.
Simultaneously, remote user authentication has received a considerable interest. Password¬based authentication is considered as one of the simplest and the most appropriate authentication techniques because’ it has the benefits of implementation cost and favorability to users. In 1981, Leslie Lamport presented the first password-based remote authentication scheme to determine an authorized user within an insecure communication environment. However, high hash fixed cost and the requisite for process resetting decrease its appropriateness for its feasible use. Furthermore, it is a ulnerable to some certain kinds of
security attacks.
Most of the current remote user authentication schemes necessitate time-stamping with precise time synchronization. Because it would be very valuab to conquer the insufficiencies of the accurate time synchronization need. This thesis preser::s an innovative, strong and efficient authentication scheme based on strong-password approach to grant secure remote user authentication which utilizes a nested hashing chain and ernp loys the discrete logarithm problem in the message exchange. The presented solution is based on strong-password approach hence; it uses hashed one-time password in nested chain of two different hash functions chains to reduce the processing cost. It seeks not only mutual authentication, to circumvent time synchronization and to discard password-verification tables, but also to generate a shared session key between the communication partners. We investigate the existing solutions and consider their flaws and drawbacks. Our time-asynchronous remote user authentication scheme has been proposed that cover the vulnerabilities of existing solutions. Also a formal verification and a detailed security analysis of our algorithm are demonstrated