Security Enhancement Using Two-Server Model
These days, most of the Internet Services use a single server model, where a single server is used to store the encrypted password. But, in case this server gets compromised, whole of the user’s data is lost. So, to address this problem we may use multiple servers to store a single user password. In this paper we present the technique of using two servers for storing the encrypted password. Here, firstly we are dividing the user’s password into two parts, then encrypting it and storing it into two separate servers. Further, the original password is retrieved by decrypting and combing the two parts of the password. Our system has a number of other features. Like in our system, only a front-end service server interacts directly with the users while a control server which does not interact with the user remains behind the scene; therefore, it can be directly implemented to strengthen the existing single-server password system that uses only a single server to store the password. In addition, the system is secure against various kinds of attack like the Brute Force Attack which may be either Dictionary attack or exhaustive search.
Anshu Malhotra, Animesh Sit, Neeraj Dubey, Abhinav Tyagi, Pranav Bhatia