ENHANCING PASSWORD SECURITY USING TWO SERVER

AUTHENTICATIONS

A Project report submitted in partial fulfillment

of the requirement for the Award of the Degree of

Bachelor of Computer Applications

By
Vaishnavi upadhyay
(Regd No. 122012501052)

Under the Esteemed guidance of

Y.Niharika

Department of Computer Science

GITAM Institute of Science
GITAM (Deemed to be University)\
Visakhapatnam – 540045, A.P
(2022 – 2023)
 CONTENTS

1. ABSTRACT
1.1 Introduction
1.2 Scope of the system
1.3 Objectives
1.4 Problem statement

2. CURRENT SYSTEM
3. PROPOSED SYSTEM
3.1 Overview
3.2 Functional requirements
3.3 Non-functional requirements
3.4 System models

4. Requirement analysis document:

4.1 Functional Requirements:
4.2 Non-functional requirements

5. System Design Document:

5.1Use Case Model

6. Sample Screens
 1 ABSTRACT

For many years people were used to send the message using the post office and other media

which is not that secure. Passwords are commonly used by people during login process to

access such a computer, ATM, network, etc. Earlier password-based authentication strategy is

used with assume single sever store all passwords to authenticate the client during

authentication. In earlier system the password necessary which is stored in a single server while

authenticate client. The attacker can easily hack on single server, contain all data regarding

password are easily available to attacker. In proposed systems, where a client and a server, to

share a password to authenticate each other and mean while established a cryptographic key by

share of massages. Proposed systems two server authentication, where a password is split into

two parts, which are securely share onto the two servers during authentication
1.1 INTRODUCTION

In an organization several computers are connected in network. This network may connect to
internet. So, the message transmission is done between the computers. Here, we need the
network security to protect our message transmissions. This is the criteria of providing network
security.

Network security involves the authorization of access to data in a network, which is

controlled by the network administrator. Users choose or assigned to username and password
or other authenticating information that allows them access to information and programs within
their authority. Network security covers a verity of computer networks, both public and private,
that are used in everyday jobs conducting transactions and communications among business,
government agencies and individuals. Networks can be private, such as within a company, and
others which might be open to public access. Network security is involved in organizations,
enterprises, and other types of institutions. It does as its title explains: It secures the network,
as well as protecting and overseeing operations being done. The most common and simple way
of protecting a network resource is by assigning it a unique name and a corresponding
password.

The provision and policies adopted by a network administrator to prevent and monitor
unauthorized access, misuse, modification, or denial of a computer network and network-
accessible resources. Network security involves the authorization of access to data in a network,
which is controlled by the network administrator. Uses can choose or are assigned and ID and
password or other authenticating information that allows them access to information and
program within their authority.

Network security covers a variety of computer networks, both public and private, that
are used in everyday jobs conducting transaction and communications among business,
government agencies and individuals. Network can be private, such as within a company, and
others which might be open to public access. Network security is involved in organizations,
enterprises, and other type of institutions.

The networks are computer networks, both public and private, that are used every day
transactions and communications among businesses, government agencies and individuals. The
networks are comprised of “nodes’, which are “client” terminals (individual user PCs), and one
or more “servers” and/or “host” computers. They are linked by communication system, some
of which might be private, such as within a company and others which might be open to public
access. The obvious example of a network system that is open to public access is the Internet,
but many private networks also utilize publicly-accessible communication.
1.2 PURPOSE OF THE SYSTEM
The purpose of the system you described, which enhances password security using two-
server authentication, is to provide an additional layer of security to the traditional
username/password authentication method. The system works by requiring the user to enter
their username and password as usual, but then verifies their identity by sending a request to
a second server, which in turn sends a response back to the first server indicating whether or
not the user is authenticated.

The use of two servers adds an extra layer of security, making it more difficult for attackers
to gain access to sensitive information or accounts. By using Python, you can develop a
program that implements this two-server authentication process in a secure and efficient
manner.

The basic workflow of the system might involve the following steps:

The user enters their username and password into a web or mobile application.

The first server receives the username and password and sends a request to the second server
for authentication.

The second server processes the request and sends a response back to the first server
indicating whether or not the user is authenticated.

If the user is authenticated, the first server grants access to the application. If not, the user is
denied access.

To implement this system using Python, you might use a combination of frameworks and
libraries such as Flask for web application development, requests for sending HTTP requests
between the two servers, and cryptography for encryption and decryption of sensitive data.
1.3 Scope of the system
The scope of your project, which aims to enhance password security using two-server authentication,
will depend on several factors such as the specific requirements and goals of the project, the target
user base, and the available resources and time constraints.

Here are some possible aspects that could be included in the scope of your project:

System architecture: You will need to design the overall architecture of the system, including how the
two servers will communicate with each other and with the client application. You will need to decide
on the programming languages, frameworks, and libraries to be used.

User interface: You may need to develop a user interface for the client application, which could be a
web or mobile app. The interface should be user-friendly and easy to use.

Security measures: The system should include robust security measures to ensure that sensitive
information such as passwords and user data are kept secure. You may need to implement encryption
and decryption algorithms, as well as techniques to prevent hacking attempts such as cross-site
scripting (XSS) and SQL injection attacks.

Testing and quality assurance: You should plan to test the system thoroughly to ensure that it meets
the desired quality standards. You may need to perform unit tests, integration tests, and system tests to
verify that the system is functioning correctly and meeting the requirements.

Documentation: You should document the system architecture, codebase, and user guide to ensure
that the system is maintainable and that future developers can easily understand the system.

Deployment and maintenance: You should plan to deploy the system in a production environment and
ensure that it is maintained and updated regularly to fix any bugs or security vulnerabilities that may
arise.

Overall, the scope of your project should be well-defined and achievable within the given timeframe
and resources. It should also align with the project goals and requirements, and be adaptable to future
changes and updates
 1.4 OBJECTIVE:

The objectives of the system are as follows:

 Enter Plain Text

 Calculate the frequency of each symbol.

 Take the two least frequent symbols and assign them to two leaf nodes. And assign the sum of the
corresponding

 frequencies to the parent node.

 Now select next two least frequency nodes from the rest of the nodes along with the newly created
node and form

 another parent node,

 Repeat step 3 till a complete binary tree is formed.

 Starting from the root, assign ‘0’ to the left child and ‘1’ to the right child of every node till you
reach the leaf nodes.

 To assign the code to the symbol, trace the path from root to the corresponding node.

 The run time complexity of Binary for n characters is O (n log n).

2. Existing System:

Existing system contains the single-server model given in Fig. 1a, where a single server is involved and
it keeps a database of user passwords. As mentioned earlier, most of the existing password system

follow this single-server model, but the single server results in a single point of vulnerability in terms
of offline dictionary attacks against the user password database.
3.Proposed System:

In this proposed system have advantage that encrypted password get store in two server
instead of single server to minimize disadvantage of single server system. Both the server communicate
and exchange messages to authenticate client. OPT (One Time Password) is also a secure solution which
uses random function to generate password and this password get discard after one use. OTP protocol
is overcome drawback of previous systems and provide more security.

3.1Advantages of Proposed system

 Two servers is a better solution for existing system.

 It is very difficult for the attacker to know which two servers are used to store the password.

 Even if the attacker is able to hack into a single server,

 It will have only half the authentication information.

 This information is not sufficient to know the password of the user.

Two-Server Authentication
OVERVIEW

Two-server authentication is a technique used to enhance password security by splitting the password
authentication process between two servers. This system involves the following steps:

User submits password: The user submits their password to the first server, which is referred to as the
Authentication Server (AS).

AS generates token: The AS generates a token (random value) and sends it to the second server,
which is referred to as the Validation Server (VS).

VS encrypts token: The VS encrypts the token using a shared secret key that it shares with the AS and
sends it back to the AS.

AS verifies token: The AS decrypts the token using the shared secret key and verifies that it matches
the token it generated in step 2. If the tokens match, the AS authenticates the user and grants access to
the requested resource.

This process is designed to protect against certain types of attacks. For example, an attacker who
intercepts the user's password during transmission to the AS would not be able to authenticate with
the VS without also having the token generated by the AS. Likewise, an attacker who intercepts the
encrypted token sent by the VS would not be able to decrypt it without also having the shared secret
key.

Two-server authentication can be implemented in a variety of ways, and there are a number of
considerations to take into account when designing such a system, such as choosing appropriate
cryptographic algorithms, managing keys and tokens securely, and ensuring that both servers are
properly secured and maintained. Overall, this technique can help to strengthen password security and
reduce the risk of unauthorized access to sensitive resources
4.REQUIREMENT ANALYSIS DOCUMENT:
4.1Functional Requirements:

It describes the interactions between the system and its environment independent of its
implementation.

The functional requirements are:

Encryption:
Input: Plain text, Find Frequencies, Design Binary Tree
Output: Cipher text.

Decryption:

Input: Cipher text, Design Binary Tree, Find Frequencies

Output: Plain text

Actors:

Actors are external entities that interact with the system. Actors typically include a user
role or another system. They have a unique names and descriptions.

In this project the two actors are Sender and Receiver:

Actor Roles
Sender -- Enter/browse plain text
--Generate cipher text
Receiver -- Design Binary Tree
-- Receive cipher text
--Generate plain text
SENDER:

Input : Plain Text

Output : Binary Tree Data

RECEIVER:

Input : Binary Tree Data

Output : Plain Text

4.2 NON-FUNCTIONAL REQUIREMENTS:

Constraints on the services or funmc32qwwwtions offered by the system such as timing

constraints, constraints on the development process, standards, etc. During this activity, developers,
users and clients agree on aspects like performance of system, documentation, resources, security and
its quality.

● Usability: The GUI of this system provides easy access to the user and user can get best
results for the given input.

● Supportability: System is implemented using Python 3.8.3 IDLE

● Performance: It display the correct result based on the output for all possible correct inputs
at all times when the computer is improper condition

● Reliability: The system reliable to encrypt or decrypt every input message given by user.

● Security: This system provides security by a new approach to encryption using huff-man
coding

● Accuracy: Using Binary Tree it’s hard to decrypt the message.

● Maintainability: This system can adapt any technology and can detect errors.

● Portability: This system can work on windows operating system environment with minimal
changes
5. System Design Document:

5.1Use Case Model

6.Sample Screens