Insider Attack Protection: Lightweight Password-Based Authentication Techniques Using ECC

The radical advancement in web services has drawn more attention toward intensifying the security of numerous applications that interact and serve the Internet users. In order to access the different applications on the web, users need to disclose their personal credentials such as username and password to the servers to get authenticated. This private information should be prevented from being exploited due to different security attacks that will result in illegal activities. Securing the systems from several attacks is vital. In comparison to all the security attacks, insider attacks are devastating due to the privilege the insiders of an organization possess to breach the information, which results in irrecoverable damage to both user and the organization. Numerous protocols were proposed to secure the system from insider attacks but proved to be inefficient. This article puts forward a novel authentication protocol for insider attacks based on a robust cryptographic algorithm, ECC. The informal security analysis of the protocol reveals that the proposed protocol is not only immune to insider attacks but also prevents several attacks. It shows that the protocol is relatively better than other existing protocols in terms of computational cost and communication overhead with high level of security.