A New Secure Session Key Exchange Protocol for Web Applications
The Internet becomes a part of everyday life. In which it is a public environment where people try to
communicate with each other. It is important to provide security, privacy and data integrity for all the activities that tack
place on the Internet. There are numbers of researches in the cryptographic fields dedicated to ensuring security on the
Internet. Key exchange protocols are used to share a secret session key between users to encrypt all the communication
between them in a non-secure channel. In this paper, we propose a new secure session key exchange protocol for web
applications. This protocol based on the virtual password, biometric data and symmetric cryptography. The strength point of
this protocol it depends on a dynamic password that based on a true random number generator given to client and submitted
at the time of authentication. The proposed protocol can defend against multiple kinds of attacks, such as; guessing attack,
dictionary attack, brute force, phishing attack, man in the middle attack, etc.
Keywords - Authentication, Kerberos, Symmetric cryptocraphy, Biometric data, Dynamic Password.