Bogus servers and user collusion are malicious activities present in Distributed computer networks which illegally access and enjoy the resources. Bogus servers are service providers who communicate with legal users to obtain valid credential and User collusion is the process done by malicious users without legal credential. Both the activities are protected by Primary and Secondary Authentication System which is introduced in this paper. Primary authentication system deals with CRH (Collusion resistant hash) Function which is one way hash function. It is the unitary token method and HMAC function is used for stronger security. Secondary authentication system works with two dimensional passwords. Two dimensional passwords are the combination of Text and click point password. The implementation of AES Encryption helps to make click point to be confidential. In this paper, we can prevent bogus servers and user collusion and forgery activities in distributed networks efficiently. This paper is implemented to provide greater security in confidential applications especially in banking and mobile phones.

Keywords: key logger, phishing, shoulder-surfing, credential privacy, unforgeability, soundness