User Authentication Using the AES-GSM Algorithm and PBKDF2 Function
This paper presents a cryptographic user authentication protocol based on AES in Galois/Counter Mode (GCM) and key derivation using PBKDF2-HMAC-SHA256. The proposed scheme follows a challenge–response model and ensures confidentiality, integrity, and authenticity of transmitted data without disclosing or storing the password in plaintext. A client-server architecture was implemented, with the backend developed in Flask (Python) and the frontend in JavaScript. The protocol incorporates nonce usage, authentication tag verification, and protection against replay and brute-force attacks.