Abstract
A provably secure protocol for remote authentication is presented. Only public information is stored at the verifying host that makes our scheme resistant to server compromise. We use one time signatures coupled with offline transcripts for synchronization. Due to sole usage of fast cryptographic hash functions, our method is appropriate for low cost user authentication. Our construction improves over the previously proposed technique of Mitchell to overcome its problem of Denial of Service (DoS) attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Canetti, R., Krawczyk, H.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (February 1997)
Berson, T.A., Gong, L., Lomas, T.M.A.: Secure, Keyed and Collisionful Hash Functions. Technical Report SRI-CSL-94-08 (May 1994)
Bicakci, K., Tsudik, G., Tung, B.: How to construct optimal one-time signatures. Computer Networks 43(3), 339–349 (2003)
Bleichenbacher, D., Maurer, U.M.: Directed Acyclic Graphs, One-way Functions and Digital Signatures. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 75–82. Springer, Heidelberg (1994)
Bleichenbacher, D., Maurer, U.M.: Optimal Tree-Based One-time Digital Signature Schemes. In: Puech, C., Reischuk, R. (eds.) STACS 1996. LNCS, vol. 1046, pp. 363–374. Springer, Heidelberg (1996)
Bleichenbacher, D., Maurer, U.M.: On the efficiency of one-time digital signatures. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 145–158. Springer, Heidelberg (1996)
Chen, L., Mitchell, C.J.: Comments on the S/Key user authentication scheme. ACM Operating Systems Review 30(4), 12–16 (1996)
Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22 (6), 74–84 (1976)
Haller, N.: The S/Key One-Time Password System. In: Proceedings of the ISOC Symposium on Network and Distributed System Security, pp. 151–157 (February 1994)
Haller, N.: The S/KEY One-Time Password System, RFC 1760 (1995)
Haller, N.: A One-Time Password System, RFC 1938 (May 1996)
Haller, N., Metz, C., Nesser, P., Straw, M.: A One-Time Password System, RFC 2289 (February 1998)
Kaufman, C., Perlman, R., Speciner, M.: Network Security, Private Communication in a Public World. Prentice Hall Series (2002)
Lamport, L.: Constructing Digital Signatures from a One-Way Function, Technical Report CSL-98, SRI International (1978)
Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)
McDonald, D.L., Atkinson, R.J., Metz, C.: One-Time Passwords in Everything (OPIE): Experiences with Building and Using Strong Authentication. In: Proc. of the 5th USENIX UNIX Security Symposium (June 1995)
Menzees, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Merkle, R.C.: A Digital Signature Based on a Conventional Encryption Function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)
Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)
Mitchell, C.J.: Authentication of a remote user to a host in a data communication system, UK patent application filed (November 3, 2001)
Mitchell, C.J.: Remote user authentication using public information. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 360–369. Springer, Heidelberg (2003)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Comm. of the ACM 21(2), 120–126 (1978)
Mobile VCE, www.mobilevce.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Goyal, V., Jain, A., Quisquater, J.J. (2006). Improvements to Mitchell’s Remote User Authentication Protocol. In: Won, D.H., Kim, S. (eds) Information Security and Cryptology - ICISC 2005. ICISC 2005. Lecture Notes in Computer Science, vol 3935. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11734727_8
Download citation
DOI: https://doi.org/10.1007/11734727_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33354-8
Online ISBN: 978-3-540-33355-5
eBook Packages: Computer ScienceComputer Science (R0)