Abstract
User authentication is a process for a system to verify the identity of a claimed user and to give access permission. Although there are many other authentication methods such as biometrics and physical tokens, passwords are still being used in many applications due to easy deployment. To enhance the security against possible attacks such as an off-line dictionary attack, passwords are usually stored in a hashed form using a random nonce called a salt. However, this does not completely solve the security issue. In this paper, we propose a new password-based authentication method using homomorphic encryption where a password is stored in a remote server in an encrypted form and an input password is compared with the stored one on the encrypted domain. For this purpose, we also propose a new cryptographic primitive called one-time private key-based digital signature.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Provos, N., Mazieres D.: A Future-Adaptable Password Scheme. In: USENIX Annual Technical Conference ’16, FREENIX Track (1999)
Burr, W., Dodson, D., Newton, E., Perlner, R., Polk, W., Gupta, S., Nabbus, E.: Electronic Authentication Guideline. In: NIST Special Publication 800-63-2 (2013)
Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: STOC ’09, 169-178 (2010)
Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan V.: Fully Homomorphic Encryption over the integers. In: EUROCRYPT ’10, 24-42 (2010)
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) Fully Homomorphic Encryption without Bootstrapping. In: ITCS ’12, 309-325 (2012)
Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: EUROCRYPT ’99, 223-238 (1999)
Turan, M., Barker, E., Burr, W., Chen, L.: Recommendation for Password-Based Key Derivation. In: NIST Special Publication 800-132 (2010)
Graepel, T., Lauter, K., Naehrig, M.: ML Confidential: Machine Learning on Encrypted Data. In: ICISC ’12, 1-21 (2012)
Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can Homomorphic Encryption Be Practical?. In: CCSW ’11, 113-124 (2011)
Im, J., Choi, J., Nyang, D., Lee, M.: Privacy-Preserving Palm Print Authentication using Homomorphic Encryption. In: IEEE DataCom ’16, 878-881 (2016)
Shahandashti, S., Safavi-Naini, R., Safa, N.: Reconciling User Privacy And Implicit Authentication for Mobile Devices. Computers and Security, 53, 215-233 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Im, JH., Lee, MK. (2017). Password Authentication Using One-Time Key-Based Signature and Homomorphic Encryption. In: Barolli, L., Xhafa, F., Yim, K. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2016. Lecture Notes on Data Engineering and Communications Technologies, vol 2. Springer, Cham. https://doi.org/10.1007/978-3-319-49106-6_45
Download citation
DOI: https://doi.org/10.1007/978-3-319-49106-6_45
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49105-9
Online ISBN: 978-3-319-49106-6
eBook Packages: EngineeringEngineering (R0)