Abstract
This paper introduces an authentication protocol secure against off-line dictionary attacks and server compromise while processing human memorable password. The protocol uses the fact that there are huge numbers of candidates that can be used to represent a password, even if the password is memorable by humans. The protocol uses ECC to encrypt a value representing a password, but the prover has no need to store a server’s public key.
Keywords
- Authentication Protocol
- Replay Attack
- Past Communication
- Dictionary Attack
- Computer Security Foundation Workshop
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bellare, M., Pointcheaval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellovin, S.M., Merrit, M.: Augmented encrypted key exchange: Password-based protocol secure against dictionary attack and password file compromise. In: ACM Security (CCS 1993), pp. 244–250 (1993)
Bellovin, S.M., Merrit, M.: Encrypted key exchange: Password-based protocols secure against dictionary attack. In: Proceedings of IEEE Security and Privacy, pp. 72–84 (1992)
Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Gong, L.: Optimal authentication protocols resistant to password guessing attacks. In: 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)
Gong, L., Lomas, T.M.A., Needham, R.M., Saltzer, J.H.: Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications 11(5), 648–656 (1993)
Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. In: ACM Security (CCS 1998), pp. 122–131 (1998)
ISO/IEC 9798-4.: Information technology-Security techniques-Entity authentication-Part 4: Mechanisms using a cryptographic check function. International Organization for Standardization, Geneva, Switzerland (1995)
Jablon, D.: Strong password-only authenticated key exchange. ACM Computer Communication Review, ACM SIGCOMM 26(5), 5–20 (1996)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24, 770–772 (1981)
Morris, R., Thompson, K.: Password security: a case history. Communications of the ACM 22, 594–597 (1979)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, S.B., Kang, M.S., Lee, S.J. (2004). User Authentication Protocol Based on Human Memorable Password and Using ECC. In: Li, M., Sun, XH., Deng, Qn., Ni, J. (eds) Grid and Cooperative Computing. GCC 2003. Lecture Notes in Computer Science, vol 3032. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24679-4_188
Download citation
DOI: https://doi.org/10.1007/978-3-540-24679-4_188
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21988-0
Online ISBN: 978-3-540-24679-4
eBook Packages: Springer Book Archive