Abstract
Until now, authentication protocol using the suggested password is not safe from off-line dictionary attack or password file compromise. On this paper, we define scheme password based authentication protocol (PAP) authentication protocol using password. PAP features managing one value choosing optionally of expressing password of many values. It presents PAP based authentication protocol, PAPRSA using RSA to manage values expressing password. PAPRSA is safe from attack involving off-line dictionary attack, password file compromise and excellent in efficient ways involving pass number, calculation amount.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bellare, M., Pointcheaval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bellovin, S.M., Merrit, M.: Augmented encrypted key exchange: Password-based protocol secure against dictionary attack and password file compromise. In: ACM Security (CCS 1993), pp. 244–250 (1993)
Bellovin, S.M., Merrit, M.: Encrypted key exchange: Password-based protocols secure against dictionary attack. In: Proceedings of IEEE Security and Privacy, pp. 72–84 (1992)
Boyko, V., MacKenzie, P., Patal, S.: Provably secure password authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Diffie, W., Hellman, H.E.: New directions in cryptography. IEEE Transactions on Information Theory 22, 644–654 (1976)
ElGamal, T.: A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31(4), 469–472 (1985)
Feige, U., Fiat, A., Shamir, A.: Zero knowledge proof of identity. Journal of Cryptology 1, 77–94 (1983)
Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Gong, L.: Optimal authentication protocols resistant to password guessing attacks. In: 8th IEEE Computer Security Foundations Workshop, pp. 24–29 (1995)
Gong, L., Lomas, T.M.A., Needham, R.M., Saltzer, J.H.: Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications 11(5), 648–656 (1993)
Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol to security microprocessor minimizing both transmission and memory. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988)
Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. In: ACM Security (CCS 1998), pp. 122–131 (1998)
ISO/IEC 9798-2, Information technology-Security techniques-Entity authentication-Part 2: Mechanisms using symmetric encipherment algorithms, International Organization for Standardization, Geneva, Switzerland (1994)
ISO/IEC 9798-4, Information technology-Security techniques-Entity authentication-Part 4: Mechanisms using a cryptographic check function, International Organization for Standardization, Geneva, Switzerland (1995)
Jablon, D.: Strong password-only authenticated key exchange. ACM Computer Communication Review, ACM SIGCOMM 26(5), 5–20 (1996)
Koblitz, N.: Eliptic curve cryptosystems. Mathematics of Computation 48(177), 203–209 (1987)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24, 770–772 (1981)
McEliece, R.J.: A public key cryptosystem based on algebraic coding theory. Deep Space Network Progress Report 42-44, Jet Propulsion Laboratory, California Institute of Technology, pp. 42-44 (1978)
Menezes, J., van Oorschot, P.C., Vanstone, S.A.: Applied Cryptography. CRC Press, Boca Raton (1997)
Merkle, R.C.: Secrecy, Authentication, and Public Key Systems. UMI Research Press, Ann Arbor (1979)
Morris, R., Thompson, K.: Password security: a case history. Communications of the ACM 22, 594–597 (1979)
Mitchell, C.J., Chen, L.: Comment on the S/KEY user authentication scheme,(ASPect)
Kwon, T.: Authentication and key agreement via memorable password (2000), available from http://eprint.iacr.org/2000/026
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, I., Park, S., Oh, B. (2004). User Authentication Protocol Based on Human Memorable Password and Using RSA. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3046. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24768-5_75
Download citation
DOI: https://doi.org/10.1007/978-3-540-24768-5_75
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22060-2
Online ISBN: 978-3-540-24768-5
eBook Packages: Springer Book Archive