Skip to main content
SpringerLink
Log in

A novel user’s authentication scheme for pervasive on-line media services

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Due to the explosive growth of the Internet and the pervasion of multimedia, protection of intellectual property (IP) rights of digital content in transactions induces people’s concerns. Current security requirements and copyright protection mechanisms especially need to work in real-time and on-line for communication and networking. For media service systems in the Internet, user’s authentication is most essential in association with the access control of the media system. The authentication scheme is a trivial but crucial issue for maintaining user’s information. Up to now, many one-time password-based authentication schemes have been proposed. However, none is secure enough. The purpose of a one-time password (OTP) is to make it more difficult to gain unauthorized access to restricted resources. Traditionally static passwords can more easily be obtained by an unauthorized intruder given enough attempts and time. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced. These schemes are specially fit for media services in the Internet since they will frustrate the attacker’s attempt. Lin, Shen and Hwang proposed a strong-password authentication scheme in association with one-time password by using smart cards, and claimed their scheme can resist guess attack, replay attack, impersonation attack and stolen attack. Later, Ku, Tsai, and Chen showed that Lin-Shen-Hwang’s scheme suffers from a replay attack and a denial-of-service attack. Furthermore, Ku proposed a hash-based strong-password authentication scheme to enhance the security. In this paper, we show the weaknesses and devise some attacks against Ku’s scheme. Then, we revise Ku’s scheme and propose a novel user’s authentication scheme in pervasive on-line media services for current communication and networking.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bellovin, S. M., & Merritt, M. (1992). Encrypted key exchange: Password-based protocols secure against dictionary attacks. In IEEE symposium on research in security and privacy (pp. 72–84).

  2. Bellovin, S. M., & Merritt, M. (1993). Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In ACM conf. comp. & comm. security (pp. 244–250).

  3. Gong, L., Lomas, M., Needham, R., & Saltzer, J. (1993). Protecting poorly chosen secrets from guessing attacks. IEEE Journal of Selected Areas in Communications, 11(5), 648–656.

    Article  Google Scholar 

  4. Gong, L. (1995). Optimal authentication protocols resistant to password guessing attacks. In Proc. 8th IEEE computer security foundation workshop (pp. 24–29).

  5. Steiner, M., Tsudik, G., & Waidner, M. (1995). Refinement and extension of encrypted key exchange. ACM Operating Systems Review, 29(3), 22–30.

    Article  Google Scholar 

  6. Jablon, D. (1996). Strong password-only authenticated key exchange. ACM Computer Communications Review, 20(5), 5–26.

    Article  Google Scholar 

  7. Jaspan, B. (1996). Dual-workfactor encrypted key exchange: Efficiently preventing password chaining and dictionary attacks. In Proc. sixth annual USENIX security conference (pp. 43–50).

  8. Kwon, T., Kang, M., & Song, J. (1997). An adaptable and reliable authentication protocol for communication networks. In Proc. IEEE INFOCOM’97 (pp. 737–744).

  9. Kwon, T., Kang, M., Jung, S., & Song, J. (1999). An improvement of the password-based authentication protocol (K1P) on security against replay attacks. IEICE Transactions on Communications, E82-B(7), 991–997.

    Google Scholar 

  10. Kwon, T., & Song, J. (1999). Secure agreement scheme for g xy via password authentication. Electronic Letters, 35(11), 892–893.

    Article  Google Scholar 

  11. Lamport, L. (1981). Password authentication with insecure communications. Communications of the ACM, 24(11), 770–772.

    Article  Google Scholar 

  12. Shimizu, A. (1990). A dynamic password authentication method by one-way function. IEICE Transactions, J73-D-I(7), 630–636.

    Google Scholar 

  13. Haller, N. (1994). The S/KEY (TM) one-time password system. In Proc. internet society symposium on network and distributed system security (pp. 151–158).

  14. Shimizu, A., Horioka, T., & Inagaki, H. (1998). A password authentication method for contents communication on the internet. IEICE Transactions on Communications, E81–B(8), 1666–1673.

    Google Scholar 

  15. Sandirigama, M., Shimizu, A., & Noda, M. T. (2000). Simple and secure password authentication protocol (SAS). IEICE Transactions on Communications, E83–B(6), 1363–1365.

    Google Scholar 

  16. Lin, C. L., Sun, H. M., & Hwang, T. (2001). Attacks and solutions on strong-password authentication. IEICE Transactions on Communications, E84–B(9), 2622–2627.

    Google Scholar 

  17. Tsuji, T., & Shimizu, A. (2003). An impersonation attack on one-time password authentication protocol OSPA. IEICE Transactions on Communications, E86-B(7).

  18. Lin, J., Shen, J., & Hwang, M. S. (2003). Security enhancement for optimal strong password authentication protocol. ACM Operating Systems Review, 37(2), 7–12.

    Article  Google Scholar 

  19. Ku, W. C., Tsai, H. C., & Chen, S. M. (2003). Two simple attacks on Lin-Shen-Hwang’s strong-password authentication protocol. ACM Operating Systems Review, 37(4), 26–31.

    Article  Google Scholar 

  20. Ku, W. C. (2004). A hash-based strong-password authentication scheme without using smart card. ACM Operating Systems Review, 38(1), 29–34.

    Article  Google Scholar 

  21. Laih, C. S., Ding, L., & Huang, Y. M. (2005). Password-only authenticated key establishment protocol without public key cryptography. Electronics Letters, 41(4), 185–186.

    Article  Google Scholar 

  22. Smith, R. E. (2002). The strong password dilemma. CSI Computer Security Journal. http://www.smat.us/sanity/pwdliemma.html.

  23. Wang, N. W., & Huang, Y. M. (2007). User’s authentication in media services by using one-time password authentication scheme. In IEEE computer society—the third international conference on intelligent information hiding and multimedia signal processing 2007 (Vol. 1, pp. 623–626).

  24. http://jeffbarnes.net/portal/blogs/jeff_barnes/default.asp.

  25. Saarinen, M. J. (2004). Cryptanalysis of block ciphers based on SHA-1 and MD5. In Lecture notes in computer science (Vol. 2887, pp. 36–44).

  26. Ilsun, Y. (2006). A one-time password authentication scheme for secure remote access in intelligent home networks. In Lecture notes in computer science (Vol. 4252, pp. 785–792).

  27. Kim, H. C., Lee, H. W., Lee, K. S., & Jun, M. S. (2008). A design of one-time password mechanism using public key infrastructure. In Fourth international conference on networked computing and advanced information management (pp. 18–24).

  28. Cha, B. R., & Kim, C. W. (2008). Password generation of OTP system using fingerprint features. In International conference on information security and assurance (pp. 243–247).

  29. Cha, B. R., Kim, K. J., & Na, H. S. (2008). Random password generation of OTP system using changed location and angle of fingerprint features. In 8th IEEE international conference computer and information technology (pp. 420–425).

Download references

Author information

Authors and Affiliations

  1. Department of Electronic Engineering, Kao-Yuan University, Kaohsiung County, Taiwan, Republic of China

    Neng-Wen Wang

  2. Department of Electronic Engineering and Institute of Computer Science & Information, Engineering, National Ilan University, I-Lan, Taiwan, Republic of China

    Han-Chieh Chao

  3. Department of Electrical Engineering, National Dong Hwa University, Hualien, Taiwan, Republic

    Han-Chieh Chao

  4. Department of Computer Science and Information Engineering, National Taipei University of Technology, Taiwan, Republic of China

    Ing-Yi Chen

  5. Department of Engineering Science, National Cheng Kung University, Tainan City, Taiwan, Republic of China

    Yueh-Min Huang

Authors
  1. Neng-Wen Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Han-Chieh Chao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ing-Yi Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yueh-Min Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yueh-Min Huang.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Wang, NW., Chao, HC., Chen, IY. et al. A novel user’s authentication scheme for pervasive on-line media services. Telecommun Syst 44, 181–190 (2010). https://doi.org/10.1007/s11235-009-9265-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-009-9265-7

Keywords

Search

Navigation