Advertisement

Formulation of Information Hiding Model for One-Time Authentication Methods Using the Merkle Tree

  • Yuji SugaEmail author
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 29)

Abstract

We consider the extension of the Lamport-like one-time password scheme proposed at BWCCA2017. In our new method, the act of authentication is performed by disclosing the digest values linked to the nodes located higher than the digests of the leaf node of the hash chain, just like as the Lamports’ authentication method. In the tree structure like as Merkle tree in which there are multiple nodes disclosed at authentication phase, the prover can transmit secret data to the verifier by changing the disclosure order. This paper adopts a model that embeds information in the “edge having a node to be disclosed”, sets up a kind of optimization problem, and discusses efficiency from concrete toy case examples with small depths of Merkle tree.

References

  1. 1.
    NIST Special Publication 800-63-3, Digital Identity Guidelines. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf
  2. 2.
    ITU-T Recommendation X.509 | ISO/IEC 9594-8, Information Technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks (2016)Google Scholar
  3. 3.
    Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)CrossRefGoogle Scholar
  4. 4.
    Haller, N.: The S/KEY One-Time Password System. http://tools.ietf.org/html/rfc1760
  5. 5.
    IIJ, Internet Infrastructure Review Vol.25, 1.4.3 The Status of List-Based Attacks and Their Countermeasures. https://www.iij.ad.jp/en/company/development/iir/pdf/iir_vol25_infra_EN.pdf
  6. 6.
    National Police Agency, Status of Incidents of Illegal Remittance Related to Internet Banking in 2014, February 2015 (in Japanese). http://www.npa.go.jp/cyber/pdf/H270212_banking.pdf
  7. 7.
    Trend Micro Security Blog, Analyzing digital certificate theft attacks targeting corporate net banking. http://blog.trendmicro.co.jp/archives/9417
  8. 8.
    Haller, N., et al.: A One-Time Password System. http://tools.ietf.org/html/rfc2289
  9. 9.
    M’Raihi, D., et al.: HOTP: An HMAC-Based One-Time Password Algorithm. http://tools.ietf.org/html/rfc4226
  10. 10.
    M’Raihi, D., et al.: TOTP: Time-Based One-Time Password Algorithm. http://tools.ietf.org/html/rfc6238
  11. 11.
    Suga, Y.: Sausage-style one-time authentication schemes. In: Proceedings of the 12th International Conference on Broad-Band Wireless Computing, Communication and Applications (BWCCA-2017), pp. 658–667 (2017)Google Scholar
  12. 12.
    Merkle, R.: Secrecy, authentication and public key systems. A certified digital signature. Ph.D. dissertation, Dept. of Electrical Engineering, Stanford University (1979)Google Scholar
  13. 13.
    Szydlo, M.: Merkle Tree Traversal in Log Space and Time. In: EUROCRYPT 2004 (2004)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Internet Initiative Japan Inc.FujimiJapan

Personalised recommendations