A Flexible User Authentication Scheme for Multi-server Internet Services

Tsaur, Woei-Jiunn

doi:10.1007/3-540-47728-4_18

Woei-Jiunn Tsaur⁵

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2093))

Included in the following conference series:

International Conference on Networking

541 Accesses
13 Citations

Abstract

Due to the rapid progress of information technology, computer systems with the client/server architecture have been becoming a new way in multi-user computing environments. For the environment of single server, the issue of remote login authentication has already been solved by a variety of schemes, but it has not been efficiently solved for multi-server Internet environments yet. In this paper, we will present an efficient smart card based remote login authentication scheme for multi-server Internet environments, which can verify a single password for logining multiple authorized servers without using any password verification table. The objective of the new scheme emphasizes that any client can get service grant from multiple servers without repetitive registration to each server. The proposed scheme’s advantages include that not only repetitive registration for various servers is avoided, but also the network users can freely choose their preferred passwords and be deleted easily by the system. Moreover, security analyses about the impersonation and replay attacks on the proposed scheme validate the feasibility of the scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Davies, D.W., Price, W.L.: Security for Computer Networks — An Introduction to Data Security in Teleprocessing and Electronic Funds Transfer. 2nd Edition. Wiley, Chichester (1989)
Google Scholar
Denning, D.E.R.: Cryptography and Data Security. Addison-Wesley, Reading, MA (1982)
Google Scholar
Pfleeger, C.P.: Security in Computing. 2nd Edition. Prentice-Hall, Englewood Cliffs, NJ (1997)
Google Scholar
Seberry, J., Pieprzyk, J.: Cryptography — An Introduction to Computer Security. Prentice-Hall, Englewood Cliffs, NJ (1989)
MATH Google Scholar
Menkus, B.: Understanding the Use of Passwords. Computers & Security 7 (1988) 132–136
Google Scholar
Purdy, G.P.: A High Security Login Procedure. Communications of the ACM 17 (1974)442–445
Google Scholar
Evans, A., Kantrowitz, W., Weiss, E.: A User Authentication Scheme Not Requiring Secrecy in the Computer. Communications of the ACM 17 (1974) 437–442
Google Scholar
Lennon, R.E., Matyas, S.M., Meyer, C.H.: Cryptographic Authentication of Time-Invariant Quantities. IEEE Transactions on Communications 29 (1981) 773–777
Google Scholar
Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24 (1981) 770–772
Google Scholar
Chang, C.C., Wu, T.C.: Remote Password Authentication with Smart Card IEE Proceedings-E 138 (1991) 165–168
Google Scholar
Peyret, P., Lisimaque, G., Chua, T.Y.: Smart Cards Provide Very High Security and Flexibility in Subscribers Management. IEEE Transactions on Consumer Electronics 36 (1990) 744–752
Google Scholar
Sternglass, D.: The Future Is in the PC Cards. IEEE Spectrum 29 (1992) 46–50
Google Scholar
Wu, T.C.: Remote Login Authentication Scheme Based on a Geometric Approach. Computer Communications 18 (1995) 959–963
Google Scholar
Chang, C., Laih, C.S.: Comment on Remote Password Authentication with Smart Cards. IEE Proceedings-E 139(1992) 372–372
Google Scholar
Chang, C.C., Hwang, S.J.: Using Smart Cards to Authenticate Remote Passwords. Computers & Mathematics with Applications 26 (1993) 19–27
Google Scholar
Wang, S.J., Chang, J.F.: Smart Card Based Secure Password Authentication Scheme. Computers & Security 15 (1996) 231–237
Google Scholar
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21 (1978) 120–126
Google Scholar
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22 (1976) 644–654
Google Scholar
El-gamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 31 (1985) 469–472
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Information Management, Da-Yeh University, Changhua, Taiwan
Woei-Jiunn Tsaur

Authors

Woei-Jiunn Tsaur
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

IUT de Colmar - Departement GTR, University of Haute Alsace, 34 rue du Grillenbreit, 68008, Colmar, France
Pascal Lorenz

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Tsaur, WJ. (2001). A Flexible User Authentication Scheme for Multi-server Internet Services. In: Lorenz, P. (eds) Networking — ICN 2001. ICN 2001. Lecture Notes in Computer Science, vol 2093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47728-4_18

Download citation

DOI: https://doi.org/10.1007/3-540-47728-4_18
Published: 22 June 2001
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42302-7
Online ISBN: 978-3-540-47728-0
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics