Abstract
A method for remote user authentication is proposed that requires only public information to be stored at the verifying host. Like the S/KEY scheme, the new technique uses only symmetric cryptography and is resistant to eavesdropping, but, unlike S/KEY, it is resistant to host impersonation attacks. The avoidance of asymmetric cryptographic techniques makes the scheme appropriate for low cost user authentication devices.
The work reported in this paper has formed part of the Software Based Systems area of the Core 2 Research Programme of the Virtual Centre of Excellence in Mobile & Personal Communications, Mobile VCE, www.mobilevce.com, whose funding support, including that of the EPSRC, is gratefully acknowledged. More detailed technical reports on this research are available to Industrial Members of Mobile VCE.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R.J., Bergadano, F., Crispo, B., Lee, J.-H., Manifavas, C., Need-ham, R.M.: A new family of authentication protocols. ACM Operating Systems Review 32(4), 9–20 (1998)
Haller, N.: The S/KEY one-time password system. Bellcore Internet RFC 1760 (February 1995)
International Organization for Standardization, Genéve, Switzerland. ISO/IEC 10118-3, Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions (1998)
International Organization for Standardization, Genéve, Switzerland. ISO/IEC 9797-1, Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher (1999)
International Organization for Standardization, Genéve, Switzerland. ISO/IEC 9797-2, Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a hash-function (2000)
Lamport, L.: Password authentication with insecure communication. Communications of the ACM 24, 770–772 (1981)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Mitchell, C.J., Chen, L.: Comments on the S/KEY user authentication scheme. ACM Operating Systems Review 30(4), 12–16 (1996)
Rabin, M.O.: Digitalized signatures. In: DeMillo, R., Dobkin, D., Jones, A., Lipton, R. (eds.) Foundations of Secure Computation, pp. 155–168. Academic Press, London (1978)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mitchell, C.J. (2003). Remote User Authentication Using Public Information. In: Paterson, K.G. (eds) Cryptography and Coding. Cryptography and Coding 2003. Lecture Notes in Computer Science, vol 2898. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40974-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-40974-8_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20663-7
Online ISBN: 978-3-540-40974-8
eBook Packages: Springer Book Archive