Abstract
Due to the increasing value of information being stored in computers, it is important that unforgeable user authentication policies are implemented. Existing password authentication schemes, threats and counter-measures are described. A solution to eavesdropping problems using public-key cryptography is proposed. A technique to allow long password-phrases that makes an exhaustive search impracticable is presented.
- Diffie, W. and Hellman, M.,"New directions in cryptography", IEEE Trans. Info. Theory, Vol. IT-22(11), Nov. 1976, pp. 644--654.Google ScholarDigital Library
- Evans, A., Kantrowitz, W. and Weiss, E., "A user authentication scheme not requiring secrecy in computer", CACM, Vol. 17(8), Aug. 1974, pp. 437--442. Google ScholarDigital Library
- Lamport, L.,"Password authentication with insecure communication", CACM, Vol. 24(11), Nov. 1981, pp. 770--772. Google ScholarDigital Library
- Morris, R. and Thompson, K., "Password security: a case history", CACM, Vol. 22(11), Nov. 1979, pp. 594--597. Google ScholarDigital Library
- National Bureau of Standards, "Guidelines on user authentication techniques for computer network access control". FIPS Pub. 83. Sept. 1980.Google Scholar
- Porter, S. N., "A password extension for improved human factors", Computers and Security, Vol 1(1), Jan. 1982, pp 54--56.Google ScholarCross Ref
- Rivest, R. L., Shamir, A. and Adleman, L., "A method of obtaining digital signatures and public-key cryptosystems", CACM. Vol. 21(2), Feb. 1978, pp. 120--126. Google ScholarDigital Library
- Wilkes, M. V., "Time sharing computer systems", Macdonald, Third edition, 1975, pp. 148--150. Google ScholarDigital Library
Recommendations
On the Security of Some Password Authentication Protocols
In an internet environment, such as UNIX, a remote user has to obtain the access right from a server before doing any job. The procedure of obtaining acess right is called a user authentication protocol. User authentication via user memorable password ...
Security proofs for an efficient password-based key exchange
CCS '03: Proceedings of the 10th ACM conference on Computer and communications securityPassword-based key exchange schemes are designed to provide entities communicating over a public network, and sharing a (short) password only, with a session key (e.g, the key is used for data integrity and/or confidentiality). The focus of the present ...
Efficiency improvements for signature schemes with tight security reductions
CCS '03: Proceedings of the 10th ACM conference on Computer and communications securityMuch recent work has focused on constructing efficient digital signature schemes whose security is tightly related to the hardness of some underlying cryptographic assumption. With this motivation in mind, we show here two approaches which improve both ...
Comments