Journal of information and communication convergence engineering

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지

Human Memorable Password based Efficient and Secure Identification

  • Published : 2005.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBI(password Based Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBI is also excellent in the aspect of the performance.

Keywords

References

  1. E. Bach, Algorithmic Number Theory, Volumn 1: Efficient Algorithms, MIT Press, Cambridge Massachusetts, 1996
  2. M.J. Beller and Y. Yacobi, 'Limitations of the kerberos authentication system', computer Communication Review, Vol. 20, pp. 119-132, 1990 https://doi.org/10.1145/381906.381946
  3. H. Cohen, A Course in Computational Algebraic Number Theory Springer-Verlag, Berlin, 1993
  4. U. Feige, A. Fiat and A. Shamir, 'Zero Knowledge proof of identity', Journal of Cryptology, Vol.1, pp. 77-94, 1983 https://doi.org/10.1007/BF02351717
  5. A. Fiat and A. Shamir, 'How to prove yourself: Practical solutions to identification and signature problems', Advances in Cryptology-CRYPTO' 86, LNCS 263, pp. 186-194, 1987
  6. K. Gaarder and E. Snekkenes, 'Applying a formal analysis technique to the CCITT X. 509 strong two way authentication protocol', Journal of Cryptology, Vol.3, pp. 81-98, 1991
  7. L. Gong, 'A security risk of depending on synchronized clocks', Operating System Review, Vol.26, pp. 49-53, 1992 https://doi.org/10.1145/130704.130709
  8. L. C. Guillou and J. -J. Quisquater, 'A practical zero-knowledge protocol to security microprocessor minimizing both transmission and memory', Advances in Cryptology-EUROCRYPT '88, LNCS 330, pp. 123-128, 1988
  9. L. Lamport, 'Password authentication with insecure communication', Communications of the ACM, Vol.24, pp. 770-772, 1981 https://doi.org/10.1145/358790.358797
  10. R. Morris and K. Thompson, 'Password security : a case history', Communications of the ACM, Vol.22, pp. 594-597, 1979 https://doi.org/10.1145/359168.359172
  11. H. Woll, 'Reductions among number theoretic problems', Information and Computation, Vol. 72, pp. 167-179, 1987 https://doi.org/10.1016/0890-5401(87)90030-7
  12. Jong-Min Park, Yong-Hun Kim, Beom-Joon Cho, 'Password System Enhancing the Security against', The Korean Institute of Maritime Information & Communication Science, Vol. 8, No.8, pp. 1790-1795, 2004
  13. Jong-Min Park, 'Efficient and Secure Authenticated Key Exchange', The Korean Institute of Maritime Information & Communication Science, Vol. 3, No. 3, pp. 163-166, 2005