Security in the Password-based Identification

  • Published : 2007.12.30


Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBSI(Password Based Secure Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBSI is also excellent in the aspect of the performance.



  1. E. Bach, Algorithmic Number Theory, Volumn 1: Efficient Algorithms, MIT Press, Cambridge Massachusetts, 1996
  2. M. J. Beller and Y. Yacobi, 'Limitations of the kerberos authentication system', computer Communication Review, Vol. 20, pp. 119-132, 1990
  3. H. Cohen, A Course in Computational Algebraic Number Theory Springer-Verlag, Berlin, 1993
  4. U. Feige, A. Fiat and A. Shamir, 'Zero Knowledge proof of identity', Journal of Cryptology, Vol.1, pp. 77-94, 1983
  5. A. Fiat and A. Shamir, 'How to prove yourself: Practical solutions to identification and signature problems', Advances in Cryptology-CRYPTO' 86, LNCS 263, pp. 186-194, 1987
  6. K. Gaarder and E. Snekkenes, 'Applying a formal analysis technique to the CCITT X. 509 strong two way authentication protocol', Journal of Cryptology, Vol.3, pp. 81-98, 1991
  7. L. Gong, 'A security risk of depending on synchronized clocks', Operating System Review, Vol.26, pp. 49-53, 1992
  8. L. C. Guillou and J. -J. Quisquater, 'A practical zero-knowledge protocol to security microprocessor minimizing both transmission and memory', Advances in Cryptology-EUROCRYPT '88, LNCS 330, pp. 123-128, 1988
  9. L. Lamport, 'Password authentication with insecure communication', Communications of the ACM, Vol.24, pp. 770-772, 1981
  10. R. Morris and K. Thompson, 'Password security: a case history', Communications of the ACM, Vol.22, pp. 594-597, 1979
  11. H. Woll, 'Reductions among number theoretic problems, Information and Computation, Vol. 72, pp. 167-179, 1987
  12. Jong-Min Park, Yong-Hun Kim, Beom-Joon Cho, 'Password System Enhancing the Security against', The Korean Institute of Maritime Information & Communication Science, Vol. 8, No.8, pp. 1790-1795, 2004
  13. Jong-Min Park, 'Efficient and Secure Authenticated Key Exchange', The Korean Institute of Maritime Information & Communication Science, Vol. 3, No. 3, pp.163-166, 2005
  14. Byung-Jun Park, Jong-Min Park, 'One Pass Identification processing Password-based', The Korean Institute of Maritime Information & Communication Science, Vol. 4, No.4, pp. 166-169, 2006