Browse > Article

Security in the Password-based Identification  

Park, Byung-Jun (Chosun University, Kwang-Ju Republic of Korea)
Park, Jong-Min (Chosun University, Kwang-Ju Republic of Korea)
Abstract
Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBSI(Password Based Secure Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBSI is also excellent in the aspect of the performance.
Keywords
Password Based Secure Identification; one-time password; Off-line dictionary attack; password file compromise;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 H. Cohen, A Course in Computational Algebraic Number Theory Springer-Verlag, Berlin, 1993
2 A. Fiat and A. Shamir, 'How to prove yourself: Practical solutions to identification and signature problems', Advances in Cryptology-CRYPTO' 86, LNCS 263, pp. 186-194, 1987
3 L. Lamport, 'Password authentication with insecure communication', Communications of the ACM, Vol.24, pp. 770-772, 1981   DOI   ScienceOn
4 Jong-Min Park, Yong-Hun Kim, Beom-Joon Cho, 'Password System Enhancing the Security against', The Korean Institute of Maritime Information & Communication Science, Vol. 8, No.8, pp. 1790-1795, 2004   과학기술학회마을
5 Byung-Jun Park, Jong-Min Park, 'One Pass Identification processing Password-based', The Korean Institute of Maritime Information & Communication Science, Vol. 4, No.4, pp. 166-169, 2006   과학기술학회마을
6 L. C. Guillou and J. -J. Quisquater, 'A practical zero-knowledge protocol to security microprocessor minimizing both transmission and memory', Advances in Cryptology-EUROCRYPT '88, LNCS 330, pp. 123-128, 1988
7 M. J. Beller and Y. Yacobi, 'Limitations of the kerberos authentication system', computer Communication Review, Vol. 20, pp. 119-132, 1990   DOI
8 K. Gaarder and E. Snekkenes, 'Applying a formal analysis technique to the CCITT X. 509 strong two way authentication protocol', Journal of Cryptology, Vol.3, pp. 81-98, 1991
9 Jong-Min Park, 'Efficient and Secure Authenticated Key Exchange', The Korean Institute of Maritime Information & Communication Science, Vol. 3, No. 3, pp.163-166, 2005   과학기술학회마을
10 H. Woll, 'Reductions among number theoretic problems, Information and Computation, Vol. 72, pp. 167-179, 1987   DOI
11 U. Feige, A. Fiat and A. Shamir, 'Zero Knowledge proof of identity', Journal of Cryptology, Vol.1, pp. 77-94, 1983   DOI
12 R. Morris and K. Thompson, 'Password security: a case history', Communications of the ACM, Vol.22, pp. 594-597, 1979   DOI   ScienceOn
13 E. Bach, Algorithmic Number Theory, Volumn 1: Efficient Algorithms, MIT Press, Cambridge Massachusetts, 1996
14 L. Gong, 'A security risk of depending on synchronized clocks', Operating System Review, Vol.26, pp. 49-53, 1992   DOI