Improvements to Mitchell’s Remote User Authentication Protocol

  • Vipul Goyal
  • Abhishek Jain
  • Jean Jacques Quisquater
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3935)


A provably secure protocol for remote authentication is presented. Only public information is stored at the verifying host that makes our scheme resistant to server compromise. We use one time signatures coupled with offline transcripts for synchronization. Due to sole usage of fast cryptographic hash functions, our method is appropriate for low cost user authentication. Our construction improves over the previously proposed technique of Mitchell to overcome its problem of Denial of Service (DoS) attacks.


Hash Function Authentication Protocol Mutual Authentication Message Authentication Code Random String 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (February 1997)Google Scholar
  3. 3.
    Berson, T.A., Gong, L., Lomas, T.M.A.: Secure, Keyed and Collisionful Hash Functions. Technical Report SRI-CSL-94-08 (May 1994)Google Scholar
  4. 4.
    Bicakci, K., Tsudik, G., Tung, B.: How to construct optimal one-time signatures. Computer Networks 43(3), 339–349 (2003)CrossRefzbMATHGoogle Scholar
  5. 5.
    Bleichenbacher, D., Maurer, U.M.: Directed Acyclic Graphs, One-way Functions and Digital Signatures. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 75–82. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Bleichenbacher, D., Maurer, U.M.: Optimal Tree-Based One-time Digital Signature Schemes. In: Puech, C., Reischuk, R. (eds.) STACS 1996. LNCS, vol. 1046, pp. 363–374. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Bleichenbacher, D., Maurer, U.M.: On the efficiency of one-time digital signatures. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 145–158. Springer, Heidelberg (1996)Google Scholar
  8. 8.
    Chen, L., Mitchell, C.J.: Comments on the S/Key user authentication scheme. ACM Operating Systems Review 30(4), 12–16 (1996)CrossRefGoogle Scholar
  9. 9.
    Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22 (6), 74–84 (1976)MathSciNetzbMATHGoogle Scholar
  10. 10.
    Haller, N.: The S/Key One-Time Password System. In: Proceedings of the ISOC Symposium on Network and Distributed System Security, pp. 151–157 (February 1994)Google Scholar
  11. 11.
    Haller, N.: The S/KEY One-Time Password System, RFC 1760 (1995)Google Scholar
  12. 12.
    Haller, N.: A One-Time Password System, RFC 1938 (May 1996)Google Scholar
  13. 13.
    Haller, N., Metz, C., Nesser, P., Straw, M.: A One-Time Password System, RFC 2289 (February 1998)Google Scholar
  14. 14.
    Kaufman, C., Perlman, R., Speciner, M.: Network Security, Private Communication in a Public World. Prentice Hall Series (2002)Google Scholar
  15. 15.
    Lamport, L.: Constructing Digital Signatures from a One-Way Function, Technical Report CSL-98, SRI International (1978)Google Scholar
  16. 16.
    Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)MathSciNetCrossRefGoogle Scholar
  17. 17.
    McDonald, D.L., Atkinson, R.J., Metz, C.: One-Time Passwords in Everything (OPIE): Experiences with Building and Using Strong Authentication. In: Proc. of the 5th USENIX UNIX Security Symposium (June 1995)Google Scholar
  18. 18.
    Menzees, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  19. 19.
    Merkle, R.C.: A Digital Signature Based on a Conventional Encryption Function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)Google Scholar
  20. 20.
    Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  21. 21.
    Mitchell, C.J.: Authentication of a remote user to a host in a data communication system, UK patent application filed (November 3, 2001)Google Scholar
  22. 22.
    Mitchell, C.J.: Remote user authentication using public information. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 360–369. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Comm. of the ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Mobile VCE,

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Vipul Goyal
    • 1
  • Abhishek Jain
    • 1
  • Jean Jacques Quisquater
    • 2
  1. 1.CSE DepartmentIT-BHUIndia
  2. 2.Crypto Group, UCLBelgium

Personalised recommendations