Skip to main content
SpringerLink
Log in

Improvements to Mitchell’s Remote User Authentication Protocol

  • Conference paper
Information Security and Cryptology - ICISC 2005 (ICISC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3935))

Included in the following conference series:

  • 1435 Accesses

Abstract

A provably secure protocol for remote authentication is presented. Only public information is stored at the verifying host that makes our scheme resistant to server compromise. We use one time signatures coupled with offline transcripts for synchronization. Due to sole usage of fast cryptographic hash functions, our method is appropriate for low cost user authentication. Our construction improves over the previously proposed technique of Mitchell to overcome its problem of Denial of Service (DoS) attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  2. Bellare, M., Canetti, R., Krawczyk, H.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (February 1997)

    Google Scholar 

  3. Berson, T.A., Gong, L., Lomas, T.M.A.: Secure, Keyed and Collisionful Hash Functions. Technical Report SRI-CSL-94-08 (May 1994)

    Google Scholar 

  4. Bicakci, K., Tsudik, G., Tung, B.: How to construct optimal one-time signatures. Computer Networks 43(3), 339–349 (2003)

    Article  MATH  Google Scholar 

  5. Bleichenbacher, D., Maurer, U.M.: Directed Acyclic Graphs, One-way Functions and Digital Signatures. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 75–82. Springer, Heidelberg (1994)

    Google Scholar 

  6. Bleichenbacher, D., Maurer, U.M.: Optimal Tree-Based One-time Digital Signature Schemes. In: Puech, C., Reischuk, R. (eds.) STACS 1996. LNCS, vol. 1046, pp. 363–374. Springer, Heidelberg (1996)

    Google Scholar 

  7. Bleichenbacher, D., Maurer, U.M.: On the efficiency of one-time digital signatures. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 145–158. Springer, Heidelberg (1996)

    Google Scholar 

  8. Chen, L., Mitchell, C.J.: Comments on the S/Key user authentication scheme. ACM Operating Systems Review 30(4), 12–16 (1996)

    Article  Google Scholar 

  9. Diffie, W., Hellman, M.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22 (6), 74–84 (1976)

    MathSciNet  MATH  Google Scholar 

  10. Haller, N.: The S/Key One-Time Password System. In: Proceedings of the ISOC Symposium on Network and Distributed System Security, pp. 151–157 (February 1994)

    Google Scholar 

  11. Haller, N.: The S/KEY One-Time Password System, RFC 1760 (1995)

    Google Scholar 

  12. Haller, N.: A One-Time Password System, RFC 1938 (May 1996)

    Google Scholar 

  13. Haller, N., Metz, C., Nesser, P., Straw, M.: A One-Time Password System, RFC 2289 (February 1998)

    Google Scholar 

  14. Kaufman, C., Perlman, R., Speciner, M.: Network Security, Private Communication in a Public World. Prentice Hall Series (2002)

    Google Scholar 

  15. Lamport, L.: Constructing Digital Signatures from a One-Way Function, Technical Report CSL-98, SRI International (1978)

    Google Scholar 

  16. Lamport, L.: Password Authentication with Insecure Communication. Communications of the ACM 24(11), 770–772 (1981)

    Article  MathSciNet  Google Scholar 

  17. McDonald, D.L., Atkinson, R.J., Metz, C.: One-Time Passwords in Everything (OPIE): Experiences with Building and Using Strong Authentication. In: Proc. of the 5th USENIX UNIX Security Symposium (June 1995)

    Google Scholar 

  18. Menzees, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  19. Merkle, R.C.: A Digital Signature Based on a Conventional Encryption Function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988)

    Google Scholar 

  20. Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)

    Google Scholar 

  21. Mitchell, C.J.: Authentication of a remote user to a host in a data communication system, UK patent application filed (November 3, 2001)

    Google Scholar 

  22. Mitchell, C.J.: Remote user authentication using public information. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 360–369. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  23. Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Comm. of the ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  24. Mobile VCE, www.mobilevce.com

Download references

Author information

Authors and Affiliations

  1. CSE Department, IT-BHU, India

    Vipul Goyal & Abhishek Jain

  2. Crypto Group, UCL, Belgium

    Jean Jacques Quisquater

Authors
  1. Vipul Goyal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abhishek Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean Jacques Quisquater
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Group, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, 440-746, Suwon, Gyeonggi-do, Korea

    Dong Ho Won

  2. Information Security Group, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, 440-746, Suwon-si, Gyeonggi-do, Korea

    Seungjoo Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Goyal, V., Jain, A., Quisquater, J.J. (2006). Improvements to Mitchell’s Remote User Authentication Protocol. In: Won, D.H., Kim, S. (eds) Information Security and Cryptology - ICISC 2005. ICISC 2005. Lecture Notes in Computer Science, vol 3935. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11734727_8

Download citation

  • DOI: https://doi.org/10.1007/11734727_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33354-8

  • Online ISBN: 978-3-540-33355-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation