Skip to main content
SpringerLink
Log in

Better login protocols for computer networks

  • Conference paper
  • First Online:
Computer Security and Industrial Cryptography

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 741))

Abstract

Authenticating computer users is a fairly old problem. Password based solutions were acceptable until the growth of computer networks based on insecure communication. Today many systems still use fixed passwords as a means of authentication. We show in this paper how an old scheme by Lamport can be used to provide more security. Relying on that scheme and zero-knowledge techniques, we show extensions providing much more general access control mechanisms.

Those extensions can be exploited in several ways: to authenticate users in computer networks, to provide users with access tickets or provide servers with proofs of usage.

We also show how, in a single transaction, a user can prove this authenticity as well as prove his possession of a ticket.

Finally, we explain how smart cards make those protocols very practical.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. J.-J. Quisquater, D. de Waleffe and J.-P. Bournas, “CORSAIR: A chip card with fast RSA capability”, Proceedings of Smart Card 2000, Amsterdam, 1989, to appear.

    Google Scholar 

  2. A. Fiat, A. Shamir, “How to prove yourself: practical solutions to identification and signature problems”, Proc. of CRYPTO '86, Lecture notes in Computer Science, Springer Verlag, Vol. 263, pp. 186–194.

    Google Scholar 

  3. L. C. Guillou, J.-J. Quisquater, “A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory”, Proc. EUROCRYPT '88, Lecture notes in Computer Science, Springer Verlag, Vol. 330, pp. 123–128.

    Google Scholar 

  4. L. C. Guillou, J.-J. Quisquater, “A ‘paradoxical’ identity-based signature scheme resulting from zero-knowledge”, Proc. CRYPTO '88, Lecture notes in Computer Science, Springer Verlag, Vol. 403, pp. 216–231.

    Google Scholar 

  5. Leslie Lamport, “Password Authentication With Insecure Communication”, C. ACM Volume 24, Number 11, pp. 770–772, Nov. 1981.

    Google Scholar 

  6. J. Steiner, C. Neuman, J. Schiller, “Kerberos: an authentication service for open network systems”, Proc. of Winter Usenix '88, Dallas.

    Google Scholar 

  7. J. Steiner, C. Neuman, “Authentication of unknown entities on an insecure network of workstations”, Proc. Usenix Security Workshop, Portland, Or, Aug. 1989.

    Google Scholar 

  8. R. Needham, M. Schroeder, “Using encryption for authentication in large networks of computers”, C. ACM, Dec. 1978, pp. 993–999.

    Google Scholar 

  9. M. Burrows, M. Abadi, R. Needham, “A logic of authentication”, Digital Equipment Corporation, Research Report, Feb. 1989.

    Google Scholar 

  10. L. C. Guillou, M. Ugon, “Smart Card: a highly reliable and portable security device”, Proc. of CRYPTO '86, Lecture notes in Computer Science, Springer Verlag, Vol. 263, pp. 464–489.

    Google Scholar 

  11. A. Shamir, “Identity-based cryptosystems and signature schemes”, Proc. of CRYPTO '84, Lecture notes in Computer Science, Springer Verlag, Vol. 196, pp. 47–53.

    Google Scholar 

  12. L. C. Guillou, M. Davio, J.-J. Quisquater, “Public-key techniques: randomness and redundancy”, Cryptologia, Volume XIII, Number 2, pp. 167–189, Apr. 1989.

    Google Scholar 

  13. J.-J. Quisquater, “Secret distribution of keys for public-key systems”, Proc. of CRYPTO '87, Lecture notes in Computer Science, Springer Verlag, Vol. 293, pp. 203–208.

    Google Scholar 

  14. D. de Waleffe, J.-J. Quisquater, “CORSAIR: A smart card for public-key cryptosystems”, Proc. of CRYPTO '90, to appear.

    Google Scholar 

  15. J.-J. Quisquater, L. C. Guillou & al., “How to explain zero-knowledge to your children”, Proc. of CRYPTO '89, Lecture notes in Computer Science, Springer Verlag, Vol. 435, pp. 628–631.

    Google Scholar 

  16. K. H. Rosen, Elementary number theory and its applications, Addison-Wesley Publishing Co, 1984.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Electrical Engineering, UCL, Place du Levant 3, B-1348, Louvain-la-Neuve

    Dominique de Waleffe & Jean-Jacques Quisquater

Authors
  1. Dominique de Waleffe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Jacques Quisquater
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Bart Preneel René Govaerts Joos Vandewalle

Rights and permissions

Reprints and permissions

Copyright information

© 1993 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

de Waleffe, D., Quisquater, JJ. (1993). Better login protocols for computer networks. In: Preneel, B., Govaerts, R., Vandewalle, J. (eds) Computer Security and Industrial Cryptography. Lecture Notes in Computer Science, vol 741. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-57341-0_55

Download citation

  • DOI: https://doi.org/10.1007/3-540-57341-0_55

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-57341-8

  • Online ISBN: 978-3-540-48074-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation