ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Password-based user authentication and key distribution protocols for client-server applications
Source Journal of Systems and Software archive
Volume 72 ,  Issue 1  (June 2004) table of contents
Pages: 97 - 103  
Year of Publication: 2004
ISSN:0164-1212
Authors
Her-Tyan Yeh  Department of Information and Communication, Southern Taiwan University of Technology, Tainan 710, Taiwan, ROC
Hung-Min Sun  Department of Computer Science, National Tsing Hua University, 101, Section 2, Kuang-Fu Road, Hsinchu 30055, Taiwan, ROC
Publisher
Elsevier Science Inc.  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): n/a,   Downloads (12 Months): n/a,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: 10.1016/S0164-1212(03)00093-1

ABSTRACT

Up to now, most of the literature on three-party authentication and key distribution protocols has focused on the environment in which two users (clients) establish a session key through an authentication server. In this paper, we discuss another environment in which a user (client) requests service from an application server through an authentication server. We propose two secure and efficient authentication protocols (KTAP: key transfer authentication protocol and KAAP: key agreement authentication protocol) to fit this environment. These two proposed protocols can be efficiently applied to various communication systems in distributed computing environments since they provide security, efficiency, and reliability.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Steven M. Bellovin , Michael Merritt, Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.72, May 04-06, 1992
 
2
Bellovin, S., Merritt, M., 1993. Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise. AT&T Bell Laboratories.
 
3
Dan Boneh , Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.213-229, August 19-23, 2001
 
4
Dillie, W., Hellman, M.E., 1976. New directions in cryptography. IEEE Transactions on Information Theory IT-II (November), 644-654.
 
5
Ding, Y., Horster, P., 1995. Undetectable on-line password guessing attacks. Technical Report TR-95-13-F, July.
6
David P. Jablon, Strong password-only authenticated key exchange, ACM SIGCOMM Computer Communication Review, v.26 n.5, p.5-26, Oct. 1996  [doi>10.1145/242896.242897]
 
7
Li Gong, Optimal authentication protocols resistant to password guessing attacks, Proceedings of the The Eighth IEEE Computer Security Foundations Workshop (CSFW '95), p.24, March 13-15, 1995
 
8
Gong, L., Lomas, M., Needham, R., Saltzer, J., 1993. Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selectcd Areas in Communications 11 (5), 648-656.
 
9
David P. Jablon, Extended Password Key Exchange Protocols Immune to Dictionary Attacks, Proceedings of the 6th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises, p.248-255, June 18-20, 1997
 
10
Efficient protocols secure against guessing and replay attacks, Proceedings of the 4th International Conference on Computer Communications and Networks, p.105, September 20-23, 1995
 
11
Kohl, J.T., Neuman, B.C., Ts'o, T., 1994. The evolution of the Kerberos authentication system. In: Distributed Open System. IEEE Computer Society Press, Silver Spring, MD, pp. 78-94.
 
12
Kwon, T., Song, J., 1998a. Efficient key exchange and authentication protocol protecting weak secrets. IEICE Transactions of Fundamentals E81-A (1), 156-163.
 
13
Kwon, T., Song, J., 1998b. Authentication key exchange protocols resistant to password guessing attacks, IEE Communications 145 (5), 304-308.
 
14
Kwon, T., Kang, M., Jung, S., Song, J., 1999. An improvement of the password-based authentication protocol (KIP) on security against replay attacks. IEICE Transactions on Communications E82-B (7), 991-997.
 
15
Taekyoung Kwon , Myeong Kang , Jooseok Song, An Adaptable and Reliable Authentication Protocol for Communication Networks, Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution, p.737, April 09-11, 1997
 
16
Stefan Lucks, Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys, Proceedings of the 5th International Workshop on Security Protocols, p.79-90, April 07-09, 1997
17
Chun-Li Lin , Hung-Min Sun , Tzonelih Hwang, Three-party encrypted key exchange: attacks and a solution, ACM SIGOPS Operating Systems Review, v.34 n.4, p.12-20, October 2000  [doi>10.1145/506106.506108]
18
Roger M. Needham , Michael D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, v.21 n.12, p.993-999, Dec. 1978  [doi>10.1145/359657.359659]
 
19
Adi Shamir, Identity-based cryptosystems and signature schemes, Proceedings of CRYPTO 84 on Advances in cryptology, p.47-53, August 1985, Santa Barbara, California, United States
20
Michael Steiner , Gene Tsudik , Michael Waidner, Refinement and extension of encrypted key exchange, ACM SIGOPS Operating Systems Review, v.29 n.3, p.22-30, July 1995  [doi>10.1145/206826.206834]
 
21
Hatsukazu Tanaka, A Realization Scheme for the Identity-Based Cryptosystem, A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, p.340-349, August 16-20, 1987
 
22
Tsuji, S., Itoh, T., 1989. An ID-based cryptosystem based on discrete logarithm problem. IEEE Journal on Selected Areas in Communication 7 (4), 467-473.
 
23
Wu, T., 1998. The secure remote password protocol. In: Internet Society Symposium on Network and Distributed System Security.

CITED BY  2
Junghyun Nam , Jinwoo Lee , Seungjoo Kim , Dongho Won, DDH-based group key agreement in a mobile environment, Journal of Systems and Software, v.78 n.1, p.73-83, October 2005
Tzong-Chen Wu , Thsia-Tzu Huang , Chien-Lung Hsu , Kuo-Yu Tsai, Recursive protocol for group-oriented authentication with key distribution, Journal of Systems and Software, v.81 n.7, p.1227-1239, July, 2008

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.1 Network Architecture and Design
          Subjects: Network communications
      C.2.4 Distributed Systems
          Subjects: Client/server


Keywords:
authentication, cryptography, guessing attack, key agreement, key transfer, password


REVIEW

"Dimitrios I Kagklis : Reviewer"

This paper proposes two secure and efficient authentication protocols, key transfer authentication protocol (KTAP) and key agreement authentication protocol (KAAP), that can be applied to the environment in which a client requests a service from a  more...

Collaborative Colleagues:
Her-Tyan Yeh: colleagues
Hung-Min Sun: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player