Mutual authenticating protocol with key distribution in client/server environment
Pages 17 - 22
Abstract
The explosive growth of networked and internetworked computer systems during the past decade has brought about a need for increased protection mechanisms. This paper discusses three authentication protocols that incorporate the use of methods that present effective user authentication. The first two protocols have been previously discussed in the literature; the third protocol draws from the first two and others to produce an authentication scheme that provides both mutual authentication and secure key distribution which is easy to use, is compatible with present operating systems, is transparent across systems, and provides password file protection.
References
[1]
1 Bruce Sterling. History of the Internet, Literary Freeware, The Magazine of Fantasy and Science Fiction, February 1993. gopher://gopher.isoc.org:70/00/Internet/history/short.history.of.internet.
[2]
2 Computer Emergency Response Team (CERT) Coordination Center, 1994 Annual Report (Summary). http://www.cmu.edu/SEI/programs/cert/1994_CERT_Summary.html.
[3]
3 Steven M. Bellovin and Michael Merritt. Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise, AT&T Bell Laboratories. Available via anonymous FTP from idea.sec.dsi.unimi.it.
[4]
4 Steven M. Bellovin and Michael Merritt. Encrypted Key Exchange: Password-Based Protocol Secure Against Dictionary Attacks, In Proceeding IEEE Computer Society Symposium on Research in Security and Privacy, May 1992: pp. 72-84. Available via anonymous FTP from ftp.research.att.com.
[5]
5 William A.Wulf, Alec Yasinac, Katie S. Oliver and Ramesh Peri. A Technique for Remote Authentication, University of Virginia, Charlottesville, VA. Available via anonymous FTP from ftp.research.att.com.
[6]
6 Warwick Ford. Computer Communications Security, Principles, Standard Protocols and Techniques, Englewood Cliffs, New Jersey: PRT Prentice Hall, 1994.
[7]
7 Lynn Haber. Security. Information Week, March 7, 1994: pp. 35-41.
[8]
8 Susan Landau, Stepten Kent, Clint Brooks, Scott Charney, Dorothy Denning, Whitfield Diffie, Anthony Lauck, Doug Miller, Peter Neumann and David Sobel. Crypto Policy Perspectives Communications of the ACM, vol 37, no. 8, August 1994: page 115-121.
[9]
9 Computer Emergency Response Team (CERT), CA-95: 01. IP Spoofing Attacks and Hijacked Terminal Connections, January 23, 1995. Availabe via anonymous FTP from coast.cs.purdue.edu.
[10]
10 Computer Emergency Response Team (CERT), CA-94: 14. Trojan Horse in IRC Client for UNIX, : October 19, 1994. Availabe via anonymous FTP from coast.cs.purdue.edu.
[11]
11 Deborah Russell and G.T. Gangemi, Sr, Computer Security Basics, Sebastopol, CA: O'Reilly & Associates, Inc., 1991.
[12]
12 Federal Information Processing Standards Publication 112, Password Usage, U. S. Department of Commerce/National Bureau of Standards: 30 May 1985.
[13]
13 Mark H. Linehan, Comparison of Network-Level Security Protocols, IBM T. J. Watson Research Center, Hawthorne, NY, June 29, 1994. Available via anonymous FTP from idea.sec.dsi.unimi.it.
[14]
14 Whitfield Diffie and Martin E. Hellman, New directions in Cryptography, IEEE Transactions on Information Theory, vol. IT-22, no. 6, 1976: pp. 644-654.
[15]
15 Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, New York: John Wiley & Sons, 1993.
Index Terms
- Mutual authenticating protocol with key distribution in client/server environment
Recommendations
An ID-based client authentication with key agreement protocol for mobile client-server environment on ECC with provable security
Recently, lots of remote user authentication schemes are implemented on elliptic curve cryptosystem (ECC) to reduce the computation loads for mobile devices. However, most of those remote user authentication schemes on ECC suffer from different attacks ...
An efficient remote user authentication and key agreement protocol for mobile client-server environment from pairings
With the continue evaluation of mobile devices in terms of the capabilities and services, security concerns increase dramatically. To provide secured communication in mobile client-server environment, many user authentication protocols from pairings ...
An efficient user authentication and key exchange protocol for mobile client-server environment
Considering the low-power computing capability of mobile devices, the security scheme design is a nontrivial challenge. The identity (ID)-based public-key system with bilinear pairings defined on elliptic curves offers a flexible approach to achieve ...
Comments
Information & Contributors
Information
Published In
March 1996
24 pages
Copyright © 1996 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 April 1996
Published in XRDS Volume 2, Issue 4
Check for updates
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 134Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 25 Jan 2025
Other Metrics
Citations
View Options
View options
Magazine Site
View this article on the magazine site (external)
Magazine SiteLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in