A user authentication system using back-propagation network

Information security has been a critical issue in the field of information systems. One of the key factors in the security of a computer system is how to identify the authorization of users. Password-based user authentication is widely used to authenticate a legitimate user in the current system. In conventional password-based user authentication schemes, a system has to maintain a password table or verification table which stores the information of users’ IDs and passwords. Although the one-way hash functions and encryption algorithms are applied to prevent the passwords from being disclosed, the password table or verification table is still vulnerable. In order to solve this problem, in this paper, we apply the technique of back-propagation network instead of the functions of the password table and verification table. Our proposed scheme is useful in solving the security problems that occurred in systems using the password table and verification table. Furthermore, our scheme also allows each user to select a username and password of his/her choice.

[1]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[2]  Mohammad S. Obaidat,et al.  A Multilayer Neural Network System for Computer Access Security , 1994, IEEE Trans. Syst. Man Cybern. Syst..

[3]  Min-Shiang Hwang A remote password authentication scheme based on the digital signature method , 1999, Int. J. Comput. Math..

[4]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[5]  Udi Manber,et al.  A simple scheme to make passwords based on one-way functions much harder to crack , 1996, Comput. Secur..

[6]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7]  Yu-Yi Chen,et al.  "Paramita wisdom" password authentication scheme without verification tables , 1998, J. Syst. Softw..

[8]  I. C. Lin,et al.  (IEEE Transactions on Neural Networks,12(6):1498-1504)A Remote Password Authentication Scheme for Multi-Server Architecture Using Neural Network , 2001 .

[9]  C.-C. Chang,et al.  Using smart cards to authenticate passwords , 1993, 1993 Proceedings of IEEE International Carnahan Conference on Security Technology.

[10]  Tharam S. Dillon,et al.  Setting optimal intrusion-detection thresholds , 1995, Comput. Secur..

[11]  Cheng-Chi Lee,et al.  Man-in-the-Middle Attack on the Authentication of the User from the Remote Autonomous Object , 2005, Int. J. Netw. Secur..

[12]  Ralph C. Merkle,et al.  A fast software one-way hash function , 1990, Journal of Cryptology.

[13]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  Mohammad S. Obaidat,et al.  Dimensionality reduction and feature extraction applications in identifying computer users , 1991, IEEE Trans. Syst. Man Cybern..

[16]  Cheng-Chi Lee,et al.  An Improvement of SPLICE/AS in WIDE against Guessing Attack , 2001, Informatica.

[17]  Min-Shiang Hwang,et al.  Cryptanalysis of a remote login authentication scheme , 1999, Comput. Commun..

[18]  R. Lippmann,et al.  An introduction to computing with neural nets , 1987, IEEE ASSP Magazine.

[19]  W. Ford Security Techniques For Network Management , 1992, [Proceedings] NOMS '92 Network Without Bounds: IEEE 1992 Network Operations and Management Symposium.

[20]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[21]  Arthur E. Oldehoeft,et al.  A survey of password mechanisms: Weaknesses and potential improvements. Part 2 , 1989, Comput. Secur..

[22]  Chin-Chen Chang,et al.  Using smart cards to authenticate remote passwords , 1993 .

[23]  Edwin Weiss,et al.  A user authentication scheme not requiring secrecy in the computer , 1974, Commun. ACM.

[24]  Richard P. Lippmann,et al.  An introduction to computing with neural nets , 1987 .

[25]  M. W. Roth Survey of neural network technology for automatic target recognition , 1990, IEEE Trans. Neural Networks.

[26]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[27]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.