One-Message Unilateral Entity Authentication Schemes

A one-message unilateral entity authentication scheme allows one party, called the prover, to authenticate himself, i.e., to prove his identity, to another party, called the verifier, by sending a single authentication message. In this paper we consider schemes where the prover and the verifier do not share any secret information, such as a password, in advance. We propose the first theoretical characterization for one-message unilateral entity authentication schemes, by formalizing the security requirements for such schemes with respect to different kinds of adversaries. Afterwards, we propose three provably-secure constructions for one-message unilateral entity authentication schemes.

[1]  Wen-Yuan Liao,et al.  A remote password authentication scheme based upon ElGamal's signature scheme , 1994, Comput. Secur..

[2]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[5]  Alfredo De Santis,et al.  Efficient provably-secure hierarchical key assignment schemes , 2007, Theor. Comput. Sci..

[6]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[7]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[8]  Umberto Ferraro Petrillo,et al.  A Review of Security Attacks on the GSM Standard , 2013, ICT-EurAsia.

[9]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[10]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[11]  Xinyi Huang,et al.  Cryptographic Hierarchical Access Control for Dynamic Structures , 2016, IEEE Transactions on Information Forensics and Security.

[12]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[13]  Yu-Yi Chen,et al.  "Paramita wisdom" password authentication scheme without verification tables , 1998, J. Syst. Softw..

[14]  Jong Hyuk Park,et al.  Robust one-time password authentication scheme using smart card for home network environment , 2011, Comput. Commun..

[15]  Alfredo De Santis,et al.  Hierarchical and Shared Key Assignment , 2014, 2014 17th International Conference on Network-Based Information Systems.

[16]  Umberto Ferraro Petrillo,et al.  Security Issues and Attacks on the GSM Standard: a Review , 2013, J. Univers. Comput. Sci..

[17]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[18]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[19]  Craig Metz,et al.  A One-Time Password System , 1996, RFC.

[20]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[21]  Barbara Masucci,et al.  On the Equivalence of Two Security Notions for Hierarchical Key Assignment Schemes in the Unconditional Setting , 2015, IEEE Transactions on Dependable and Secure Computing.

[22]  Nir Bitansky,et al.  Perfect Structure on the Edge of Chaos - Trapdoor Permutations from Indistinguishability Obfuscation , 2016, TCC.

[23]  Dengguo Feng,et al.  An improved smart card based password authentication scheme with provable security , 2009, Comput. Stand. Interfaces.

[24]  Chien-Ming Chen,et al.  Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols , 2002 .

[25]  Alfredo De Santis,et al.  Key Indistinguishability versus Strong Key Indistinguishability for Hierarchical Key Assignment Schemes , 2016, IEEE Transactions on Dependable and Secure Computing.

[26]  Yuefei Zhu,et al.  Robust smart-cards-based user authentication scheme with user anonymity , 2012, Secur. Commun. Networks.

[27]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[28]  Matu-Tarow Noda,et al.  Simple and Secure Password Authentication Protocol (SAS) , 2000 .

[29]  Jing-Jang Hwang,et al.  A Secure One-Time Password Authentication Scheme Using Smart Cards , 2002 .

[30]  David M'Raïhi,et al.  TOTP: Time-Based One-Time Password Algorithm , 2011 .

[31]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[32]  Cheng-Chi Lee,et al.  A password authentication scheme over insecure networks , 2006, J. Comput. Syst. Sci..

[33]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[34]  Shengmei Zhao,et al.  A novel one-time password mutual authentication scheme on sharing renewed finite random sub-passwords , 2013, J. Comput. Syst. Sci..

[35]  Shiuh-Pyng Shieh,et al.  Password authentication schemes with smart cards , 1999, Comput. Secur..

[36]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[37]  Alfredo De Santis,et al.  Variations on a theme by Akl and Taylor: Security and tradeoffs , 2010, Theor. Comput. Sci..

[38]  Craig Metz,et al.  One-Time Passwords in Everything (OPIE): Experiences with Building and Using Strong Authentication , 1995, USENIX Security Symposium.