A countable and time-bound password-based user authentication scheme for the applications of electronic commerce

In this paper, we propose a secure and efficient user authentication scheme with countable and time-bound features. The countable feature is to limit the use to a certain number of times, which means that the users are able to successfully log into the system in a fixed number of times. The feature of the time-bound allows each login ticket to have a period of expiration. In other words, if a login request is overdue, it would not be available anymore. These features make our scheme more reliable for applications in the field of electronic commerce, such as on-line games, pay-TV, and so on. Since our scheme does not require any password or verification table and can avoid replay attacks, it is under firm security. Moreover, our scheme shows a lower computational overhead on the user side. Therefore, it offers an efficient and adequate alternative for the implementations in the mobile environment with limited computing capability.

[1]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[2]  Ralph C. Merkle,et al.  A fast software one-way hash function , 1990, Journal of Cryptology.

[3]  Dongho Won,et al.  Security weakness in a three-party pairing-based protocol for password authenticated key exchange , 2007, Inf. Sci..

[4]  Peter G. Neumann,et al.  Risks of passwords , 1994, CACM.

[5]  Alec Yasinsac,et al.  Formal analysis of modern security protocols , 2005, Inf. Sci..

[6]  Song Y. Yan Number Theory for Computing , 2000, Springer Berlin Heidelberg.

[7]  Jin-Fu Chang,et al.  Smart card based secure password authentication scheme , 1996, Computers & security.

[8]  Dan Boneh,et al.  Digital Signature Standard , 2005, Encyclopedia of Cryptography and Security.

[9]  Chin-Chen Chang,et al.  End-to-End Security Protocol for Mobile Communications with End-User Identification/Authentication , 2004, Wirel. Pers. Commun..

[10]  Udi Manber,et al.  A simple scheme to make passwords based on one-way functions much harder to crack , 1996, Comput. Secur..

[11]  Donald W. Davies,et al.  A Message Authenticator Algorithm Suitable for A Mainframe Computer , 1985, CRYPTO.

[12]  Wei-Bin Lee,et al.  A novel deniable authentication protocol using generalized ElGamal signature scheme , 2007, Inf. Sci..

[13]  Wu Tzong-Chen,et al.  Refereed paper: Authenticating passwords over an insecure channel , 1996 .

[14]  C.-C. Chang,et al.  Using smart cards to authenticate passwords , 1993, 1993 Proceedings of IEEE International Carnahan Conference on Security Technology.

[15]  Wang Shiuh-Jeng,et al.  Refereed paper: Smart card based secure password authentication scheme , 1996 .

[16]  Shoji Miyaguchi,et al.  The FEAL Cipher Family , 1990, CRYPTO.

[17]  I. C. Lin,et al.  (IEEE Transactions on Neural Networks,12(6):1498-1504)A Remote Password Authentication Scheme for Multi-Server Architecture Using Neural Network , 2001 .

[18]  Stephen M. Matyas,et al.  Cryptographic Authentication of Time-Invariant Quantities , 1981, IEEE Trans. Commun..

[19]  Min-Shiang Hwang,et al.  A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[20]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[21]  Alfredo De Santis,et al.  Enforcing the security of a time-bound hierarchical key assignment scheme , 2006, Inf. Sci..

[22]  Ralph Howard,et al.  Data encryption standard , 1987 .

[23]  Min-Shiang Hwang A remote password authentication scheme based on the digital signature method , 1999, Int. J. Comput. Math..

[24]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[25]  Tzong-Chen Wu,et al.  Authenticating passwords over an insecure channel , 1996, Comput. Secur..

[26]  Gwoboa Horng Password Authentication Without Using a Password Table , 1995, Inf. Process. Lett..

[27]  Chin-Chen Chang,et al.  Using smart cards to authenticate remote passwords , 1993 .

[28]  Shoji Miyaguchi,et al.  Fast Data Encipherment Algorithm FEAL , 1987, EUROCRYPT.

[29]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[30]  Gareth Jones,et al.  Elementary number theory , 2019, The Student Mathematical Library.

[31]  Rajendra S. Katti,et al.  A Hash-based Strong Password Authentication Protocol with User Anonymity , 2006, Int. J. Netw. Secur..

[32]  Chin-Chen Chang,et al.  Remote scheme for password authentication based on theory of quadratic residues , 1995, Comput. Commun..

[33]  Tzong-Chen Wu,et al.  Remote login authentication scheme based on a geometric approach , 1995, Comput. Commun..

[34]  Eric Jui-Lin Lu,et al.  Abstract , 2003, Appetite.

[35]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[36]  Cheng-Chi Lee,et al.  Password Authentication Schemes: Current Status and Key Issues , 2006, Int. J. Netw. Secur..

[37]  Edwin Weiss,et al.  A user authentication scheme not requiring secrecy in the computer , 1974, Commun. ACM.