An adaptable and reliable authentication protocol for communication networks

We propose a new authentication and key distribution protocol which is adaptable and reliable for communication networks. The secrets for authentication, which are chosen from a relatively small space by common users, are easy to guess. Our protocol gives a solution to protect the weak secrets from guessing attacks. Compared with other related work, our protocol is more reliable because it is resistant to various kinds of attacks including guessing attacks, and more adaptable because it reduces several overheads which make the existing protocols more expensive. We show how to apply our protocol to the Q.931 calling sequences and to the World Wide Web model.

[1]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[2]  Patrick Horster,et al.  Undetectable on-line password guessing attacks , 1995, OPSR.

[3]  Li Gong,et al.  Optimal authentification protocols resistant to password guessing attacks , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[4]  Sadahiko Kano Layers 2 and 3 ISDN Recommendations , 1986, IEEE J. Sel. Areas Commun..

[5]  William E. Burr Security in ISDN , 1991 .

[6]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[7]  W. Gifford ISDN User-Network Interfaces , 1986, IEEE J. Sel. Areas Commun..

[8]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[9]  Jerome H. Saltzer,et al.  Reducing risks from poorly chosen keys , 1989, SOSP '89.

[10]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[11]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12]  Walter Fumy,et al.  A Modular Approach to Key Distribution , 1990, CRYPTO.

[13]  Li Gong,et al.  Verifiable-text attacks in cryptographic protocols , 1990, Proceedings. IEEE INFOCOM '90: Ninth Annual Joint Conference of the IEEE Computer and Communications Societies@m_The Multiple Facets of Integration.

[14]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[15]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[16]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.