Since computer and communication networks prevail today, user authentication is particularly important. Password authentication is the most popular and acceptable mechanism for achieving privacy and security in such open environments. In this paper we propose a new password authentication scheme based on a one-way function. Associated with the use of smart cards, the proposed scheme can easily verify users' login requests over insecure channels, and the authenticated user does not necessarily have to be a known person. The proposed scheme has the ability to withstand replaying attack, tampering and eavesdropping on the communication links. Unlike Lamport's scheme, it is not necessary to change users' passwords periodically or to perform authentication processes synchronously between the smart card and the computer system. Also, when a better one-way function is invented the system designer can easily employ it without delay.
[1]
Gene Tsudik.
Message authentication with one-way hash functions
,
1992,
CCRV.
[2]
Ralph C. Merkle,et al.
A Certified Digital Signature
,
1989,
CRYPTO.
[3]
Ralph C. Merkle,et al.
A Digital Signature Based on a Conventional Encryption Function
,
1987,
CRYPTO.
[4]
Ralph C. Merkle,et al.
One Way Hash Functions and DES
,
1989,
CRYPTO.
[5]
Whitfield Diffie,et al.
New Directions in Cryptography
,
1976,
IEEE Trans. Inf. Theory.
[6]
D. Sternglass.
The future is in the PC cards
,
1992,
IEEE Spectrum.
[7]
Leslie Lamport,et al.
Password authentication with insecure communication
,
1981,
CACM.