ABSTRACT
A one-message unilateral entity authentication scheme allows one party, called the prover, to authenticate himself, i.e., to prove his identity, to another party, called the verifier, by sending a single authentication message.
In this paper we consider schemes where the prover and the verifier do not share any secret information, such as a password, in advance. We propose the first theoretical characterization for one-message unilateral entity authentication schemes, by formalizing the security requirements for such schemes with respect to different kinds of adversaries. Afterwards, we propose three provably-secure constructions for one-message unilateral entity authentication schemes.
- M. Blum and S. Micali. 1984. How to generate cryptographically strong sequences of pseudorandom bits. SIAM J. on Computing 13 (1984), 850--864. Google ScholarDigital Library
- M. Cafaro, R. Civino, and B. Masucci. 2015. On the equivalence of two security notions for hierarchical key assignment schemes in the unconditional setting. IEEE Trans. Dependable Sec. Comput. 12, 4 (2015), 485--490.Google ScholarCross Ref
- A. Castiglione, A. De Santis, and B. Masucci. 2014. Hierarchical and shared key assignment. In 17th International Conference on Network-Based Information Systems, NBIS 2014. 263--270. Google ScholarDigital Library
- A. Castiglione, A. De Santis, and B. Masucci. 2016. Key indistinguishability versus strong key indistinguishability for hierarchical key assignment schemes. IEEE Trans. Dependable Sec. Comput. 13, 4 (2016), 451--460.Google ScholarCross Ref
- A. Castiglione, A. De Santis, B. Masucci, F. Palmieri, A. Castiglione, and X. Huang. 2016. Cryptographic hierarchical access control for dynamic structures. IEEE Trans. Inf. Forensics Secur. 11, 10 (2016), 2349--2364.Google ScholarCross Ref
- G. Cattaneo, G. De Maio, and U. Ferraro Petrillo. 2013. Security issues and attacks on the GSM standard: a review. Journal of Universal Computer Science 19, 16 (2013), 2437--2452.Google Scholar
- G. Cattaneo, G. Maio, P. Faruolo, and U. Ferraro Petrillo. 2013. A review of security attacks on the GSM standard. In Information and Communication Technology, LNCS, Vol. 7804. 507--512. Google ScholarDigital Library
- C.-C. Chang and W.-Y. Liao. 1994. A remote password authentication scheme based upon ElGamal's signature scheme. Computers & Security 13, 2 (1994), 137--144. Google ScholarDigital Library
- C.-C. Chang and T.-C. Wu. 1991. Remote password authentication with smart cards. IEE Proceedings E-Computers and Digital Techniques 138, 3 (1991), 165--168.Google ScholarCross Ref
- C.-M. Chen and W.-C. Ku. 2002. Stolen-verifier attack on two new strong-password authentication protocols. IEICE Transactions on communications 85, 11 (2002), 2519--2521.Google Scholar
- P. DArco, A. De Santis, A. L. Ferrara, and B. Masucci. 2010. Variations on a theme by Akl and Taylor: security and tradeoffs,. Theoretical Comp. Sci. 411 (2010), 213--227. Google ScholarDigital Library
- A. De Santis, A. L. Ferrara, and B. Masucci. 2011. Efficient provably-secure hierarchical key assignment schemes. Theoretical Comp. Sci. 412, 41 (2011), 5684--5699. Google ScholarDigital Library
- W. Diffie and M. Hellman. 1976. New directions in cryptography. IEEE Transactions on Information Theory 22, 6 (1976), 644--654. Google ScholarDigital Library
- S. Goldwasser and S. Micali. 1984. Probabilistic encryption. Journal of computer and system sciences 28, 2 (1984), 270--299.Google ScholarCross Ref
- S. Goldwasser, S. Micali, and R. Rivest. 1988. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 2(1988), 281--308. Google ScholarDigital Library
- L. Gong, J. Pan, B. Liu, and S. Zhao. 2013. A novel one-time password mutual authentication scheme on sharing renewed finite random sub-passwords. J. Comput. System Sci. 79, 1 (2013), 122--130. Google ScholarDigital Library
- N. Haller. 1994. The S/KEY one-time password system. In In Proceedings of the Internet Society Symposium on Network and Distributed Systems. 151--157.Google Scholar
- N. Haller, C. Metz, P. Nesser, and M. Straw. A one-time password system. Technical Report RFC 2289. Google ScholarDigital Library
- R. Levin L. A. Hastad, J. Impagliazzo and M. Luby. 1999. A pseudorandom generator from any one-way function. SIAM J. Comput. 13 (1999), 1364--1396. Google ScholarDigital Library
- M.-S. Hwang and L.-H. Li. 2000. A new remote user authentication scheme using smart cards. IEEE Transactions on Consumer Electronics 46, 1 (2000), 28--30. Google ScholarDigital Library
- J.-K. Jan and Y.-Y. Chen. 1998. Paramita wisdom password authentication scheme without verification tables. Journal of Systems and Software 42, 1 (1998), 45--57. Google ScholarDigital Library
- R.Joyce and G. Gupta. 1990. Identity authentication based on keystroke latencies. Commun. ACM 33, 2 (1990), 168--176. Google ScholarDigital Library
- L. Lamport. 1981. Password authentication with insecure communication. Commun. ACM 24, 11 (1981), 770--772. Google ScholarDigital Library
- I.-E. Liao, C.-C. Lee, and M.-S. Hwang. 2006. A password authentication scheme over insecure networks. J. Comput. System Sci. 72, 4 (2006), 727--740. Google ScholarDigital Library
- D. L. Mcdonald, R. J. Atkinson, and C. Metz. 1995. One time Passwords In Everything (OPIE): Experiences with building and using stronger authentication. In In Proc. 5th USENIX Security Symposium. 177--86. Google ScholarDigital Library
- D. M'Raihi, S. Machani, M. Pei, and J. Rydell. 2011. Totp: Time-based one-time password algorithm. Technical Report RFC 6238.Google Scholar
- Bitansky N., Paneth O., and Wichs D. 2016. Perfect structure on the edge of chaos - Trapdoor permutations from indistinguishability obfuscation. In Theory of Cryptography 2016, LNCS, Vol. 9562. 474--502. Google ScholarDigital Library
- M. Naor and M. Yung. 1989. Universal one-way hash functions and their cryptographic applications. In Proceedings of the 21st Annual ACM Symposium on Theory of Computing. 33--43. Google ScholarDigital Library
- M. O. Rabin. 1979. Digitalized signatures as intractable as factorization. Technical Report TR-212, MIT/LCS (1979). Google ScholarDigital Library
- R. Rivest, A. Shamir, and L. Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (1978), 120--126. Google ScholarDigital Library
- J. Rompel. 1990. One-way functions are necessary and sufficient for secure signatures. In Proceedings of the 22nd Annual ACM Symposium on Theory of Computing. 387--394. Google ScholarDigital Library
- M. Sandirigama and A. Shimizu. 2000. Simple and secure password authentication protocol (SAS). IEICE Transactions on Communications 83, 6 (2000), 1363--1365.Google Scholar
- C.-S. Tsai, C.-C. Lee, and M.-S. Hwang. 2006. Password authentication schemes: Current status and key issues. IJ Network Security 3, 2 (2006), 101--115.Google Scholar
- Y. Tzu-Chang, S. Hsiao-Yun, and J.-J. Hwang. 2002. A secure one-time password authentication scheme using smart cards. IEICE Transactions on Communications 85, 11 (2002), 2515--2518.Google Scholar
- B. Vaidya, J. H. Park, S.-S. Yeo, and J. J. P. C. Rodrigues. 2011. Robust one-time password authentication scheme using smart card for home network environment. Computer Communications 34, 3 (2011), 326--336. Google ScholarDigital Library
- S. Wu, Y. Zhu, and Q. Pu. 2012. Robust smart-cards-based user authentication scheme with user anonymity. Security and Communication Networks 5, 2 (2012), 236--248. Google ScholarDigital Library
- J. Xu, W.-T. Zhu, and D.-G. Feng. 2009. An improved smart card based password authentication scheme with provable security. Computer Standards & Interfaces 31, 4 (2009), 723--728. Google ScholarDigital Library
- W.-H. Yang and S.-P. Shieh. 1999. Password authentication schemes with smart cards. Computers & Security 18, 8 (1999), 727--733. Google ScholarDigital Library
- A. C. Yao. 1982. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual ACM Symposium on Foundations of Computer Science. 80--91. Google ScholarCross Ref
- One-Message Unilateral Entity Authentication Schemes
Recommendations
On provable security of UOV and HFE signature schemes against chosen-message attack
PQCrypto'11: Proceedings of the 4th international conference on Post-Quantum CryptographyThe multivariate public key cryptosystem (MPKC) is considered to be one of the candidates of post-quantum cryptography. Unbalanced Oil-Vinegar (UOV) scheme and Hidden Field Equation (HFE) scheme are well-known schemes in MPKC. However, little attention ...
An efficient non-interactive deniable authentication scheme based on trapdoor commitment schemes
Deniable authentication scheme is one of useful tools for secure communications. The scheme allows a sender to prove the authenticity of a message to a specified receiver without permitting the receiver to prove that the message was authenticated by the ...
Certificateless KEM and hybrid signcryption schemes revisited
ISPEC'10: Proceedings of the 6th international conference on Information Security Practice and ExperienceOften authentication and confidentiality are required as simultaneous key requirements in many cryptographic applications. The cryptographic primitive called signcryption effectively implements the same and while most of the public key based systems are ...
Comments