Password authentication with insecure communication
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
A dynamic ID-based remote user authentication scheme
IEEE Transactions on Consumer Electronics
| Hi-index | 0.00 |
Password authentication is a technique to verify the legality of a user to prevent any kind of possible malicious depredations. The technique is regarded as one of the most convenient methods for remote user authentication. In 1981, Lamport introduced the first well-known password-based remote user authentication scheme. Since then many static login-ID based remote user authentication schemes have been proposed. The problem of static login-ID based remote user authentication technique is that it cannot restrict the registered users from distribution of their login-IDs to unregistered users. Additionally, the adversary can impersonate a valid login on intercepting the static login-ID and other login request’s parameters. In this paper, we present a dynamic login-ID based remote user authentication scheme using smart cards. In our scheme, the remote system receives a dynamic login-ID for every login request and decides whether the login request is valid or not. On employing dynamic login-ID in each login session, the scheme prevents the adversary from forged login-ID attacks. The use of smart card restricts the registered users from distribution of their login-IDs and avoids the scenario of many logged in users with the same login-ID. One of the prominent applications of the scheme is digital library. The scheme uses RSA and one-way hash function for secure login request generation and verification. The remote system of the scheme does not maintain any passwords or verifier table for validation of the login request. Moreover, the scheme provides a flexible password change option, where users can change their passwords at any time without any assistance from the remote system.