User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Jun-Cheol PARK, "Privacy-Preserving Authentication of Users with Smart Cards Using One-Time Credentials" in IEICE TRANSACTIONS on Information,
vol. E93-D, no. 7, pp. 1997-2000, July 2010, doi: 10.1587/transinf.E93.D.1997.
Abstract: User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E93.D.1997/_p
Copy
@ARTICLE{e93-d_7_1997,
author={Jun-Cheol PARK, },
journal={IEICE TRANSACTIONS on Information},
title={Privacy-Preserving Authentication of Users with Smart Cards Using One-Time Credentials},
year={2010},
volume={E93-D},
number={7},
pages={1997-2000},
abstract={User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.},
keywords={},
doi={10.1587/transinf.E93.D.1997},
ISSN={1745-1361},
month={July},}
Copy
TY - JOUR
TI - Privacy-Preserving Authentication of Users with Smart Cards Using One-Time Credentials
T2 - IEICE TRANSACTIONS on Information
SP - 1997
EP - 2000
AU - Jun-Cheol PARK
PY - 2010
DO - 10.1587/transinf.E93.D.1997
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E93-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2010
AB - User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.
ER -