Privacy-Preserving Authentication of Users with Smart Cards Using One-Time Credentials
- Authors
- Park, Jun-Cheol
- Issue Date
- Jul-2010
- Publisher
- IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
- Keywords
- authentication; user privacy; smart card; one-time credentials
- Citation
- IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, v.E93D, no.7, pp.1997 - 2000
- Journal Title
- IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS
- Volume
- E93D
- Number
- 7
- Start Page
- 1997
- End Page
- 2000
- URI
- https://scholarworks.bwise.kr/hongik/handle/2020.sw.hongik/20758
- DOI
- 10.1587/transinf.E93.D.1997
- ISSN
- 0916-8532
- Abstract
- User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - ETC > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.