An Intrusion Resilient Password/key Hybrid Authentication Protocol

M. Long, C.-H. Wu, and J.D. Irwin (USA)


Authentication, forward secure signature, password


This paper presents the first algorithm that applies a forward-secure signature technique to authentication between a client and a server. The user's login records are protected by a forward-secure signature, which prevents an adversary from forging or altering the login records pertaining to the past. The proposed protocol combines a forward-secure signature with a user's password, and achieves high security against strong adversaries, i.e. adversarial break-in. The solution, efficient in terms of computational cost, is suitable for remote user authentication in the enterprise/institution network environment.

Important Links:

Go Back