Cryptography Reference
In-Depth Information
17.4
FINAL REMARKS
In this chapter, we elaborated on entity authentication in general, and (cryptographic)
authentication protocols that implement a proof by knowledge in particular. Among
these protocols, the ones that employ static (authentication) information on the
claimant's side are the preferred choice from a security viewpoint (because they
are not vulnerable against eavesdropping and replay attacks). For example, one-
time password schemes and challenge-response mechanisms are perfectly fine in
many applications and application settings. Some of these authentication protocols
even have the zero-knowledge property. As such, they are able to optimally protect
the prover's secret authentication information. Unfortunately, the possibility to effi-
ciently simulate a zero-knowledge authentication protocol execution transcript also
makes it infeasible to provide nonrepudiation services with respect to authentication.
In either case, it is reasonable to expect that zero-knowledge authentication protocols
will play an increasingly large role in future entity authentication technologies and
systems.
References
[1]
Boyd, C., and A. Mathuria,
Protocols for Key Establishment and Authentication.
Springer-Verlag,
New York, 2003.
[2]
Smith, R.E.,
Authentication: From Passwords to Public Keys.
Addison-Wesley Professional,
Reading, MA, 2001.
[3]
Jurgensen, T.M., and S.B. Guthery,
Smart Cards: The Developer's Toolkit.
Prentice Hall PTR,
Upper Saddle River, NJ, 2002.
[4]
Morris, R., and K. Thompson, “Password Security: A Case History,”
Communications of the
ACM
, Vol. 22, 1979, pp. 594-597.
[5]
Feldmeier, D.C., and P.R. Karn, “UNIX Password Security—Ten Years Later,”
Proceedings of
CRYPTO '89
, 1990, pp. 44-63.
[6]
Klein, D.V., “Foiling the Cracker: A Survey of, and Improvements to, Password Security,”
Proceedings of USENIX UNIX Security Symposium
, August 1990, pp. 5-14.
[7]
Oppliger, R., “How to Address the Secure Platform Problem for Remote Internet Voting,”
Proceedings of 5th Conference on “Sicherheit in Informationssystemen” (SIS 2002)
, October
2002, pp. 153-173.
[8]
Haller, N., and R. Atkinson,
On Internet Authentication
, Request for Comments 1704, October
1994.
[9]
Dierks, T., and C. Allen,
The TLS Protocol Version 1.0
, Request for Comments 2246, January
1999.
