An integrated user authentication and access control scheme without public key cryptography

Author

Hung-Yu Chien ; Jan, Jinn-Ke

Author_Institution

Dept. of Inf. Manage., ChaoYang Univ. of Technol., Taichung, Taiwan

fYear

2003

fDate

14-16 Oct. 2003

Firstpage

137

Lastpage

143

Abstract

Conventionally, user authentication and access control are two separate security mechanisms in many distributed systems. An integrated design of user authentication and access control may provide better performance in terms of security and computational complexity. We discuss the pros and cons of the separate approach and the integrated approach, and then propose a new integrated scheme without using public key cryptography. The new scheme has several practical merits - no user-sensitive data stored on the server, no storage for access list or capability list on the server, extreme low computational cost, the freedom of choosing users´ passwords, and mutual authentication.

Keywords

authorisation; computational complexity; cryptography; data integrity; message authentication; smart cards; access list storage; capability list storage; computational complexity; data security; extreme low computational cost; hashing functions; integrated access control; integrated user authentication; mutual authentication; public key cryptography; user password choosing; user-sensitive data; Access control; Access protocols; Authentication; Chaos; Data security; Information management; Information security; Network servers; Protection; Public key cryptography;

fLanguage

English

Publisher

ieee

Conference_Titel

Security Technology, 2003. Proceedings. IEEE 37th Annual 2003 International Carnahan Conference on

Print_ISBN

0-7803-7882-2

Type

conf

DOI

10.1109/CCST.2003.1297550

Filename

1297550