Title :
An integrated user authentication and access control scheme without public key cryptography
Author :
Hung-Yu Chien ; Jan, Jinn-Ke
Author_Institution :
Dept. of Inf. Manage., ChaoYang Univ. of Technol., Taichung, Taiwan
Abstract :
Conventionally, user authentication and access control are two separate security mechanisms in many distributed systems. An integrated design of user authentication and access control may provide better performance in terms of security and computational complexity. We discuss the pros and cons of the separate approach and the integrated approach, and then propose a new integrated scheme without using public key cryptography. The new scheme has several practical merits - no user-sensitive data stored on the server, no storage for access list or capability list on the server, extreme low computational cost, the freedom of choosing users´ passwords, and mutual authentication.
Keywords :
authorisation; computational complexity; cryptography; data integrity; message authentication; smart cards; access list storage; capability list storage; computational complexity; data security; extreme low computational cost; hashing functions; integrated access control; integrated user authentication; mutual authentication; public key cryptography; user password choosing; user-sensitive data; Access control; Access protocols; Authentication; Chaos; Data security; Information management; Information security; Network servers; Protection; Public key cryptography;
Conference_Titel :
Security Technology, 2003. Proceedings. IEEE 37th Annual 2003 International Carnahan Conference on
Print_ISBN :
0-7803-7882-2
DOI :
10.1109/CCST.2003.1297550
