Abstract
This paper proposes Sausage-style new kind of one-time password schemes and describes their applications. A proposal is an extension of the Lamport-like scheme and has an advantage that we could send data from the client (prover) to the server (verifier) while authentication phase. The proposal uses jointed hash chain with Merkle tree and L-divided tree (including binary tree), this kind of jointed tree seems the casing (wrapper), so we call the proposals Sausage-style one-time password schemes. We assume that the hash function has only one-way feature, so we can use dedicated cryptographic hash function such as SHA-2/3, this means that we do not need the trapdoors in the hash function, so we realize efficient implementations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
NIST Special Publication 800-63-3: Digital Identity Guidelines. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf
ITU-T Recommendation X.509—ISO/IEC 9594-8: Information Technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks (2016)
Lamport, L.: Password authentication with insecure communication. Commun. ACM 24(11), 770–772 (1981)
Haller, N.: The S/KEY One-Time Password System. http://tools.ietf.org/html/rfc1760
Haller, N., et al.: A One-Time Password System. http://tools.ietf.org/html/rfc2289.pdf (In Japanese)
IIJ: Internet Infrastructure Review, vol. 25, 1.4.3. The Status of List-Based Attacks and Their Countermeasures. https://www.iij.ad.jp/en/company/development/iir/pdf/iir_vol25_infra_EN.pdf
OASIS: eXtensible Access Control Markup Language3 (XACML) Version 2.0 (2005). http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-corespec-os.pdf
Ferraiolo, D., Kuhn, R.: Role-based access controls. In: Proceedings of the 15th National Computer Security Conference (1992). http://csrc.nist.gov/rbac
NIST: Attribute Based Access Control (ABAC) Overview. http://csrc.nist.gov/projects/abac/
Merkle, R.: Secrecy, authentication and public key systems/A certified digital signature. Ph.D. dissertation, Department of Electrical Engineering, Stanford University (1979)
Szydlo, M.: Merkle tree traversal in log space and time. In: EUROCRYPT 2004 (2004)
National Police Agency: Status of Incidents of Illegal Remittance Related to Internet Banking in 2014, February 2015. http://www.npa.go.jp/cyber/pdf/H270212_banking.pdf. (in Japanese)
Trend Micro Security Blog: Analyzing digital certificate theft attacks targeting corporate net banking. http://blog.trendmicro.co.jp/archives/9417
About the FIDO Alliance. https://fidoalliance.org/about/overview/
OASIS: Security Assertion Markup Language (SAML). http://xml.coverpages.org/saml.html
OpenID Foundation: OpenID specifications. http://openid.net/developers/specs/
Hardt, D.: The OAuth 2.0 Authorization Framework. http://tools.ietf.org/html/rfc6749
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Suga, Y. (2018). Sausage-Style One-Time Authentication Schemes. In: Barolli, L., Xhafa, F., Conesa, J. (eds) Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2017. Lecture Notes on Data Engineering and Communications Technologies, vol 12. Springer, Cham. https://doi.org/10.1007/978-3-319-69811-3_59
Download citation
DOI: https://doi.org/10.1007/978-3-319-69811-3_59
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69810-6
Online ISBN: 978-3-319-69811-3
eBook Packages: EngineeringEngineering (R0)