Improvements to mitchell's remote user authentication protocol

Abstract

A provably secure protocol for remote authentication is presented. Only public information is stored at the verifying host that makes our scheme resistant to server compromise. We use one time signatures coupled with offline transcripts for synchronization. Due to sole usage of fast cryptographic hash functions, our method is appropriate for low cost user authentication. Our construction improves over the previously proposed technique of Mitchell to overcome its problem of Denial of Service (DoS) attacks. © Springer-Verlag Berlin Heidelberg 2006.