|aThesis (PH.D.)--CITY UNIVERSITY OF NEW YORK, 1997.
520
|aThousands of computer users utilize systems requiring that they prove their identity in order to access specific services. This procedure, called authentication, usually requires the entering of a password unique to the user. Internet users are the fastest growing population of computer users required to authenticate themselves. Unfortunately, Internet security is very weak--any cracker, anywhere, can potentially access a computer user's Internet account by dialing a publicly available telephone number (to the provider) and then trying to figure out the user's password. As we shall see in the following paper, a large majority of users employ passwords that are easy to remember and therefore easy to guess. This provides a great opportunity for crackers to guess their passwords. In addition, it is very easy to tap a communication line (especially on the Internet), giving a cracker the opportunity to see passwords, as most Internet providers don't use secure authentication schema to grant access to their service.
520
|aTherefore, we will propose a method allowing a user to employ badly chosen passwords (passwords that are easy to remember), and still access a system securely. We are going to prove that this method defies all known crackers' techniques and uses algorithms that have logarithmic complexity. We will show that the password transformation has a linear complexity and that the key used for the password transformation can be created in n steps, where n is the length of the password. We will also give a secure solution for authenticating a user who employs a badly chosen password. We will compare this technique with other known authentication schema and we will show that this method is the only technique that is not weakened by the use of badly chosen keys or passwords. We will also prove that our technique resists most of the known statistical and cryptanalytical attacks (plaintext attack and chosen plaintext attack), and that it can be used in conjunction with other cryptographic methodologies to augment them with its special properties against cryptanalysis.