Secure Email Login Based on Lightweight Asymmetric Identities
Authors: 
Kaige Yang, Shenghui SuAuthors Info & Claims
Pages 25 - 29
Abstract
In this paper, the authors analyze existing email login schemes, point out their flaws and shortcomings of, and give a secure login scheme based on a lightweight asymmetric identity. For the first time, the new scheme adopts a lightweight asymmetric identity of a user account as a user login credentials. The lightweight asymmetric identity implicates a user account (namely user name), private key, IP source address, and random number, and is verified by an email server, which can prevent an attacker from intercepting the user information and directly logging in the user mailbox. Analysis manifests the scheme can resist replay attack, birthday attack, dictionary attack, phishing website attack, and their combinatorial attacks.
References
[1]
Yu, D. 2009. Study on Measurement Model of Putting People First for E-mail Login System. In 2009 International Forum on Information Technology and Applications (Vol. 1, pp. 622--625). IEEE.
[2]
Josie Le, Blond in Berlin. German politicians' personal data leaked online. DOI= https://www.theguardian.com/world/2019/jan/04/german-politicians-personal-data-hacked-and-posted-online. 1998--08-16/1998--10-04.
[3]
IVAN MEHTA. 773 million email addresses have been leaked - check if yours is on the list. DOI=https://thenextweb.com/security/2019/01/17/773-million-email-addresses-have-been-leaked-check-if-yours-is-on-the-list/.
[4]
Li, T., Mehta, A., and Yang, P. 2017. Security Analysis of Email Systems. IEEE International Conference on Cyber Security & Cloud Computing. IEEE Computer Society.
[5]
Czeskis, A., Dietz, M., Kohno, T., Wallach, D., etc. 2012. Strengthening user authentication through opportunistic cryptographic identity assertions. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 404--414). ACM.
[6]
Su, S., Zheng, J., Lü, S., Huang, Z., etc. 2017. Idology and Its Applications in Public Security and Network Security. Lecture Notes in Computer Science. 10241 (May. 2017), 129--150.
[7]
Kaczmarek, T., Ozturk, E., and Tsudik, G. 2018. Assentication: User De-authentication and Lunchtime Attack Mitigation with Seated Posture Biometric. In International Conference on Applied Cryptography and Network Security(pp. 616--633). Springer, Cham.
[8]
Elmer, J., and Rosenheim, S. J. 1998. The cryptographic imagination: secret writing from edgar poe to the internet. American Literature. 70(1), 180.
[9]
Postel, J. 1982. Simple mail transfer protocol. Information Sciences.
[10]
Shamir, A. 1984. Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques (pp. 47--53). Springer, Berlin, Heidelberg.
[11]
Nunes, I. O., and Tsudik, G. 2018. KRB-CCN: Lightweight Authentication and Access Control for Private Content-Centric Networks. In International Conference on Applied Cryptography and Network Security (pp. 598--615). Springer, Cham. DOI= https://doi.org/10.1007/978-3-319-93387-0_31.
[12]
Rila, L., and Mitchell, C. J. 2003. Security protocols for biometrics-based cardholder authentication in smartcards. In International Conference on Applied Cryptography and Network Security (pp. 254--264). Springer, Berlin, Heidelberg.
[13]
Su, S., and Lü, S. 2014. Lightweight asymmetric identity New direction in brand safety. Chinese scientific papers online DOI=http://www.paper.edu.cn/releasepaper/content/201410-316.
[14]
Su, S., and Lü, S. 2012. A public key cryptosystem based on three new provable problems. Theoretical Computer Scien. 426, (Apr. 2012) 91--117.
[15]
Su, S., Xie, T., and Lü, S. 2016. A provably secure non-iterative hash function resisting birthday attack. Theoretical Computer Science. 654(Nov. 2016), 128--142.
Index Terms
- Secure Email Login Based on Lightweight Asymmetric Identities
Recommendations
Three Steps Secure Login: A systematic approach
COMPUTE '16: Proceedings of the 9th Annual ACM India ConferenceGenerally, user authentication performs through user's Id and password. In this process, user id remains visible and password remains secret. But through shoulder surfing and other attacks, the password can also be traced due to exact password ...
Some common attacks against certified email protocols and the countermeasures
Certified email is a value-added service for standard email systems, which guarantees the fairness, i.e., the intended recipient gets the mail content if and only if the mail originator receives a non-repudiation receipt showing that the message has ...
Storageless Credentials And Secure Login
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive StrategiesCompromising databases of servers of a login system result in successful theft of login credentials. Storage of these credentials as part of the authentication system makes a login system vulnerable for the theft. Various types of malicious activities ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2019
172 pages
ISBN:9781450376624
DOI:10.1145/3371676
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- University of Tokyo
- Chongqing University of Posts and Telecommunications
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 January 2020
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICCNS 2019
ICCNS 2019: 2019 the 9th International Conference on Communication and Network Security
November 15 - 17, 2019
Chongqing, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 81Total Downloads
- Downloads (Last 12 months)10
- Downloads (Last 6 weeks)2
Reflects downloads up to 14 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in