Fortifying password authentication in integrated healthcare delivery systems

Yanjiang Yang, Robert H. Deng, Feng Bao
2006 Proceedings of the 2006 ACM Symposium on Information, computer and communications security - ASIACCS '06  
Integrated Delivery Systems (IDSs) now become a primary means of care provision in healthcare domain. However, existing password systems (under either the single-server model or the multi-server model) do not provide adequate security when applied to IDSs. We are thus motivated to present a practical password authentication system built upon a novel two-server model. We generalize the two-server model to an architecture of a single control server supporting multiple service servers, tailored to
more » ... the organizational structure of IDSs. The underlying user authentication and key exchange protocols we propose are password-only, neat, efficient, and robust against off-line dictionary attacks mounted by both servers. Keywords integrated delivery systems (IDSs), password system, user authentication and key exchange, dictionary attack.
doi:10.1145/1128817.1128855 dblp:conf/ccs/YangDB06 fatcat:76hdzdhkj5bnfcefloqmvsz6ja