Secure remote user access over insecure networks

Remote user authentication based on passwords over untrusted networks is the conventional method of authentication in the Internet and mobile communication environment. Typical secure remote user access solutions rely on pre-established secure cryptographic keys, public-key infrastructure, or secure hardware. In this paper, we present secure password-based protocols for remote user authentication, password change, and session key establishment over insecure networks. The proposed protocols do not require the use of any additional private- or public-key infrastructure.