1 / 22

A New Approach for Anonymous Password Authentication

A New Approach for Anonymous Password Authentication. Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore. Jian Weng Jinan University, China. Agenda. Introduction Limits of Conventional Anonymous Password Authentication

urian
Télécharger la présentation

A New Approach for Anonymous Password Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan University, China

  2. Agenda • Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion

  3. Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion

  4. PA: Pros & Cons • Password Authentication (PA) • Most widely used entity authentication technique • Advantages: portability • Disadvantages: guessing attack • Online guessing attack • Offline guessing attack

  5. Privacy Concern • Privacy is increasingly a concern nowadays • Password authentication in its original form does not protect user privacy

  6. PWi PA: Standard Setting Project Summary - why should it be done? User Server (PWi) Password File U1, PW1 U2, PW2 U3, PW3 Ui Ui, PWi Ui, PWi Un, PWn

  7. Privacy Protection – Anonymous PA • Unlinkability U1, PW1 U2, PW2 U3, PW3 Unlinkability Ui, PWi Un, PWn

  8. Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion

  9. Major Weakness • Server Computation O(N) • Linear to the total number registered users N • Server is the bottleneck of the system

  10. Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion

  11. A Different Setting Project Summary - why should it be done? User Server PW Cred [Cred]PW Important: [Cred]PW is public, requiring no further protection, portability arguably remains

  12. Design Rationale Project Summary - why should it be done? • Cred must not be publicly verifiable; otherwise, everyone can guess pw from [Cred]PW • Cred is verifiable only to server

  13. First Try Project Summary - why should it be done? • What Credentials Have Unlinkability? • Blind Signature Cred = Blnd Sig [Cred] = [Blnd Sig]PW • Failurs: • Blind signatures are public verifiable

  14. Second Try Project Summary - why should it be done? • Still Using Blind Signature, but with Restricted Verifiability (Encryption to Server) • Failures: • Server knows Cred from [Cred]PW, so if directly submit Cred to server, then server links credentials encrypted by the same PW

  15. Third Try • Seems should not directly submit the credentials to server • Using proof of knowledge • CL signature (by J. Camenisch, A. Lysyanskaya) • Public parameters: (a, b, c, n) • Signature: (v, k, s) s.t. vk = ambsc (mod n): • Signature showing: NPoK[(v,k,s):vk=ambsc]

  16. Third Try - continue • Credential: (v,k,s) s.t. vk = aUbsc (mod n) • How to Achieve Restricted Verifiability • Encryption of s to Server: Enc(s); • Prove to Server: NPoK[(v,k,U):vka-U=bsc] • Failurs: • Linkability through Enc(s)

  17. Finale • We need to blind Enc(), so it should be homomorphic: HE(.) • HE(r1).HE(r2) = HE(r1+r2) • Partition s: s = s1 + s2 • Encryption s1 to Server Enc(s1), and blind Enc(s1) each time

  18. Finale - continued • Final Scheme • [Cred]PW = <[v, s2]PW, HE(s1), k> • Authentication: • partition s2 =s21+s22 • bind HE(s1): HE(s1)HE(s21) = HE(s1+s21) • Submit bs22gr, HE(s1+s21) to server • NPoK[(v,k,U,r):vka-U=bs1+s21bs22grc=bsgrc]

  19. Future Work • User Revocation • Online Guessing Attacks

  20. Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion

  21. Conclusion • Server Computation in Conventional Anonymous PA has to be O(N) • We Proposed A New Paradigm for Anonymous PA: Using Password to Protect Authentication Credentials • Our Scheme Has Constant Server Computation

  22. Q & A Project Summary - why should it be done? THANK YOU!

More Related