1 / 18

On the Limits of Anonymous Password Authentication - 对 口令验证弱点的分析

On the Limits of Anonymous Password Authentication - 对 口令验证弱点的分析. Yanjiang Yang ( 杨艳江 ) I2R, Singapore. Jian Weng ( 翁健 ) Jinan Univ. China. Feng Bao ( 鲍丰 ) I2R, Singapore. Content. Introduction Related Work Limits of Anonymous Password Authentication

finna
Download Presentation

On the Limits of Anonymous Password Authentication - 对 口令验证弱点的分析

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On the Limits of Anonymous PasswordAuthentication -对口令验证弱点的分析 Yanjiang Yang (杨艳江) I2R, Singapore Jian Weng (翁健) Jinan Univ. China Feng Bao (鲍丰) I2R, Singapore

  2. Content • Introduction • Related Work • Limits of Anonymous Password Authentication • Conclusion

  3. Introduction • Related Work • Limits of Anonymous Password Authentication • Conclusion

  4. Password Authentication: Pros & Cons • Password Authentication (口令验证): Most widely used authentication Technique • Advantages • Portability • Disadvantages • Guessing attacks (online, offline)

  5. Privacy Concern • Privacy is increasingly a concern • Password authentication in its original form does not protect user privacy

  6. Standard Setting Project Summary - why should it be done? User Server Password File U1, PW1 U2, PW2 U3, PW3 Ui PWi PWi Ui, PWi Un, PWn

  7. Add Anonymity – Anonymous Password Auth. • Unlinkability U1, PW1 U2, PW2 U3, PW3 Ui, PWi Unlinkability Un, PWn

  8. Project Summary - why should it be done? • Introduction • Related Work • Limits of Anonymous Password Authentication • Conclusion

  9. Project Summary - why should it be done? • D. Q. Viet, A. Yamamura, T. Hidema. Anonymous Password-Based Authenticated Key Exchange. Proc. Indocrypt 2005, LNCS 3797, pp. 233-257, 2005. • S. Shin, K. Kobara, and H. Imai. A Secure Construction for Threshold Anonymous Password-Authenticated Key Exchange, IEICE Transactions on Fundamentals, Vol. E91-A, No. 11, pp. 3312-3323, 2008. • M. Abdalla, M. Izabachene, and D. Pointcheval. Anonymous and Transparent Gateway-Based Password-Authenticated Key Exchange, Proc. International Conference on Cryptology and Network Security, CANS'08, pp. 133-148, 2008. • J. Yang, and Z. Zhang. A New Anonymous Password-Based Authenticated Key Exchange Protocol, Proc. Indocrypt 2008, pp. 200-212, 2008.

  10. Yang-Zhang Scheme Project Summary - why should it be done?

  11. Undetectable Online Guessing Attack Project Summary - why should it be done? No Authentication of user by the server

  12. Project Summary - why should it be done? • Introduction • Related Work • Limits of Anonymous Password Authentication • Conclusion

  13. Limit 1: Server Computation O(n) Project Summary - why should it be done?

  14. Limit 2: Online Guessing Attack Project Summary - why should it be done? • The Server Does not Know the Victim User • Asking Users to Frequently Update Their Passwords Cannot Solve the Problem

  15. Limit 3: Passive Server

  16. Introduction • Related Work • Limits of Anonymous Password Authentication • Conclusion

  17. Anonymous password authentication should be a user tool • But anonymous password authentication has inherent weaknesses

  18. Q & A Project Summary - why should it be done? THANK YOU!

More Related