220 likes | 400 Views
A New Approach for Anonymous Password Authentication. Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore. Jian Weng Jinan University, China. Agenda. Introduction Limits of Conventional Anonymous Password Authentication
E N D
A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan University, China
Agenda • Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion
Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion
PA: Pros & Cons • Password Authentication (PA) • Most widely used entity authentication technique • Advantages: portability • Disadvantages: guessing attack • Online guessing attack • Offline guessing attack
Privacy Concern • Privacy is increasingly a concern nowadays • Password authentication in its original form does not protect user privacy
PWi PA: Standard Setting Project Summary - why should it be done? User Server (PWi) Password File U1, PW1 U2, PW2 U3, PW3 Ui Ui, PWi Ui, PWi Un, PWn
Privacy Protection – Anonymous PA • Unlinkability U1, PW1 U2, PW2 U3, PW3 Unlinkability Ui, PWi Un, PWn
Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion
Major Weakness • Server Computation O(N) • Linear to the total number registered users N • Server is the bottleneck of the system
Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion
A Different Setting Project Summary - why should it be done? User Server PW Cred [Cred]PW Important: [Cred]PW is public, requiring no further protection, portability arguably remains
Design Rationale Project Summary - why should it be done? • Cred must not be publicly verifiable; otherwise, everyone can guess pw from [Cred]PW • Cred is verifiable only to server
First Try Project Summary - why should it be done? • What Credentials Have Unlinkability? • Blind Signature Cred = Blnd Sig [Cred] = [Blnd Sig]PW • Failurs: • Blind signatures are public verifiable
Second Try Project Summary - why should it be done? • Still Using Blind Signature, but with Restricted Verifiability (Encryption to Server) • Failures: • Server knows Cred from [Cred]PW, so if directly submit Cred to server, then server links credentials encrypted by the same PW
Third Try • Seems should not directly submit the credentials to server • Using proof of knowledge • CL signature (by J. Camenisch, A. Lysyanskaya) • Public parameters: (a, b, c, n) • Signature: (v, k, s) s.t. vk = ambsc (mod n): • Signature showing: NPoK[(v,k,s):vk=ambsc]
Third Try - continue • Credential: (v,k,s) s.t. vk = aUbsc (mod n) • How to Achieve Restricted Verifiability • Encryption of s to Server: Enc(s); • Prove to Server: NPoK[(v,k,U):vka-U=bsc] • Failurs: • Linkability through Enc(s)
Finale • We need to blind Enc(), so it should be homomorphic: HE(.) • HE(r1).HE(r2) = HE(r1+r2) • Partition s: s = s1 + s2 • Encryption s1 to Server Enc(s1), and blind Enc(s1) each time
Finale - continued • Final Scheme • [Cred]PW = <[v, s2]PW, HE(s1), k> • Authentication: • partition s2 =s21+s22 • bind HE(s1): HE(s1)HE(s21) = HE(s1+s21) • Submit bs22gr, HE(s1+s21) to server • NPoK[(v,k,U,r):vka-U=bs1+s21bs22grc=bsgrc]
Future Work • User Revocation • Online Guessing Attacks
Introduction • Limits of Conventional Anonymous Password Authentication • Our Proposed Approach • Conclusion
Conclusion • Server Computation in Conventional Anonymous PA has to be O(N) • We Proposed A New Paradigm for Anonymous PA: Using Password to Protect Authentication Credentials • Our Scheme Has Constant Server Computation
Q & A Project Summary - why should it be done? THANK YOU!