A New Approach for Anonymous Password Authentication

Author

Yang, Yanjiang ; Zhou, Jianying ; Weng, Jian ; Bao, Feng

Author_Institution

Inst. for Infocomm Res., Singapore, Singapore

fYear

2009

fDate

7-11 Dec. 2009

Firstpage

199

Lastpage

208

Abstract

Anonymous password authentication reinforces password authentication with the protection of user privacy. Considering the increasing concern of individual privacy nowadays, anonymous password authentication represents a promising privacy-preserving authentication primitive. However, anonymous password authentication in the standard setting has several inherent weaknesses, making its practicality questionable. In this paper, we propose a new and efficient approach for anonymous password authentication. Our approach assumes a different setting where users do not register their passwords to the server; rather, they use passwords to protect their authentication credentials. We present a concrete scheme, and get over a number of challenges in securing password-protected credentials against off-line guessing attacks. Our experimental results confirm that conventional anonymous password authentication does not scale well, while our new scheme demonstrates very good performance.

Keywords

data privacy; message authentication; anonymous password authentication; authentication credentials; offline guessing attacks; password protected credentials; privacy preserving authentication primitive; user privacy; Application software; Authentication; Computer security; Concrete; Conference management; File servers; Privacy; Protection; Protocols; Scalability; anonymous password authentication; guessing attack; scalability; unlinkability;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 2009. ACSAC '09. Annual

Conference_Location

Honolulu, HI

ISSN

1063-9527

Print_ISBN

978-0-7695-3919-5

Type

conf

DOI

10.1109/ACSAC.2009.26

Filename

5380508