Presentation is loading. Please wait.

Presentation is loading. Please wait.

A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan.

Published byAlexandre Armiger Modified over 9 years ago

Similar presentations

Presentation on theme: "A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan."— Presentation transcript:

1 A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan University, China

2 RFID Security Seminar 2008 2 Agenda Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

3 RFID Security Seminar 2008 3 Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

4 RFID Security Seminar 2008 4 PA: Pros & Cons Password Authentication (PA) –Most widely used entity authentication technique –Advantages: portability –Disadvantages: guessing attack Online guessing attack Offline guessing attack

5 RFID Security Seminar 2008 5 Privacy Concern Privacy is increasingly a concern nowadays Password authentication in its original form does not protect user privacy

6 RFID Security Seminar 2008 6 Project Summary - why should it be done? PA: Standard Setting U1, PW1 U2, PW2 U3, PW3 Un, PWn Ui, PWi Password File Ui UserServer (PWi) Ui, PWi PWi

7 RFID Security Seminar 2008 7 Privacy Protection – Anonymous PA U1, PW1 U2, PW2 U3, PW3 Un, PWn Ui, PWi Unlinkability

8 RFID Security Seminar 2008 8 Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

9 RFID Security Seminar 2008 9 Major Weakness Server Computation O(N) –Linear to the total number registered users N –Server is the bottleneck of the system

10 RFID Security Seminar 2008 10 Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

11 RFID Security Seminar 2008 11 Project Summary - why should it be done? A Different Setting [Cred]PW PW Cred Important: [Cred]PW is public, requiring no further protection, portability arguably remains User Server

12 RFID Security Seminar 2008 12 Project Summary - why should it be done? Design Rationale Cred must not be publicly verifiable; otherwise, everyone can guess pw from [Cred]PW Cred is verifiable only to server

13 RFID Security Seminar 2008 13 Project Summary - why should it be done? First Try What Credentials Have Unlinkability? Blind Signature Cred = Blnd Sig [Cred] = [Blnd Sig]PW Failurs: –Blind signatures are public verifiable

14 RFID Security Seminar 2008 14 Project Summary - why should it be done? Second Try Still Using Blind Signature, but with Restricted Verifiability (Encryption to Server) Failures: –Server knows Cred from [Cred]PW, so if directly submit Cred to server, then server links credentials encrypted by the same PW

15 RFID Security Seminar 2008 15 Third Try Seems should not directly submit the credentials to server Using proof of knowledge –CL signature (by J. Camenisch, A. Lysyanskaya) –Public parameters: (a, b, c, n) –Signature: (v, k, s) s.t. v k = a m b s c (mod n): –Signature showing: NPoK[(v,k,s):v k =a m b s c]

16 RFID Security Seminar 2008 16 Third Try - continue Credential: (v,k,s) s.t. v k = a U b s c (mod n) How to Achieve Restricted Verifiability Encryption of s to Server: Enc(s); Prove to Server: NPoK[(v,k,U):v k a -U =b s c] Failurs: –Linkability through Enc(s)

17 RFID Security Seminar 2008 17 Finale We need to blind Enc(), so it should be homomorphic: HE(.) –HE(r 1 ).HE(r 2 ) = HE(r 1 +r 2 ) Partition s: s = s 1 + s 2 Encryption s 1 to Server Enc(s 1 ), and blind Enc(s 1 ) each time

18 RFID Security Seminar 2008 18 Finale - continued Final Scheme –[Cred]PW = –Authentication: partition s 2 = s 21 +s 22 bind HE(s 1 ): HE(s 1 )HE(s 21 ) = HE(s 1 +s 21 ) Submit b s22 g r, HE(s 1 +s 21 ) to server NPoK[(v,k,U,r):v k a -U =b s1+s21 b s22 g r c=b s g r c]

19 RFID Security Seminar 2008 19 Future Work User Revocation Online Guessing Attacks

20 RFID Security Seminar 2008 20 Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

21 RFID Security Seminar 2008 21 Conclusion Server Computation in Conventional Anonymous PA has to be O(N) We Proposed A New Paradigm for Anonymous PA: Using Password to Protect Authentication Credentials Our Scheme Has Constant Server Computation

22 RFID Security Seminar 2008 22 Project Summary - why should it be done? Q & A THANK YOU!

Download ppt "A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan."

Similar presentations

1 Identification Who are you? How do I know you are who you say you are?

1 Identification Who are you? How do I know you are who you say you are?
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *

Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *
Optionally Identifiable Private Handshakes Yanjiang Yang.

Optionally Identifiable Private Handshakes Yanjiang Yang.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Accumulators and U-Prove Revocation Tolga Acar, Intel Sherman S.M. Chow, The Chinese University of Hong Kong Lan Nguyen, XCG – Microsoft Research.

Accumulators and U-Prove Revocation Tolga Acar, Intel Sherman S.M. Chow, The Chinese University of Hong Kong Lan Nguyen, XCG – Microsoft Research.
Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research.

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Reputation Systems for Anonymous Networks Seung Geol Choi Columbia University joint work with Elli Androulaki, Steven M. Bellovin, Tal Malkin Columbia.

Reputation Systems for Anonymous Networks Seung Geol Choi Columbia University joint work with Elli Androulaki, Steven M. Bellovin, Tal Malkin Columbia.
Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.

Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.
SSH: An Internet Protocol By Anja Kastl IS 373 - World Wide Web Standards.

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,

1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,
CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.

Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google