Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

12-2009

Abstract

Anonymous password authentication reinforces password authentication with the protection of user privacy. Considering the increasing concern of individual privacy nowadays, anonymous password authentication represents a promising privacy-preserving authentication primitive. However, anonymous password authentication in the standard setting has several inherent weaknesses, making its practicality questionable. In this paper, we propose a new and efficient approach for anonymous password authentication. Our approach assumes a different setting where users do not register their passwords to the server; rather, they use passwords to protect their authentication credentials. We present a concrete scheme, and get over a number of challenges in securing password-protected credentials against off-line guessing attacks. Our experimental results confirm that conventional anonymous password authentication does not scale well, while our new scheme demonstrates very good performance.

Keywords

Anonymous password authentication, Guessing attack, Unlinkability, Scalability

Discipline

Information Security

Publication

Proceedings of 25th Annual Computer Security Applications Conference, Honolulu, HI, 2009 December 7-11

Identifier

10.1109/ACSAC.2009.26

City or Country

Honolulu, HI

Additional URL

https://doi.org/10.1109/ACSAC.2009.26

Share

COinS