Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
12-2009
Abstract
Anonymous password authentication reinforces password authentication with the protection of user privacy. Considering the increasing concern of individual privacy nowadays, anonymous password authentication represents a promising privacy-preserving authentication primitive. However, anonymous password authentication in the standard setting has several inherent weaknesses, making its practicality questionable. In this paper, we propose a new and efficient approach for anonymous password authentication. Our approach assumes a different setting where users do not register their passwords to the server; rather, they use passwords to protect their authentication credentials. We present a concrete scheme, and get over a number of challenges in securing password-protected credentials against off-line guessing attacks. Our experimental results confirm that conventional anonymous password authentication does not scale well, while our new scheme demonstrates very good performance.
Keywords
Anonymous password authentication, Guessing attack, Unlinkability, Scalability
Discipline
Information Security
Publication
Proceedings of 25th Annual Computer Security Applications Conference, Honolulu, HI, 2009 December 7-11
Identifier
10.1109/ACSAC.2009.26
City or Country
Honolulu, HI
Citation
YANG, Yanjiang; ZHOU, Jianying; Weng, Jian; and BAO, Feng.
A new approach for anonymous password authentication. (2009). Proceedings of 25th Annual Computer Security Applications Conference, Honolulu, HI, 2009 December 7-11.
Available at: https://ink.library.smu.edu.sg/sis_research/4202
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/ACSAC.2009.26