Presentation is loading. Please wait.

Presentation is loading. Please wait.

A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan.

Similar presentations


Presentation on theme: "A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan."— Presentation transcript:

1 A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan University, China

2 RFID Security Seminar Agenda Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

3 RFID Security Seminar Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

4 RFID Security Seminar PA: Pros & Cons Password Authentication (PA) –Most widely used entity authentication technique –Advantages: portability –Disadvantages: guessing attack Online guessing attack Offline guessing attack

5 RFID Security Seminar Privacy Concern Privacy is increasingly a concern nowadays Password authentication in its original form does not protect user privacy

6 RFID Security Seminar Project Summary - why should it be done? PA: Standard Setting U1, PW1 U2, PW2 U3, PW3 Un, PWn Ui, PWi Password File Ui UserServer (PWi) Ui, PWi PWi

7 RFID Security Seminar Privacy Protection – Anonymous PA U1, PW1 U2, PW2 U3, PW3 Un, PWn Ui, PWi Unlinkability

8 RFID Security Seminar Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

9 RFID Security Seminar Major Weakness Server Computation O(N) –Linear to the total number registered users N –Server is the bottleneck of the system

10 RFID Security Seminar Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

11 RFID Security Seminar Project Summary - why should it be done? A Different Setting [Cred]PW PW Cred Important: [Cred]PW is public, requiring no further protection, portability arguably remains User Server

12 RFID Security Seminar Project Summary - why should it be done? Design Rationale Cred must not be publicly verifiable; otherwise, everyone can guess pw from [Cred]PW Cred is verifiable only to server

13 RFID Security Seminar Project Summary - why should it be done? First Try What Credentials Have Unlinkability? Blind Signature Cred = Blnd Sig [Cred] = [Blnd Sig]PW Failurs: –Blind signatures are public verifiable

14 RFID Security Seminar Project Summary - why should it be done? Second Try Still Using Blind Signature, but with Restricted Verifiability (Encryption to Server) Failures: –Server knows Cred from [Cred]PW, so if directly submit Cred to server, then server links credentials encrypted by the same PW

15 RFID Security Seminar Third Try Seems should not directly submit the credentials to server Using proof of knowledge –CL signature (by J. Camenisch, A. Lysyanskaya) –Public parameters: (a, b, c, n) –Signature: (v, k, s) s.t. v k = a m b s c (mod n): –Signature showing: NPoK[(v,k,s):v k =a m b s c]

16 RFID Security Seminar Third Try - continue Credential: (v,k,s) s.t. v k = a U b s c (mod n) How to Achieve Restricted Verifiability Encryption of s to Server: Enc(s); Prove to Server: NPoK[(v,k,U):v k a -U =b s c] Failurs: –Linkability through Enc(s)

17 RFID Security Seminar Finale We need to blind Enc(), so it should be homomorphic: HE(.) –HE(r 1 ).HE(r 2 ) = HE(r 1 +r 2 ) Partition s: s = s 1 + s 2 Encryption s 1 to Server Enc(s 1 ), and blind Enc(s 1 ) each time

18 RFID Security Seminar Finale - continued Final Scheme –[Cred]PW = –Authentication: partition s 2 = s 21 +s 22 bind HE(s 1 ): HE(s 1 )HE(s 21 ) = HE(s 1 +s 21 ) Submit b s22 g r, HE(s 1 +s 21 ) to server NPoK[(v,k,U,r):v k a -U =b s1+s21 b s22 g r c=b s g r c]

19 RFID Security Seminar Future Work User Revocation Online Guessing Attacks

20 RFID Security Seminar Introduction Limits of Conventional Anonymous Password Authentication Our Proposed Approach Conclusion

21 RFID Security Seminar Conclusion Server Computation in Conventional Anonymous PA has to be O(N) We Proposed A New Paradigm for Anonymous PA: Using Password to Protect Authentication Credentials Our Scheme Has Constant Server Computation

22 RFID Security Seminar Project Summary - why should it be done? Q & A THANK YOU!


Download ppt "A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan."

Similar presentations


Ads by Google