Computer Security Applications Conference, Annual (2009)
Dec. 7, 2009 to Dec. 11, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2009.26
Anonymous password authentication reinforces password authentication with the protection of user privacy. Considering the increasing concern of individual privacy nowadays, anonymous password authentication represents a promising privacy-preserving authentication primitive. However, anonymous password authentication in the standard setting has several inherent weaknesses, making its practicality questionable. In this paper, we propose a new and efficient approach for anonymous password authentication. Our approach assumes a different setting where users do not register their passwords to the server; rather, they use passwords to protect their authentication credentials. We present a concrete scheme, and get over a number of challenges in securing password-protected credentials against off-line guessing attacks. Our experimental results confirm that conventional anonymous password authentication does not scale well, while our new scheme demonstrates very good performance.
anonymous password authentication, guessing attack, unlinkability, scalability
Y. Yang, J. Zhou, F. Bao and J. Weng, "A New Approach for Anonymous Password Authentication," Computer Security Applications Conference, Annual(ACSAC), Honolulu, Hawaii, 2009, pp. 199-208.