How to Preserve User Anonymity in Password-Based Anonymous Authentication Scheme

How to Preserve User Anonymity in Password-Based Anonymous Authentication Scheme

A purpose of password-based anonymous authentication schemes is to provide not only password-based authentication but also user anonymity. In [19], Yang et al., proposed a password-based anonymous authentication scheme (we call it YZWB10 scheme) using the password-protected credentials. In this pape...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Information and Systems 2018/03/01, Vol.E101.D(3), pp.803-807
Hauptverfasser: SHIN, SeongHan, KOBARA, Kazukuni
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Authentication
Cybersecurity
password
Passwords
user anonymity
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A purpose of password-based anonymous authentication schemes is to provide not only password-based authentication but also user anonymity. In [19], Yang et al., proposed a password-based anonymous authentication scheme (we call it YZWB10 scheme) using the password-protected credentials. In this paper, we discuss user anonymity of the YZWB10 scheme [19] against a third-party attacker, who is much weaker than a malicious server. First, we show that a third-party attacker in the YZWB10 scheme can specify which user actually sent the login request to the server. This attack also indicates that the attacker can link different login requests to be sent later by the same user. Second, we give an effective countermeasure to this attack which does not require any security for storing users' password-protected credentials.
ISSN:0916-8532
1745-1361
DOI:10.1587/transinf.2017EDL8183