International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

A Privacy-Flexible Password Authentication Scheme for Multi-Server Environment

Authors:
Yalin Chen
Jue-Sam Chou
Chun-Hui Huang
Download:
URL: http://eprint.iacr.org/2010/393
Search ePrint
Search Google
Abstract: Since Kerberos suffers from KDC (Key Distribution Center) compromise and impersonation attack, a multi-server password authentication protocol which highlights no verification table in the server end could therefore be an alternative. Typically, there are three roles in a multi-server password authentication protocol: clients, servers, and a register center which plays the role like KDC in Kerberos. In this paper, we exploit the theoretical basis for implementing a multi-server password authentication system under two constraints: no verification table and user privacy protection. We found that if a system succeeds in privacy protection, it should be implemented either by using a public key cryptosystem or by a register center having a table to record the information shared with corresponding users. Based on this finding, we propose a privacy-flexible system to let a user can employ a random-looking dynamic identity or employ a pseudonym with the register center online or offline to login a server respectively according to his privacy requirement. Compared with other related work, our scheme is not only efficient but also the most conformable to the requirements that previous work suggest.
BibTeX
@misc{eprint-2010-23294,
  title={A Privacy-Flexible Password Authentication Scheme for Multi-Server Environment},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols / password authentication, impersonation attack, user privacy protection, Kerberos, password guessing attack, smart card lost attack},
  url={http://eprint.iacr.org/2010/393},
  note={ jschou@mail.nhu.edu.tw 14802 received 11 Jul 2010},
  author={Yalin Chen and Jue-Sam Chou and Chun-Hui Huang},
  year=2010
}