CryptoDB
A Privacy-Flexible Password Authentication Scheme for Multi-Server Environment
Authors: | |
---|---|
Download: | |
Abstract: | Since Kerberos suffers from KDC (Key Distribution Center) compromise and impersonation attack, a multi-server password authentication protocol which highlights no verification table in the server end could therefore be an alternative. Typically, there are three roles in a multi-server password authentication protocol: clients, servers, and a register center which plays the role like KDC in Kerberos. In this paper, we exploit the theoretical basis for implementing a multi-server password authentication system under two constraints: no verification table and user privacy protection. We found that if a system succeeds in privacy protection, it should be implemented either by using a public key cryptosystem or by a register center having a table to record the information shared with corresponding users. Based on this finding, we propose a privacy-flexible system to let a user can employ a random-looking dynamic identity or employ a pseudonym with the register center online or offline to login a server respectively according to his privacy requirement. Compared with other related work, our scheme is not only efficient but also the most conformable to the requirements that previous work suggest. |
BibTeX
@misc{eprint-2010-23294, title={A Privacy-Flexible Password Authentication Scheme for Multi-Server Environment}, booktitle={IACR Eprint archive}, keywords={cryptographic protocols / password authentication, impersonation attack, user privacy protection, Kerberos, password guessing attack, smart card lost attack}, url={http://eprint.iacr.org/2010/393}, note={ jschou@mail.nhu.edu.tw 14802 received 11 Jul 2010}, author={Yalin Chen and Jue-Sam Chou and Chun-Hui Huang}, year=2010 }