A secure anonymous password-based authentication protocol with control of authentication numbers

Anonymous password-based authentication protocols are designed to provide not only password-based authentication but also client anonymity. In [10], Qian et al., proposed a simple anonymous password-based authentication (SAPAKE) protocol. In this paper, we revisit the SAPAKE protocol [10] by first showing that an outside attacker can specify which client has actually communicated with the server in the SAPAKE protocol with probability 1. Then, we propose a secure anonymous password-based authentication (for short, SAP) protocol that provides security against modification attacks on protocol-specific values, and is more efficient than SAPAKE [10]. As an additional feature, a server in the SAP protocol can control the number of anonymous client authentication.

[1]  SeongHan Shin,et al.  Very-Efficient Anonymous Password-Authenticated Key Exchange and Its Extensions , 2009, AAECC.

[2]  Yuan Zhou,et al.  Anonymous password-based key exchange with low resources consumption and better user-friendliness , 2012, Secur. Commun. Networks.

[3]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[4]  Jian Weng,et al.  A New Approach for Anonymous Password Authentication , 2009, 2009 Annual Computer Security Applications Conference.

[5]  Jing Yang,et al.  A New Anonymous Password-Based Authenticated Key Exchange Protocol , 2008, INDOCRYPT.

[6]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[7]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[8]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[9]  Tanaka Hidema,et al.  Anonymous Password-Based Authenticated Key Exchange , 2005 .

[10]  SeongHan Shin,et al.  Threshold Anonymous Password-Authenticated Key Exchange Secure against Insider Attacks , 2011, IEICE Trans. Inf. Syst..

[11]  Hidema Tanaka,et al.  Anonymous Password-Based Authenticated Key Exchange , 2005, INDOCRYPT.

[12]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[13]  SeongHan Shin,et al.  A Secure Threshold Anonymous Password-Authenticated Key Exchange Protocol , 2007, IWSEC.

[14]  Kobara Kazukuni,et al.  On the Security of SAPAKE , 2015 .

[15]  Yanjiang Yang,et al.  Towards practical anonymous password authentication , 2010, ACSAC '10.

[16]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.