Kazue Sako,Jun Furukawa,Isamu Teranishi

DOI: https://doi.org/10.1587/TRANSFUN.E92.A.147

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:We propose an authentication scheme in which users can be authenticated anonymously so long as times that they are authenticated is within an allowable number. The proposed scheme has two features that allow 1) no one, not even an authority, identify users who have been authenticated within the allowable number, and that allow 2) anyone to trace, without help from the authority, dishonest users who have been authenticated beyond the allowable number by using the records of these authentications. Although identity escrow/group signature schemes allow users to be anonymously authenticated, the authorities in these schemes have the unnecessary ability to trace any user. Moreover, since it is only the authority who is able to trace users, one needs to make cumbersome inquiries to the authority to see how many times a user has been authenticated. Our scheme can be applied to e-voting, e-cash, electronic coupons, and trial browsing of content. In these applications, our scheme, unlike the previous one, conceals users' participation from protocols and guarantees that they will remain anonymous to everyone.

Computer Science

Lan Nguyen,Rei Safavi-Naini

DOI: https://doi.org/10.1007/11496137_22

2005-01-01

Abstract:Abstractk-times anonymous authentication (k-TAA) schemes allow members of a group to be anonymously authenticated by application providers for a bounded number of times. k-TAA has application in e-voting, e-cash, electronic coupons and anonymous trial browsing of content. In this paper, we extend k-TAA model to dynamick-TAA in which application providers can independently grant or revoke users from their own groups and so have the required control on their clients. We give a formal model for dynamic k-TAA, propose a dynamic k-times anonymous authentication scheme from bilinear pairing, and prove its security. We also construct an ordinary k-TAA from the dynamic scheme and show communication efficiency of the schemes compared to the previously proposed schemes.

Lan Nguyen

DOI: https://doi.org/10.1007/11958239_6

2006-01-01

Abstract:In k-times anonymous authentication (k-TAA) schemes, members of a group can be anonymously authenticated to access applications for a bounded number of times determined by application providers. Dynamick-TAA allows application providers to independently grant or revoke group members from accessing their applications. Dynamic k-TAA can be applied in several scenarios, such as k-show anonymous credentials, digital rights management, anonymous trial of Internet services, e-voting, e-coupons etc. This paper proposes the first provably secure dynamic k-TAA scheme, where authentication costs do not depend on k. This efficiency is achieved by using a technique called “efficient provable e-tag”, which could be applicable to other e-tag systems.

Isamu Teranishi,Kazue Sako

DOI: https://doi.org/10.1007/11745853_34

2006-01-01

Abstract:A k-Times Anonymous Authentication (k-TAA) scheme allows users to be authenticated anonymously so long as the number of times that they are authenticated is within an allowable number. Some promising applications are e-voting, e-cash, e-coupons, and trial browsing of contents. However, the previous schemes are not efficient in the case where the allowable number k is large, since they require both users and verifiers to compute O(k) exponentiation in each authentication. We propose a k-TAA scheme where the numbers of exponentiations required for the entities in an authentication are independent of k. Moreover, we propose a notion of public detectability in a k-TAA scheme and present an efficient publicly verifiable k-TAA scheme, where the number of modular exponentiations required for the entities is O(log(k)).

彭志宇,李善平,杨朝晖,林欣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2010.05.011

2010-01-01

Abstract:An anonymous authorization mechanism was proposed to protect the user's privacy in the process of authorization in trust management. User requested for services using their real identification in most of the classic trust-management language system, which potentially leaded to the privacy leaking. Through dynamically searching for the delegation roles which take over the request, the anonymous authorization mechanism retained the right behavior of credential chain discovery and achieved a quantitative way of anonymity against the resource provider. Results showed that the anonymous mechanism shared the same worst-case time complexity with the traditional forward credential-chain-searching method. A method of caching all the members in the nodes was proposed to improve the performance in time spending. Simulation results showed that the performance in time spending greatly improved in the relative stable systems, in which the credentials change slowly.

Yang Liu,Debiao He,Qi Feng,Min Luo,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tifs.2023.3274435

IF: 7.231

2023-05-26

IEEE Transactions on Information Forensics and Security

Abstract:The anonymous credential has broad-ranging applications, for example for the pay-as-you-go strategy in the electronic subscription. However, the 'plain vanilla' pay-as-you-go strategy may not be suitable for non-regular users since the latter group is likely to require a tighter identity supervision mechanism. We also note that a key building block in the construction of an anonymous credential system is identity supervision. Since identity supervision is more than revocation, the approach to regulating user behavior needs to be both reasonable and practical. In a situation where the user is allowed to control their own identities, the latter approach could be more flexible compared to the revocation. There are existing works about the limitation on the k-times or epochs. However, due to the weaknesses of these single restrictions, the combination of the customized k-times and epochs is necessary and remains to be done. In this paper, we present a permissioned redactable credentials scheme, which allows fine-grained supervision, user control, and user redaction. In our approach, we choose times and epochs as the regulation dimensions, which limits users invoke the credential show method for customized times in each epoch determined by the certificate authority. The users could also redact their credentials to realize selective disclosure. We then evaluate the proposed scheme's performance and present a comparative summary to demonstrate potential utility.

computer science, theory & methods,engineering, electrical & electronic

M. Au,Y. Mu,W. Susilo,Sherman S. M. Chow

DOI: https://doi.org/10.1109/JSYST.2012.2221931

IF: 4.802

2013-06-01

IEEE Systems Journal

Abstract:Dynamic <formula formulatype="inline"><tex Notation="TeX">$k$</tex></formula>-times anonymous authentication (<formula formulatype="inline"><tex Notation="TeX">$k$</tex></formula>-TAA) schemes allow members of a group to be authenticated anonymously by application providers for a bounded number of times, where application providers can independently and dynamically grant or revoke access right to members in their own group. In this paper, we construct a dynamic <formula formulatype="inline"><tex Notation="TeX">$k$</tex></formula>-TAA scheme with space and time complexities of <formula formulatype="inline"><tex Notation="TeX">$O(\log (k))$</tex></formula> and a variant, in which the authentication protocol only requires constant time and space complexities at the cost of <formula formulatype="inline"><tex Notation="TeX">$O(k)$</tex> </formula>-sized public key. We also describe some tradeoff issues between different system characteristics. We detail all the zero-knowledge proof-of-knowledge protocols involved and show that our construction is secure in the random oracle model under the <formula formulatype="inline"><tex Notation="TeX">$q$</tex></formula>-strong Diffie–Hellman assumption and <formula formulatype="inline"><tex Notation="TeX">$q$</tex></formula>-decisional Diffie–Hellman inversion assumption. We provide a proof-of-concept implementation, experiment on its performance, and show that our scheme is practical.

Mathematics,Computer Science

Yangguang Tian,Yingjiu Li,Binanda Sengupta,Robert Huijie Deng,Albert Ching,Weiwei Liu

DOI: https://doi.org/10.1007/978-3-030-14234-6_36

2019-01-01

Abstract:Remote user authentication has found numerous real-world applications, especially in a user-server model. In this work, we introduce the notion of anonymous remote user authentication withk-times untraceability (k-RUA) for a given parameter k, where authorized users authenticate themselves to an authority (typically a server) in an anonymous and k-times untraceable manner. We define the formal security models for a generic k-RUA construction that guarantees user authenticity, anonymity and user privacy. We provide a concrete instantiation of k-RUA having the following properties: (1) a third party cannot impersonate an authorized user by producing valid transcripts for the user while conversing during a session; (2) a third party having access to the communication channel between the user and the authority cannot identify the session participants; (3) the authority can trace the real identities of dishonest users who have authenticated themselves for more than k times; (4) our k-RUA construction avoids using expensive pairing operations—which makes it efficient and suitable for devices having limited amount of computational resources.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

XIE Qi,CHEN De-ren,YU Xiu-yuan

IF: 2.034

2010-01-01

Systems Engineering

Abstract:In 2009, Park, et al. proposed an efficient remote user authentication protocol. They claimed that their protocol was the first password and smart card based remote user authentication scheme which can resist the off-line password guessing attack, and had many advantages over existing solutions such as no password tables and timestamp, low communication and computational costs. However, this paper shows that their protocol cannot resist the forgery attack and off-line password guessing attack. To overcome the security weaknesses, two improved schemes based on either nonce or timestamp without affecting the merits of the Park, et al. scheme are proposed. Technical discussions are provided to show that the improved protocol is secure, efficient and practical.

Deng Yu-qiao

Abstract:In order to protect the users' privacy,based on the theory and construction of k-TAA presented by Teranisi,presented a fair k-TAA scheme used the blind signature.The scheme added trustee that could easily trace the ID of illegal users and kept the other properties remain at the same time.The appearance of trustee confirms the security of the scheme.The paper also gave all the properties' discussion at last.

Computer Science

Man Ho Au,Willy Susilo,Yi Mu

DOI: https://doi.org/10.1007/11832072_8

2006-01-01

Abstract:Abstractk-times anonymous authentication (k-TAA) schemes allow members of a group to be authenticated anonymously by application providers for a bounded number of times. Dynamic k-TAA allows application providers to independently grant or revoke users from their own access group so as to provide better control over their clients. In terms of time and space complexity, existing dynamic k-TAA schemes are of complexities O(k), where k is the allowed number of authentication. In this paper, we construct a dynamic k-TAA scheme with space and time complexities of O(log(k)). We also outline how to construct dynamic k-TAA scheme with a constant proving effort. Public key size of this variant, however, is O(k).We then construct an ordinary k-TAA scheme from the dynamic scheme. We also describe a trade-off between efficiency and setup freeness of AP, in which AP does not need to hold any secret while maintaining control over their clients.To build our system, we modify the short group signature scheme into a signature scheme and provide efficient protocols that allow one to prove in zero-knowledge the knowledge of a signature and to obtain a signature on a committed block of messages. We prove that the signature scheme is secure in the standard model under the q-SDH assumption.Finally, we show that our dynamic k-TAA scheme, constructed from bilinear pairing, is secure in the random oracle model.

ZHU Chang-sheng,LIU Peng-hui,WANG Qing-rong,CAO Lai-cheng

DOI: https://doi.org/10.3724/sp.j.1087.2011.01862

2011-01-01

Journal of Computer Applications

Abstract:How to keep mutual anonymity between two entities is one of the critical issues for Trusted Computation(TC).According to the characteristics of TC,an efficient password-based authenticated key exchange scheme was proposed.Adopting threshold cryptography and fuzzy ID set,the scheme achieved mutual anonymity between user and server sharing ID set.On the premise of secure hashing,the analysis and the proving procedure based on the Random Oracle Model(ROM) show this scheme is secure against dictionary attack and resource-depletion DoS(Denial-of-Service) attack under the computational Diffie-Hellman intractability assumption.This scheme effectively preserves the user's privacy and server's privacy,and compared with other schemes such as VIET et al.'s scheme,it is more efficient.

Yang Yang,Wenyi Xue,Jianfei Sun,Guomin Yang,Yingjiu Li,Hwee Hwa Pang,Robert H. Deng

DOI: https://doi.org/10.1109/tifs.2024.3409070

IF: 7.231

2024-06-14

IEEE Transactions on Information Forensics and Security

Abstract:Space Information Network (SIN) enables universal Internet connectivity for any object, even in remote and extreme environments where deploying a cellular network is difficult. Access authentication is crucial for ensuring user access control in SIN and preventing unauthorized entities from gaining access to network services. However, due to the complex communication environment in SIN, including exposed links and higher signal delay, designing a secure and efficient authentication scheme presents a significant challenge. In this paper, we propose a secure communication protocol for SIN with periodic k-time anonymous authentication (named PkT-SIN) that allows satellite users to anonymously authenticate to ground stations at most k times in each single time period. An efficient handover mechanism is designed to ensure seamless communication for satellite users to communicate with different satellites and ground stations, taking into account the dynamic topology of SIN. As a core component of PkT-SIN, we propose a novel primitive, periodic k-time keyed-verification anonymous credential (PkT-KVAC), that enables users to derive k tokens from a credential for anonymous and unlinkable authentication. On the other hand, a verifier can always recognize a reused token from a dishonest user. PkT-KVAC is of independent contribution to anonymous authentication in pay-per-use business scenarios. Formal security proofs confirm that PkT-SIN and PkT-KVAC have desired security features. The supremacy of their computing features is demonstrated through comprehensive comparison and rigorous performance analysis.

computer science, theory & methods,engineering, electrical & electronic

T. Yuen,M. Au,Xinyi Huang,Jianying Zhou,Joseph K. Liu,W. Susilo

DOI: https://doi.org/10.1109/TC.2014.2366741

2015-09-01

Abstract:In this paper, we propose a new notion called $k$ -times attribute-based anonymous access control , which is particularly designed for supporting cloud computing environment. In this new notion, a user can authenticate himself/herself to the cloud computing server anonymously. The server only knows the user acquires some required attributes, yet it does not know the identity of this user. In addition, we provide a $k$ -times limit for anonymous access control. That is, the server may limit a particular set of users (i.e., those users with the same set of attribute) to access the system for a maximum $k$ -times within a period or an event. Further additional access will be denied. We also prove the security of our instantiation. Our implementation result shows that our scheme is practical.

Computer Science

Ye Yang

DOI: https://doi.org/10.5539/cis.v15n2p68

2022-03-17

Computer and Information Science

Abstract:Attribute-based anonymous credential schemes allow users to obtain credentials from the issuer and prove the possession of their attributes interactively and anonymously with service providers. So far, most existing schemes only consider single-issuer, where some of them are extended to be traceable or revocable. In the reality, anonymous credential schemes under multi-issuer are more practical, since users could query for credentials from different issuers and use some of them simultaneously, which is more efficient than showing them individually. Although there are also multi-issuer schemes where users obtain credentials from different issuers and show an aggregated credential to service providers, however, these schemes lack practical properties, for example, revocation of invalid users. In this paper, we propose a multi-issuer attribute-based anonymous credential with traceability and revocation, which provides traceability of invalid users, and revocation of the specific users. Users receive credentials from multiple issuers and show an aggregated credential of selective disclosures of attributes. We provide the security model of our scheme of anonymity and unforgeability. Finally, we discuss the computational complexity, which shows the practicality and efficiency of our scheme.

Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/nswctc.2009.287

2009-01-01

Abstract:Password authentication is one of the simplest and the most convenient authentication mechanisms over insecure networks. One-time password authentication which uses dynamic password helps to enhance the security of password. In this paper, we suggest a new one-time password scheme using the smart card based on the bilinear pairings. By generating temporary identity, our scheme can provide anonymity in authentication process to protect the user's privacy. Based on the Computational Diffie-Hellman Problem, we show that the proposed scheme is secure against forgery attack and ID attack under the random oracle model.

Ding Wang,Debiao He,Ping Wang,Chao-Hsien Chu

DOI: https://doi.org/10.1109/tdsc.2014.2355850

2015-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an “ideal” scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.

W. Susilo,Apu Kapadia,M. Au

Abstract:Anonymous authentication can give users the license to misbehave since there is no fear of retribution. As a deterrent, or means to revocation, various schemes for accountable anonymity feature some kind of (possibly distributed) trusted third party (TTP) with the power to identify or link misbehaving users. Recently, schemes such as BLAC and PEREA showed how anonymous revocation can be achieved without such TTPs—anonymous users can be revoked if they misbehave, and yet nobody can identify or link such users cryptographically. Despite being the state of the art in anonymous revocation, these schemes allow only a basic form of revocation amounting to ‘revoke anybody with d or more misbehaviors’ or ‘revoke anybody whose combined misbehavior score is too high’ (where misbehaviors are assigned a ‘severity’ score). We present BLACR, which significantly advances anonymous revocation in three ways: 1) It constitutes a first attempt to generalize reputation-based anonymous revocation, where negative or positive scores can be assigned to anonymous sessions across multiple categories. Servers can block users based on policies, which specify a boolean combination of reputations in these categories; 2) We present a weighted extension, which allows the total severity score to ramp up for multiple misbehaviors by the same user; and, 3) We make a significant improvement in authentication times through a technique we call express lane authentication, which makes reputation-based anonymous revocation practical.

Computer Science

Dong Ma,Xixiang Lyu,Renpeng Zou

DOI: https://doi.org/10.48550/arXiv.2106.07158

2021-06-14

Abstract:Anonymous access authentication schemes provide users with massive application services while protecting the privacy of users' identities. The identity protection schemes in 3G and 4G are not suitable for 5G anonymous access authentication due to complex computation and pseudonym asynchrony. In this paper, we consider mobile devices with limited resources in the 5G network and propose an anonymous access authentication scheme without the Public Key Infrastructure. The anonymous access authentication scheme provides users with variable shard pseudonyms to protect users' identities asynchronously. With the variable shared pseudonym, our scheme can ensure user anonymity and resist the mark attack, a novel attack aimed at the basic k-pseudonym scheme. Finally, we analyze the scheme with BAN logic analysis and verify the user anonymity.

Cryptography and Security,Social and Information Networks