research-article

Credential Wrapping: From Anonymous Password Authentication to Anonymous Biometric Authentication

Authors:

Youcheng Zhang,

Jianying ZhouAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 141 - 151

https://doi.org/10.1145/2897845.2897854

Published: 30 May 2016 Publication History

Abstract

The anonymous password authentication scheme proposed in ACSAC'10 under an unorthodox approach of password wrapped credentials advanced anonymous password authentication to be a practically ready primitive, and it is being standardized. In this paper, we improve on that scheme by proposing a new method of "public key suppression" for achieving server-designated credential verifiability, a core technicality in materializing the concept of password wrapped credential. Besides better performance, our new method simplifies the configuration of the authentication server, rendering the resulting scheme even more practical. Further, we extend the idea of password wrapped credential to biometric wrapped credential}, to achieve anonymous biometric authentication. As expected, biometric wrapped credentials help break the linear server-side computation barrier intrinsic in the standard setting of biometric authentication. Experimental results validate the feasibility of realizing efficient anonymous biometric authentication.

References

[1]

M. Abdalla, M. Izabachene, and D. Pointcheval.Anonymous and transparent gateway-based password-authenticated key exchange. In Proc. International Conference on Cryptology and Network Security - CANS'08, pp. 133--148, 2008.

Digital Library

[2]

M.H. Au, W. Susilo, and Y. Mu. Constant-size dynamic k-TAA. In Proc. Security and Cryptography for Networks -SCN'06, LNCS 4116, pp. 111--125, 2006.

Digital Library

[3]

X. Boyen. Reusable cryptographic fuzzy extractors. In Proc. ACM Conference on Computer and Communications Security - CCS'04, pp. 82--91, 2004.

Digital Library

[4]

X. Boyen. A tapestry of identity-based encryption:practice frameworks compared. International Journal on Applied Cryptography, Vol 1(1), pp. 3--21, 2008.

Digital Library

[5]

E. Bresson, O. Chevassut, and D. Pointcheval. Security proofs for an efficient password-based key exchange. In Proc. ACM Conference on Computer and Communication Security - CCS'03, pp.241--250, 2003.

Digital Library

[6]

X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, and A.Smith. Secure remote authentication using biometrics. In Proc.Advances in Cryptology - Eurocrypt'05, pp. 147--163, 2005.

Digital Library

[7]

M. Blanton and M.P. Hudelson. Biometric-Based Non-transferable Anonymous Credentials. In Proc. Internation Conference on information and Communications Security, ICICS'09, LNCS 5927, pp. 165--180, 2009.

Digital Library

[8]

S. Bellovin and M. Merritt. Encrypted key exchange: password-based protocols secure against dictionary attacks. In Proc. IEEE Symposium on Research in Security and Privacy - S&P'92, pp. 72--84, 1992.

Digital Library

[9]

V. Boyko, P. Mackenzie, and S. Patel. Provably secure password-authenticated key exchange using Diffie-Hellman. In Proc. Advances in Cryptology - Eurocrypt'00, LNCS 1807, pp. 156--171,2000.

Digital Library

[10]

J. Camenisch, etc. How to win the clonewars: efficient periodic n-times anonymous authentication. In Proc. ACM Conference on Computer and Communication Security - CCS'06, pp. 201--210, 2006.

Digital Library

[11]

S. Cimato, M. Gamassi, V. Piuri, R. Sassi, and F.Scotti. Privacy-aware biometrics: design and implementation of a multimodal verification system. In Proc. 24th Annual Computer Security Applications Conference - ACSAC'08, pp. 130--139, 2008.

Digital Library

[12]

Z. Erkin, M. Franz, J. Guajardo, S. Katzenbeisser, I. Lagendijk,and T. Toft. Privacy-preserving face recognition. In Proc.International Symposium on Privacy Enhancing Technologies, 2009.

Digital Library

[13]

K. Emura, A. Miyaji, and K. Omote. An Anonymous Designated Verifier Signature Scheme with Revocation: How to Protect a Company's Reputation. In Proc. 4th International Conference on Provable Security, ProvSec'10, pp. 184--198, 2010.

Digital Library

[14]

L. Gong, M. Lomas, R. Needham, and J. Saltzer. Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications, Vol. 11(5), pp.648--656, 1993.

Digital Library

[15]

V. Guruswami and M. Sudan. Improved decoding of Reed-Solomon and algebraic-geometry codes. IEEE Transactions on Information Theory, Vol. 45(6), pp. 1757--1767, 1999.

Digital Library

[16]

S. Halevi and H. Krawczyk. Public-key cryptography and password protocols. In Proc. ACM Conference on Computer and Communication Security - CCS'98, pp. 122--131, 1998.

Digital Library

[17]

D. Hoover and B. Kausik. Software smart cards via cryptographic camouflage. In Proc. IEEE Symposium on Security and Privacy, S&P'99, pp. 02-08, 1999.

[18]

Y. Huang, L. Malka, D. Evans, and J. Katz. Efficient privacy-preserving biometric identification. In Proc.Network and Distributed System Security Symposium - NDSS'11, 2011.

[19]

ISO/IEC 20009 (Working Draft): Information technology - Security techniques - Anonymous entity authentication - Part 4: Mechanisms based on weak secrets. http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=64288.

[20]

A. Juels and M. Sudan. A fuzzy vault scheme. In Proc. IEEE International Symposium on Information Theory, 2002.

[21]

S. Jeyaraman and U. Topkara. Have the cake and eat it too - infusing usability into text-password based authentication systems. In Proc. 21st Annual Computer Security Applications Conference - ACSAC'05, pp. 473--482, 2005.

Digital Library

[22]

A. Juels and M. Wattenberg. A fuzzy commitment scheme. In Proc. ACM Conference on Computer and Communications Security - CCS'99, pp. 28--36, 1999.

Digital Library

[23]

M.M. King. Robus passwords. In Proc. 7th Annual Computer Security Applications Conference - ACSAC'91, pp. 239--243, 1991.

[24]

H.Y. Lin and W.G. Tzeng. Anonymous password based authenticated key exchange with bub-linear communication. Journal of Information Science and Engineering,Vol. 25(3), pp. 907--920, 2009.

[25]

A. Miyaji, M. Nakabayashi, and S. Takano. New explicit conditions of elliptic curve traces for FR-reduction. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences,2001.

[26]

D. Maio, D. Maltoni, J.L. Wayman, and A.K. Jain. FVC2002: second fingerprint verification competition. In Proc. Internation Conference on Pattern Recognition, pp. 811--814, 2002.

Digital Library

[27]

L. Nguyen. Accumulators from bilinear pairings and applications. In Proc. CT-RSA'05, LNCS 3376, pp. 275--292, 2005.

Digital Library

[28]

K. Nandakumar, A.K. Jain, and S. Pankanti. Fingerprint-base fuzzy vault: implementation and performance. IEEE Transactions on Information Forensics and Security, Vol. 2(4),pp. 744--757, 2007.

Digital Library

[29]

M. Osadchy, B. Pinkas, A. Jarrous, and B. Moskovich. SCiFI: A system for secure face identification. In Proc. IEEE Symposium on Security and Privacy - S&P'10, pp. 239--254,2010.

Digital Library

[30]

H.F Qian, J.Q Gong, and Y. Zhou. Anonymous password-based key exchange with low resources consumption and better user-friendliness. Security and Communication Networks,Vol. 5(12), pp. 1379--1393, Wiley, 2012.

Digital Library

[31]

W.J. Scheirer and T.E. Boult. Cracking fuzzy vaults and biometric encryption. In Proc. IEEE Biometrics Symposium, pp. 1--6, 2007.

[32]

W.J. Scheirer and T.E. Boult. Bipartite biotokens: definition, implementation, and analysis. In Proc. 3rdIAPR/IEEE International Conference on Biometrics - ICB'09, pp.775--785, 2009.

Digital Library

[33]

W.J. Scheirer, W. Bishop, and T.E. Boult. BeyondPKI: the biocryptographic key infrastructure. Security and Privacy in Biometrics, pp. 45--68, Springer-Verlag, 2013.

[34]

S. Shin, K. Kobara, and H. Imai. A secure construction for threshold anonymous password-authenticated key exchange. IEICE Transactions on Fundamentals, E91-A(11):3312--3323, 2008.

Digital Library

[35]

A. Sadeghi, T. Schneider, and I.Wehrenberg. Efficient privacy-preserving face recognition. In Proc. International Conference on Information Security and Cryptology - ICISC'09, pp.229--244, 2009.

Digital Library

[36]

A. Sahai and B. Waters. Fuzzy identity-based encryption. In Proc. Advances in Cryptology - EUROCRYPT'05, LNCS3494, pp 457--473, 2005.

Digital Library

[37]

D. Q. Viet, A. Yamamura, and T. Hidema. Anonymous password-based authenticated key exchange. In Proc. Advances in Cryptology - Indocrypt'05, LNCS 3797, pp. 233--257, 2005.

Digital Library

[38]

C.I. Watson et al. User's Guide to NIST Biometric Image Software (NISB), 2007.

[39]

X. Wang, M.H. Heydari, and H. Lin. An intrusion-tolerant password authentication system. In Proc. 19thAnnual Computer Security Applications Conference - ACSAC'03, pp.110--118, 2003.

Digital Library

[40]

J. Yang and Z. Zhang. A new anonymous password-based authenticated key exchange protocol. In Proc. Advances in Cryptology - Indocrypt'08, LNCS 5365, pp. 200--212, 2008.

Digital Library

[41]

Y.J. Yang, J.Y. Zhou, J. Weng, and F. Bao. A new approach for anonymous password authentication. In Proc. 25thAnnual Computer Security Applications Conference - ACSAC'09, pp.199--208, 2009.

Digital Library

[42]

Y.J. Yang, J.Y. Zhou, J.W. Wong, and F. Bao. Towards practical anonymous password authentication. In Proc. 26th Annual Computer Security Applications Conference - ACSAC'10, pp. 59--68,2010.

Digital Library

Cited By

Zhang CFan TJiang J(2024)How to Design Honey Vault SchemesInformation and Communications Security10.1007/978-981-97-8798-2_1(3-24)Online publication date: 25-Dec-2024
https://doi.org/10.1007/978-981-97-8798-2_1
Wang QWang DCheng CHe D(2023)Quantum2FA: Efficient Quantum-Resistant Two-Factor Authentication Scheme for Mobile DevicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.312951220:1(193-208)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2021.3129512
Ye JJin MGong GShen RLu H(2022)PassTCN-PPLL: A Password Guessing Model Based on Probability Label Learning and Temporal Convolutional Neural NetworkSensors10.3390/s2217648422:17(6484)Online publication date: 29-Aug-2022
https://doi.org/10.3390/s22176484
Show More Cited By

Index Terms

Credential Wrapping: From Anonymous Password Authentication to Anonymous Biometric Authentication
1. Security and privacy

Recommendations

Concurrently-secure credential ownership proofs
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security

We address the case in credential systems where a credential owner wants to show her credential to a verifier without taking the risk that the ability to prove ownership of the same (and any other) credential is transferred to the verifier. We define ...
A New Approach for Anonymous Password Authentication
ACSAC '09: Proceedings of the 2009 Annual Computer Security Applications Conference

Anonymous password authentication reinforces password authentication with the protection of user privacy. Considering the increasing concern of individual privacy nowadays, anonymous password authentication represents a promising privacy-preserving ...
Probably Secure Efficient Anonymous Credential Scheme

This article describes how after the concept of anonymous credential systems was introduced in 1985, a number of similar systems have been proposed. However, these systems use zero-knowledge protocols to authenticate users, resulting in inefficient ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
308
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)3

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang CFan TJiang J(2024)How to Design Honey Vault SchemesInformation and Communications Security10.1007/978-981-97-8798-2_1(3-24)Online publication date: 25-Dec-2024
https://doi.org/10.1007/978-981-97-8798-2_1
Wang QWang DCheng CHe D(2023)Quantum2FA: Efficient Quantum-Resistant Two-Factor Authentication Scheme for Mobile DevicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.312951220:1(193-208)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2021.3129512
Ye JJin MGong GShen RLu H(2022)PassTCN-PPLL: A Password Guessing Model Based on Probability Label Learning and Temporal Convolutional Neural NetworkSensors10.3390/s2217648422:17(6484)Online publication date: 29-Aug-2022
https://doi.org/10.3390/s22176484
Huang DWang YChen W(2022)RLPassGAN: Password Guessing Model Based on GAN with Policy GradientSecurity and Privacy in New Computing Environments10.1007/978-3-030-96791-8_12(159-174)Online publication date: 13-Mar-2022
https://doi.org/10.1007/978-3-030-96791-8_12
Jiang QZhang NNi JMa JMa XChoo K(2020)Unified Biometric Privacy Preserving Three-Factor Authentication and Key Agreement for Cloud-Assisted Autonomous VehiclesIEEE Transactions on Vehicular Technology10.1109/TVT.2020.297125469:9(9390-9401)Online publication date: Sep-2020
https://doi.org/10.1109/TVT.2020.2971254
Soni MPatel TJain A(2019)Security Analysis on Remote User Authentication MethodsProceeding of the International Conference on Computer Networks, Big Data and IoT (ICCBI - 2018)10.1007/978-3-030-24643-3_60(506-513)Online publication date: 1-Aug-2019
https://doi.org/10.1007/978-3-030-24643-3_60
Au MLiang KLiu JLu RNing J(2018)Privacy-preserving personal data operation on mobile cloudChances and challenges over advanced persistent threatFuture Generation Computer Systems10.1016/j.future.2017.06.02179:P1(337-349)Online publication date: 1-Feb-2018
https://dl.acm.org/doi/10.1016/j.future.2017.06.021
Wu TFang WChen CWang E(2017)Efficient Anonymous Password-Authenticated Key Exchange Scheme Using Smart CardsProceedings of the Fourth Euro-China Conference on Intelligent Data Analysis and Applications10.1007/978-3-319-68527-4_9(79-87)Online publication date: 24-Sep-2017
https://doi.org/10.1007/978-3-319-68527-4_9

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents