On Security of Privacy-Preserving Remote User Authentication with K-Times Untraceability

被引：0

作者：

Zhang, Qijia ^{[1
]}

Zhang, Jianhong ^{[1
,2
]}

Liu, Linhan ^{[1
]}

Wang, Jing ^{[3
]}

Liu, Pei ^{[3
]}

机构：

[1] School of Information Sciences and Technology, North China University of Technology, Beijing,100144, China

[2] GuiZhou University, Guizhou Provincial Key Laboratory of Public Big Data, Guizhou Guiyang,550025, China

[3] Beijing Jingdong Century Information Technology Company, Beijing,100100, China

来源：

International Journal of Network Security | 2021年 / 23卷 / 03期

关键词：

Privacy-preserving techniques;

D O I：

10.6633/IJNS.20210523(3).09

中图分类号：

学科分类号：

摘要：

As an important access control technique, k-times anonymous authentication (k-TAA) plays a vital role in ecoupon and e-bill. It allows a user to anonymously authenticate himself to a remote server a bounded number of times. However, most of the existing k-TAA schemes require heavy computation, which brings a challenge to resource-limited devices. In 2018, Tian et al. proposed a privacy-preserving remote user authentication with k-times untraceability. Unlike the traditional k-TAA schemes, Tian et al.'s is more suitable for mobile devices due to avoiding expensive pairing operations. And they claim that their scheme provides user authenticity and k-times untraceability. Unfortunately, in this paper, we find that their scheme is insecure by analyzing it. Their scheme can neither prevent a malicious user from passing the authentication nor trace the identity of a dishonest user authenticating for more than k times. Finally, the corresponding attacks are given. © 2021. All Rights Reserved

引用

页码：449 / 454

共 50 条

[31] Efficient privacy-preserving implicit authentication
Blanco-Justicia, Alberto
Domingo-Ferrer, Josep
[J]. COMPUTER COMMUNICATIONS, 2018, 125 : 13 - 23
[32] A Secure Privacy-Preserving Remote User Authentication Scheme Using Smart Cards for Multi-server Environment
Tan, Zuowen
[J]. INFORMATION-AN INTERNATIONAL INTERDISCIPLINARY JOURNAL, 2012, 15 (04): : 1547 - 1558
[33] PRIVACY-PRESERVING AUTHENTICATION USING FINGERPRINT
Feng, Quan
Su, Fei
Cai, Anni
[J]. INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2012, 8 (11): : 8001 - 8018
[34] Cryptanalysis of a Privacy-Preserving and Provable User Authentication Scheme for Wireless Sensor Networks based on Internet of Things Security
Moon, Jongho
Lee, Youngsook
Yang, Hyungkyu
Song, Taeui
Won, Dongho
[J]. 2018 32ND INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING (ICOIN), 2018, : 432 - 437
[35] Privacy-preserving authentication using fingerprint
[J]. Feng, Q. (fquan@sina.com), 1600, ICIC International (08):
[36] Privacy-preserving authentication of trees and graphs
Ashish Kundu
Elisa Bertino
[J]. International Journal of Information Security, 2013, 12 : 467 - 494
[37] Robust Privacy-Preserving Fingerprint Authentication
Zhang, Ye
Koushanfar, Farinaz
[J]. PROCEEDINGS OF THE 2016 IEEE INTERNATIONAL SYMPOSIUM ON HARDWARE ORIENTED SECURITY AND TRUST (HOST), 2016, : 1 - 6
[38] Practical Privacy-Preserving Authentication for SSH
Roy, Lawrence
Lyakhov, Stanislav
Jang, Yeongjin
Rosulek, Mike
[J]. PROCEEDINGS OF THE 31ST USENIX SECURITY SYMPOSIUM, 2022, : 3345 - 3362
[39] Privacy-preserving authentication of trees and graphs
Kundu, Ashish
Bertino, Elisa
[J]. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2013, 12 (06) : 467 - 494
[40] A privacy-preserving multifactor authentication system
Acar, Abbas
Liu, Wenyi
Beyah, Raheem
Akkaya, Kemal
Uluagac, Arif Selcuk
[J]. SECURITY AND PRIVACY, 2019, 2 (05):

← 1 2 3 4 5 →