{"title":"具有隐私保护和用户不可追溯性的高效移动用户认证服务","authors":"An Braeken, A. Touhafi","doi":"10.1109/CloudTech49835.2020.9365896","DOIUrl":null,"url":null,"abstract":"Security questions and answers for authentication are a common approach to enable the user to reset forgotten passwords. Moreover, they are also sometimes used as alternative for the classical username-password system, which fails in offering a good balance between user friendliness and security as long and complex passwords are required. However, in order to guarantee the privacy of the user as imposed by the new General Data Protection Regulation (GDPR), it should be impossible to derive the answer of the user by any other entity, including the server provider or the server managing the authentication.In this paper, we present an efficient mobile based security mechanism to realise this goal. The proposed scheme can be applied on top of any type of question-answer based authentication system. In addition, our solution also offers anonymity and untraceability of the user, such that no activity patterns can be drawn by simply eavesdropping on the communication channel to the service provider or the authentication server. We show that our proposed mechanism not only offers more security features compared to related work, but it is also significantly faster, in particular at the side of the user.","PeriodicalId":272860,"journal":{"name":"2020 5th International Conference on Cloud Computing and Artificial Intelligence: Technologies and Applications (CloudTech)","volume":"108 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Efficient Mobile User Authentication Service with Privacy Preservation and User Untraceability\",\"authors\":\"An Braeken, A. Touhafi\",\"doi\":\"10.1109/CloudTech49835.2020.9365896\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security questions and answers for authentication are a common approach to enable the user to reset forgotten passwords. Moreover, they are also sometimes used as alternative for the classical username-password system, which fails in offering a good balance between user friendliness and security as long and complex passwords are required. However, in order to guarantee the privacy of the user as imposed by the new General Data Protection Regulation (GDPR), it should be impossible to derive the answer of the user by any other entity, including the server provider or the server managing the authentication.In this paper, we present an efficient mobile based security mechanism to realise this goal. The proposed scheme can be applied on top of any type of question-answer based authentication system. In addition, our solution also offers anonymity and untraceability of the user, such that no activity patterns can be drawn by simply eavesdropping on the communication channel to the service provider or the authentication server. We show that our proposed mechanism not only offers more security features compared to related work, but it is also significantly faster, in particular at the side of the user.\",\"PeriodicalId\":272860,\"journal\":{\"name\":\"2020 5th International Conference on Cloud Computing and Artificial Intelligence: Technologies and Applications (CloudTech)\",\"volume\":\"108 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 5th International Conference on Cloud Computing and Artificial Intelligence: Technologies and Applications (CloudTech)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CloudTech49835.2020.9365896\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 5th International Conference on Cloud Computing and Artificial Intelligence: Technologies and Applications (CloudTech)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CloudTech49835.2020.9365896","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Efficient Mobile User Authentication Service with Privacy Preservation and User Untraceability
Security questions and answers for authentication are a common approach to enable the user to reset forgotten passwords. Moreover, they are also sometimes used as alternative for the classical username-password system, which fails in offering a good balance between user friendliness and security as long and complex passwords are required. However, in order to guarantee the privacy of the user as imposed by the new General Data Protection Regulation (GDPR), it should be impossible to derive the answer of the user by any other entity, including the server provider or the server managing the authentication.In this paper, we present an efficient mobile based security mechanism to realise this goal. The proposed scheme can be applied on top of any type of question-answer based authentication system. In addition, our solution also offers anonymity and untraceability of the user, such that no activity patterns can be drawn by simply eavesdropping on the communication channel to the service provider or the authentication server. We show that our proposed mechanism not only offers more security features compared to related work, but it is also significantly faster, in particular at the side of the user.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
