Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

An Efficient Privacy-Preserving Scheme for Weak Password Collection in Internet of Things

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14527))

Included in the following conference series:

  • 444 Accesses

Abstract

Password-based authentication is widely applied in Internet of Things (IoT) to resist unauthorized access. However, choices of weak passwords, especially popular ones, might violate the privacy of users and lead to large-scale network attacks in IoT. To address the issue, we propose EAGER, an efficient privacy-preserving scheme for weak password collection in IoT. EAGER is mainly constructed on lightweight tools including secret sharing and symmetric encryption, which allows a service provider to identify popular passwords without disclosing unpopular ones in an efficient manner. Furthermore, passwords are hardened via multiple key servers during the collection to thwart offline dictionary guessing attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Agrawal, S., Miao, P., Mohassel, P., Mukherjee, P.: PASTA: Password-based threshold authentication. In: Proceedings of ACM CCS, pp. 2042–2059 (2018)

    Google Scholar 

  2. Davidson, A., Snyder, P., Quirk, E., Genereux, J., Livshits, B., Haddadi, H.: STAR: secret sharing for private threshold aggregation reporting. In: Proceedings of ACM CCS, pp. 697–710 (2022)

    Google Scholar 

  3. Jiang, C., Xu, C., Zhang, Y.: PFLM: privacy-preserving federated learning with membership proof. Inf. Sci. 576, 288–311 (2021)

    Article  MathSciNet  Google Scholar 

  4. Jiang, C., Xu, C., Zhang, Z., Chen, K.: SR-PEKS: subversion-resistant public key encryption with keyword search. IEEE Trans. on Cloud Comput. 11(3), 3168–3183 (2023)

    Article  Google Scholar 

  5. Lee, K., Sjöberg, S., Narayanan, A.: Password policies of most top websites fail to follow best practices. In: Proceedings of SOUPS, pp. 561–580 (2022)

    Google Scholar 

  6. Li, S., Xu, C., Zhang, Y., Zhou, J.: A secure two-factor authentication scheme from password-protected hardware tokens. IEEE Trans. Inf. Forensics Secur. 17, 3525–3538 (2022)

    Article  Google Scholar 

  7. Naor, M., Pinkas, B., Ronen, E.: How to (not) share a password: privacy preserving protocols for finding heavy hitters with adversarial behavior. In: Proceedings of ACM CCS, pp. 1369–1386 (2019)

    Google Scholar 

  8. Tan, J., Bauer, L., Christin, N., Cranor, L.F.: Practical recommendations for stronger, more usable passwords combining minimum-strength, minimum-length, and blocklist requirements. In: Proceedings of ACM CCS. pp, 1407–1426 (2020)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China under Grant 62272091 and Grant 61872060, and in part by the National Key R &D Program of China under Grant 2017YFB0802000.

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, 611731, China

    Changsong Jiang & Chunxiang Xu

  2. Yangtze Delta Region Institute (Huzhou), University of Electronic Science and Technology of China, Huzhou, 313001, China

    Changsong Jiang & Chunxiang Xu

  3. Department of Mathematics, Hangzhou Normal University, Hangzhou, 310027, China

    Kefei Chen

Authors
  1. Changsong Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chunxiang Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kefei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chunxiang Xu .

Editor information

Editors and Affiliations

  1. Shandong University, Jinan, China

    Chunpeng Ge

  2. Columbia University, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jiang, C., Xu, C., Chen, K. (2024). An Efficient Privacy-Preserving Scheme for Weak Password Collection in Internet of Things. In: Ge, C., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2023. Lecture Notes in Computer Science, vol 14527. Springer, Singapore. https://doi.org/10.1007/978-981-97-0945-8_23

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-0945-8_23

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-0944-1

  • Online ISBN: 978-981-97-0945-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation