Research On Weak Password Monitoring And Publishing Technology Of Privacy Protection

With the rapid development of Internet technology,we have entered the 5G era.Various communication devices are constantly connected to the Internet,bringing conve-nience and progress to our lives through information interconnection.However,with a variety of security vulnerabilities have emerged,which posing a threat to our privacy and security,the authentication of devices has become increasingly important.Password-based authentication is still one of the most widely used in local applica-tions and online services due to its simplicity,efficiency and ease of deployment.How-ever,passwords are vulnerable to password guessing attacks,especially weak passwords,and users' choice of weak passwords can pose a threat to their privacy and security.To avoid users from using weak passwords,we need to identify weak passwords effectively.The main contributions of this thesis are as follows.(1)To address the problem of excessive overhead of existing schemes,this thesis pro-poses a novel and efficient weak password identification and publication scheme based on Intel SGX with a view to establishing an early prevention mechanism for weak passwords.By establishing a secure container,the statistics server can realize the privacy statistics col-lection of all user passwords in the system,and blacklist and publish the overly popular passwords based on the frequency of usage.Using this as a filter,users will perform weak password identification on their own passwords to replace their old passwords.In order to avoid the problem of user password privacy leakage caused by adversaries observing the release of blacklist updates for a long time,we use a blockchain-based differential privacy protection to achieve secure publication of weak password blacklists.We evaluate the performance of the scheme and show that it is efficient and it outperforms existing similar schemes in terms of computational overhead and memory consumption.(2)To address the shortcomings of the MPC inner product computation protocol based on Yao's garbled circuit in terms of security and overhead,this thesis proposes a scheme of MPC to compute inner product computation based on Yao's garbled circuit under OT hybrid model for effective identification and publication of weak passwords.The traditional inner product computation protocol based on Yao's garbled circuit does not implement OT protocols and does not establish an authenticated and secure commu-nication channel between users and statistics server.We provide a secure channel for our protocol by building a PKI-based GUC framework in which a KEM+MAC-based authen-ticator is combined.Then,based on this secure channel we complete the establishment of OT correlation through two efficient non-interactive oblivious transfer protocols,which provide our subsequent MPC inner product computation protocol based on Yao's garbled circuit.The GUC security guarantee for our protocol is provided by these sub-protocols connected in the GUC framework through public key reuse of the statistics server.In addi-tion,the superiority of our protocol in terms of communication overhead and computation overhead is demonstrated through experimental evaluation.