Communications Security (ComSec) Lab
200 University Ave. West
Waterloo, ON, Canada
N2L 3G1
Contact Guang Gong, Director, Communications Security Lab
Current projects
Introduction
As the easiest and cheapest way of authenticating an end user, password-based authentication methods have been consistently employed by organizations and businesses as the default mechanism of restricting and monitoring access. The increased adoption of cloud applications and third-party services within an enterprise generally requires employees to keep track of a number of user names and passwords on a daily basis. The fact that employees need to remember multiple login credentials has incurred significant costs for an enterprise due to the increasing number of help desk calls for pass- word reset. Moreover, the current practice of using multiple user names and passwords in enterprises is also exposing the business to more opportunities for security breaches, as demonstrated by recent password leaks in big brands such as Apple, Adobe, and LinkedIn.
Blockchains, a decentralized peer-to-peer (P2P) ledger system, can provide trusted consen- sus, computation, and immutable data between untrusted entities. The goal of blockchain privacy is to protect sender privacy, receiver privacy, and/or provide confidential transac- tions. Since Bitcoin, there are a number of research articles for blockchain privacy. Notable approaches are to use ring signatures [RST01] to achieve sender privacy and stealth addresses for receiver privacy (e.g., the Monero cryptocurrency).