Article

SeDiCi: an authentication service taking advantage of zero-knowledge proofs

Author:

Sławomir GrzonkowskiAuthors Info & Claims

FC'10: Proceedings of the 14th international conference on Financial Cryptography and Data Security

Page 426

https://doi.org/10.1007/978-3-642-14577-3_40

Published: 25 January 2010 Publication History

Publisher Site

Abstract

Transmission of users’ profiles over insecure communication means is a crucial task of today’s ecommerce applications. In addition, the users have to createmany profiles and remember many credentials. Thus they retype the same information over and over again. Each time the users type their credentials, they expose them to phishing or eavesdropping attempts.These problems could be solved by using Single Sign-on (SSO). The idea of SSO is that the users keep using the same set of credentials when visiting different websites. For web-aplications, OpenID1. is the most prominent solution that partially impelemtns SSO. However, OpenID is prone to phishing attempts and it does not preserve users’ privacy [1].

To address phishing and eavesdropping, we developed SeDiCi, a secure SSO. This technology takes advantage of Zero-Knowledge Proof (ZKP) authentication that is based on our previous work [2]. The technology also supports RESTbased API that enables taking advantage of the service by mobile phones, webapplications and other client applications. To provide interoperability with other systems, SeDiCi stores data using semantic web standards such as FOAF. Thus, the users are able to use their profiles and social networks from other services.

References

[1]

Adida, B.: Beamauth: two-factor web authentication with a bookmark. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 48-57. ACM, New York (2007)

Crossref

Google Scholar

[2]

Grzonkowski, S., Zaremba, W., Zaremba, M., McDaniel, B.: Extending web applications with a lightweight zero knowledge proof authentication. In: CSTST 2008: Proceedings of the 5th International Conference on Soft Computing as Transdisciplinary Science and Technology, pp. 65-70. ACM, New York (2008)

Crossref

Google Scholar

Recommendations

Preventing Spam Email by Delivery Limitation in RMX
IDEAS '15: Proceedings of the 19th International Database Engineering & Applications Symposium

On the rule-based email exchange system called RMX, similar to general mailing lists, anyone can send emails by sending to an address unique to RMX. However, there is a security problem that we cannot prevent spam emails and accidentally sending email ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Identity-based strong designated verifier signature schemes: Attacks and new construction

A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party ...

Comments

Information & Contributors

Information

Published In

FC'10: Proceedings of the 14th international conference on Financial Cryptography and Data Security

January 2010

429 pages

ISBN:3642145760

Editor:
Radu Sion
Computer Science Department, Stony Brook, Stony Brook University, NY

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 25 January 2010

Qualifiers

Article

Recommendations

Preventing Spam Email by Delivery Limitation in RMX

Public-Key encryption from ID-Based encryption without one-time signature

Identity-based strong designated verifier signature schemes: Attacks and new construction

Comments

Published In

Publisher

Publication History

Qualifiers

Other Metrics

Article Metrics

Other Metrics

Abstract

References

Recommendations

Preventing Spam Email by Delivery Limitation in RMX

Public-Key encryption from ID-Based encryption without one-time signature

Identity-based strong designated verifier signature schemes: Attacks and new construction

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations