Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Authentication System Based on Zero-Knowledge Proof Employing the Rabin Cryptosystem and a Secret Sharing Schema

  • Conference paper
  • First Online:
New Trends in Information and Communications Technology Applications (NTICT 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 2096))

  • 32 Accesses

Abstract

Passwords play a significant role in the authentication process for web applications. These applications are widely employed to deliver a diverse range of crucial services, making their security a top priority. Due to their regular usage and essential nature, passwords are very vulnerable to theft or unauthorized access through the process of guesswork. This paper presents a groundbreaking authentication system aimed at tackling the security issues commonly linked to traditional password-based authentication in web applications. The system leverages a combination of zero-knowledge proof (ZKP), the Rabin cryptosystem, and a secret sharing schema to bolster security and safeguard user privacy. During the registration phase, user passwords are fragmented into shares, distributed across multiple databases, and subsequently reassembled during authentication as an additional layer of security. ZKP facilitates password verification without the need to transmit sensitive information, while the Rabin cryptosystem adds an additional layer of complexity to key generation. The proposed approach offers heightened security and mitigates the risk of data breaches. NIST testing has confirmed the randomness of the generated keys, while time testing has demonstrated their efficient performance. The results underscore the system's effectiveness in delivering secure and efficient web application authentication while ensuring the protection of user data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ziemer, S.: An architecture for Web applications. Essay in DIF 8914 Distributed Information Systems (2002)

    Google Scholar 

  2. Althobaiti, M.M., Mayhew, P.: Security and usability of authenticating process of online banking: user experience study. In: 2014 International Carnahan Conference on Security Technology (ICCST), pp. 1–6. IEEE (2014)

    Google Scholar 

  3. Datta, N.: Zero knowledge password authentication protocol. In: Patnaik, S., Tripathy, P., Naik, S. (eds.) New Paradigms in Internet Computing. Advances in Intelligent Systems and Computing, vol. 203, pp. 71–79. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35461-8_7

  4. Hussien, F.T.A., Rahma, A.M.S., bdul Wahab, H.BA.: Structureal deasign of secure E-commerce websites employing multi-agent system. J. Al-Qadisiyah for Comput. Sci. Math. 14(3), 88 (2022)

    Google Scholar 

  5. ‏ Ruoti, S., Andersen, J., Seamons, K.: Strengthening password-based authentication. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, Colorado (2016)‏

    Google Scholar 

  6. Mohammed, S.J., Mehdi, S.A.: Web application authentication using ZKP and novel 6D chaotic system. Ind. J. Electr. Eng. Comput. Sci. 20(3), 1522–1529 (2020)

    Google Scholar 

  7. Yang, D., Yang, B.: A new password authentication scheme using fuzzy extractor with smart card. In: 2009 International Conference on Computational Intelligence and Security, vol. 2, pp. 278–282. IEEE (2009)

    Google Scholar 

  8. Kalayeh, M.R.G., Nik, M.H., Kordestani, H.: Using template-based passwords for authentication in e-banking. In: 7th International Conference on e-Commerce in Developing Countries: with focus on e-Security, pp. 1–9. IEEE, Kish Island, Iran (2013)

    Google Scholar 

  9. Idrus, S.Z.S., Cherrier, E., Rosenberger, C., Schwartzmann, J.J.: A review on authentication methods. Aust. J. Basic Appl. Sci. 7(5), 95–107 (2013)

    Google Scholar 

  10. Alaa, A.H., Hashem, S.H.: A proposed firewall security method against different types of attacks. IRAQI J. Comput. Commun. Control Syst. Eng. 5(1) (2005).

    Google Scholar 

  11. Tariq, A.: SMSCC: smarter and more secure credit card using neural networks in zero knowledge protocol. Al-Rafidain University College For Sciences, pp. 227-243 (2014). ISSN 16816870

    Google Scholar 

  12. Zaw, T.M., Thant, M., Bezzateev, S.V.: User authentication in SSL handshake protocol with zero-knowledge proof. In: 2018 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF), pp. 1–8. IEEE (2018)

    Google Scholar 

  13. Srivastava, A.K., Mathur, A.: The Rabin cryptosystem & analysis in measure of Chinese Reminder Theorem. Int. J. Sci. Res. Publ. 3(6), 1–4 (2013)

    Google Scholar 

  14. GeeksforGeeks Homepage. https://www.geeksforgeeks.org/rabin-cryptosystem-with-implementation/. Accessed 5 Oct 2023

  15. Tso, R., Liu, Z.Y., Hsiao, J.H.: Distributed E-voting and E-bidding systems based on smart contract. Electronics 8(4), 422 (2019)

    Article  Google Scholar 

  16. Geng, C., Wang, J.: A multi-secret sharing scheme with combiner identification authentication. In: 2020 International Conference on Computer Communication and Network Security (CCNS), pp. 92–98. IEEE (2020)

    Google Scholar 

  17. Jun, B.L.J.: Implementing Zero-Knowledge Authentication with Zero Knowledge (ZKA wzk). Python Papers Monograph, 2 (2010)

    Google Scholar 

  18. Mainanwal, V., Gupta, M., Upadhayay, S.K.: Zero knowledge protocol with RSA cryptography algorithm for authentication in web browser login system (Z-RSA). In: 2015 Fifth International Conference on Communication Systems and Network Technologies, pp. 776–780. IEEE (2015)

    Google Scholar 

  19. Grzonkowski, S., Zaremba, W., Zaremba, M., & McDaniel, B.: Extending web applications with a lightweight zero knowledge proof authentication. In: Proceedings of the 5th International Conference on Soft Computing as Transdisciplinary Science and Technology, pp. 65–70, Cergy-Pontoise, France (2008)

    Google Scholar 

  20. Bhattacharjya, A.: A holistic study on the use of blockchain technology in CPS and IoT architectures maintaining the CIA triad in data communication. Int. J. Appl. Math. Comput. Sci. 32(3) (2022)‏

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Technology, Baghdad, Iraq

    Sajjad Mohammed Shlaka & Hala Bahjat Abdul Wahab

Authors
  1. Sajjad Mohammed Shlaka
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hala Bahjat Abdul Wahab
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sajjad Mohammed Shlaka .

Editor information

Editors and Affiliations

  1. University of Information Technology and Communications, Baghdad, Iraq

    Abbas M. Al-Bakry

  2. University of Information Technology and Communications, Baghdad, Iraq

    Mouayad A. Sahib

  3. University of Babylon, Babylon, Iraq

    Safaa O. Al-Mamory

  4. University of Information Technology and Communications, Baghdad, Iraq

    Jaafar A. Aldhaibani

  5. University of Information Technology and Communications, Baghdad, Iraq

    Ali N. Al-Shuwaili

  6. University of Information Technology and Communications, Baghdad, Iraq

    Haitham S. Hasan

  7. University of Information Technology and Communications, Baghdad, Iraq

    Rula A. Hamid

  8. University of Babylon, Babylon, Iraq

    Ali K. Idrees

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shlaka, S.M., Wahab, H.B.A. (2024). Authentication System Based on Zero-Knowledge Proof Employing the Rabin Cryptosystem and a Secret Sharing Schema. In: Al-Bakry, A.M., et al. New Trends in Information and Communications Technology Applications. NTICT 2023. Communications in Computer and Information Science, vol 2096. Springer, Cham. https://doi.org/10.1007/978-3-031-62814-6_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-62814-6_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-62813-9

  • Online ISBN: 978-3-031-62814-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation