research-article

Extending web applications with a lightweight zero knowledge proof authentication

Authors:

Sławomir Grzonkowski,

Wojciech Zaremba,

Maciej Zaremba,

Bill McDanielAuthors Info & Claims

CSTST '08: Proceedings of the 5th international conference on Soft computing as transdisciplinary science and technology

Pages 65 - 70

https://doi.org/10.1145/1456223.1456241

Published: 28 October 2008 Publication History

Abstract

User authentication is a crucial requirement for secure transactions and access to the sensitive resources on the Web. We propose, implement and evaluate a Zero-Knowledge Proof Authentication (ZKP) algorithm based on isomorphic graphs. The proposed mechanism allows for authentication with varying confidence and security levels.

We suggest that most of the computations should be carried out by the user's web browser without revealing password or login at any point in time; instead generated random isomorphic graphs and permutation functions based on the user login/password can be exchanged.

Our experimental evaluation shows that by combining the asynchronous web with ZKP protocols, it is feasible to satisfy existing usability standards on the web.

References

[1]

What is a sign-in seal? http://security.yahoo.com/article.html?aid=2006102507 last viewed on 10 april 2008.

[2]

L. Babai, P. Erdos, and S. M. Selkow. Random graph isomorphism. SIAM Journal on Computing, 9(3):628--635, 1980.

Digital Library

[3]

M. Baudet. Deciding security of protocols against off-line guessing attacks. In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security, pages 16--25, New York, NY, USA, 2005. ACM.

Digital Library

[4]

S. M. Bellovin and M. Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. pages 72--84.

Digital Library

[5]

A. Bouch, A. Kuchinsky, and N. Bhatti. Quality is in the eye of the beholder: meeting users' requirements for internet quality of service. In CHI '00: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 297--304, New York, NY, USA, 2000. ACM Press.

Digital Library

[6]

D. G. Corneil and C. C. Gotlieb. An efficient algorithm for graph isomorphism. J. ACM, 17(1):51--64, 1970.

Digital Library

[7]

R. Czerwinski. A polynomial time algorithm for graph isomorphism. CoRR, abs/0711.2010, 2007.

[8]

D. Florencio and C. Herley. A large-scale study of web password habits. In WWW '07: Proceedings of the 16th international conference on World Wide Web, pages 657--666, New York, NY, USA, 2007. ACM Press.

Digital Library

[9]

S. Garfinkel. Fingerprinting your files. mit technology review. Technical report, August 2004.

[10]

S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. In STOC '85: Proceedings of the seventeenth annual ACM symposium on Theory of computing, pages 291--304, New York, NY, USA, 1985. ACM Press.

Digital Library

[11]

L. Gong, M. A. Lomas, R. M. Needham, and J. H. Saltzer. Protecting poorly chosen secrets from guessing attacks. IEEE Journal on Selected Areas in Communications, 11(5):648--656, 1993.

Digital Library

[12]

D. P. Jablon. Strong password-only authenticated key exchange. SIGCOMM Comput. Commun. Rev., 26(5):5--26, 1996.

Digital Library

[13]

N. Koblitz. Elliptic curve cryptosystems. 48(177):203--209, Jan. 1987.

[14]

A. J. Menezes, S. A. Vanstone, and P. C. V. Oorschot. Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL, USA, 1996.

Digital Library

[15]

R. B. Miller. Response time in man-computer conversational transactions. In Proc. AFIPS Fall Joint Computer Conference Vol. 33, pages 267--277, San Francisco, Calif, 1968.

Digital Library

[16]

V. S. Miller. Use of elliptic curves in cryptography. In Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85, pages 417--426, New York, NY, USA, 1986. Springer-Verlag New York, Inc.

Digital Library

[17]

A. Narayanan and V. Shmatikov. Fast dictionary attacks on passwords using time-space tradeoff. In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security, pages 364--372, New York, NY, USA, 2005. ACM.

Digital Library

[18]

B. Pinkas and T. Sander. Securing passwords against dictionary attacks. In CCS '02: Proceedings of the 9th ACM conference on Computer and communications security, pages 161--170, New York, NY, USA, 2002. ACM.

Digital Library

[19]

U. Schöning. Graph isomorphism is in the low hierarchy. In STACS '87: Proceedings of the 4th Annual Symposium on Theoretical Aspects of Computer Science, pages 114--124, London, UK, 1987. Springer-Verlag.

Digital Library

[20]

T. Wu. The secure remote password protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97--111.

[21]

H. Xia and J. C. Brustoloni. Hardening web browsers against man-in-the-middle and eavesdropping attacks. In WWW '05: Proceedings of the 14th international conference on World Wide Web, pages 489--498, New York, NY, USA, 2005. ACM Press.

Digital Library

Cited By

Shlaka SWahab H(2024)Authentication System Based on Zero-Knowledge Proof Employing the Rabin Cryptosystem and a Secret Sharing SchemaNew Trends in Information and Communications Technology Applications10.1007/978-3-031-62814-6_27(378-394)Online publication date: 26-Jun-2024
https://doi.org/10.1007/978-3-031-62814-6_27
T.A.V.Y RH.N.H HH.K.D.W.M.C.B. HK.L.K.T PSenarathne ARuggahakotuwa L(2023)Ensuring Electronic Health Record (EHR) Privacy using Zero Knowledge Proofs (ZKP) and Secure Encryption Schemes on Blockchain2023 5th International Conference on Advancements in Computing (ICAC)10.1109/ICAC60630.2023.10417417(792-797)Online publication date: 7-Dec-2023
https://doi.org/10.1109/ICAC60630.2023.10417417
Mimo EMcDaniel TRuvunangiza J(2022)COVIDFREE App: The User-Enabling Contact Prevention Application: A ReviewAdvances in Science, Technology and Engineering Systems Journal10.25046/aj0702157:2(149-155)Online publication date: Apr-2022
https://doi.org/10.25046/aj070215
Show More Cited By

Index Terms

Extending web applications with a lightweight zero knowledge proof authentication

Recommendations

A Leakage-Resilient Zero Knowledge Proof for Lattice Problem
Cyberspace Safety and Security
Abstract
Leakage-resilient cryptographic protocols have recently been evolving intensively, studying the question of designing protocol that maintain security even in the presence of side-channel attacks. Under leakage assumption(the verifier uses side-...
Yaksha: augmenting Kerberos with public key cryptography
SNDSS '95: Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)

The Kerberos authentication system is based on the trusted third-party Needham-Schroeder (1978) authentication protocol. The system is one of the few industry standards for authentication systems and its use is becoming fairly widespread. The system has ...
Practical Anonymous Password Authentication and TLS with Anonymous Client Authentication
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Anonymous authentication allows one to authenticate herself without revealing her identity, and becomes an important technique for constructing privacy-preserving Internet connections. Anonymous password authentication is highly desirable as it enables ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CSTST '08: Proceedings of the 5th international conference on Soft computing as transdisciplinary science and technology

October 2008

733 pages

ISBN:9781605580463

DOI:10.1145/1456223

Conference Chair:
Lotfi A. Zadeh
University of California
,
General Chairs:
Youakim Badr
INSA-Lyon, France
,
Ajith Abraham
Norwegian University of Science and Technology, Norway
,
Yukio Ohsawa
Tokyo Institute of Technology, Japan
,
Program Chairs:
Richard Chbeir
University of Bourgogne, France
,
Fernando Ferri
IRPPS-CNR, Italy
,
Mario Koeppen
Kyushu Institute of Technology, Japan
,
Dominique Laurent
University of Cergy-Pontoise, France

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

The French Chapter of ACM Special Interest Group on Applied Computing
Ministère des Affaires Etrangères et Européennes
Région Ile de France
Communauté d'Agglomération de Cergy-Pontoise
Institute of Electrical and Electronics Engineers Systems, Man and Cybernetics Society
The European Society For Fuzzy And technology
Institute of Electrical and Electronics Engineers France Section
Laboratoire des Equipes Traitement des Images et du Signal
AFIHM: Ass. Francophone d'Interaction Homme-Machine
The International Fuzzy System Association
Laboratoire Innovation Développement
University of Cergy-Pontoise
The World Federation of Soft Computing
Agence de Développement Economique de Cergy-Pontoise
The European Neural Network Society
Comité d'Expansion Economique du Val d'Oise

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
435
Total Downloads

Downloads (Last 12 months)54
Downloads (Last 6 weeks)3

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shlaka SWahab H(2024)Authentication System Based on Zero-Knowledge Proof Employing the Rabin Cryptosystem and a Secret Sharing SchemaNew Trends in Information and Communications Technology Applications10.1007/978-3-031-62814-6_27(378-394)Online publication date: 26-Jun-2024
https://doi.org/10.1007/978-3-031-62814-6_27
T.A.V.Y RH.N.H HH.K.D.W.M.C.B. HK.L.K.T PSenarathne ARuggahakotuwa L(2023)Ensuring Electronic Health Record (EHR) Privacy using Zero Knowledge Proofs (ZKP) and Secure Encryption Schemes on Blockchain2023 5th International Conference on Advancements in Computing (ICAC)10.1109/ICAC60630.2023.10417417(792-797)Online publication date: 7-Dec-2023
https://doi.org/10.1109/ICAC60630.2023.10417417
Mimo EMcDaniel TRuvunangiza J(2022)COVIDFREE App: The User-Enabling Contact Prevention Application: A ReviewAdvances in Science, Technology and Engineering Systems Journal10.25046/aj0702157:2(149-155)Online publication date: Apr-2022
https://doi.org/10.25046/aj070215
Martín-Fernández FCaballero-Gil PCaballero-Gil C(2016)Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of ThingsSensors10.3390/s1601007516:1(75)Online publication date: 7-Jan-2016
https://doi.org/10.3390/s16010075
Martín-Fernández FCaballero-Gil PCaballero-Gil C(2015)Non-Interactive Authentication and Confidential Information Exchange for Mobile EnvironmentsInternational Joint Conference10.1007/978-3-319-19713-5_23(261-271)Online publication date: 27-May-2015
https://doi.org/10.1007/978-3-319-19713-5_23
Gajra NKhan SRane P(2014)Private cloud security: Secured user authentication by using enhanced hybrid algorithm2014 International Conference on Advances in Communication and Computing Technologies (ICACACT 2014)10.1109/EIC.2015.7230712(1-6)Online publication date: Jun-2014
https://doi.org/10.1109/EIC.2015.7230712
Yassin AJin HIbrahim AQiang WZou D(2012)A Practical Privacy-preserving Password Authentication Scheme for Cloud ComputingProceedings of the 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum10.1109/IPDPSW.2012.148(1210-1217)Online publication date: 21-May-2012
https://dl.acm.org/doi/10.1109/IPDPSW.2012.148
Grzonkowski SCorcoran P(2011)Sharing cloud services: user authentication for social enhancement of home networkingIEEE Transactions on Consumer Electronics10.1109/TCE.2011.601890357:3(1424-1432)Online publication date: Aug-2011
https://doi.org/10.1109/TCE.2011.6018903
Thiruvaazhi UDivya R(2011)Web Authentication Protocol Using Zero Knowledge ProofInformation Security Journal: A Global Perspective10.1080/19393555.2011.56092520:2(112-121)Online publication date: 1-Jan-2011
https://dl.acm.org/doi/10.1080/19393555.2011.560925
Grzonkowski S(2010)SeDiCiProceedings of the 14th international conference on Financial Cryptography and Data Security10.1007/978-3-642-14577-3_40(426-426)Online publication date: 25-Jan-2010
https://dl.acm.org/doi/10.1007/978-3-642-14577-3_40
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents