Extending web applications with a lightweight zero knowledge proof authentication

Authors:
Sławomir Grzonkowski;Wojciech Zaremba;Maciej Zaremba;Bill McDaniel
Affiliations:
IDA Business Park, Galway, Ireland;IDA Business Park, Galway, Ireland;IDA Business Park, Galway, Ireland;IDA Business Park, Galway, Ireland
Venue:
CSTST '08 Proceedings of the 5th international conference on Soft computing as transdisciplinary science and technology
Year:
2008

Citing 13
Cited 1

The knowledge complexity of interactive proof-systems

STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Use of elliptic curves in cryptography

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Graph isomorphism is in the low hierarchy

4th Annual Symposium on Theoretical Aspects of Computer Sciences on STACS 87
Strong password-only authenticated key exchange

ACM SIGCOMM Computer Communication Review
An Efficient Algorithm for Graph Isomorphism

Journal of the ACM (JACM)
Quality is in the eye of the beholder: meeting users' requirements for Internet quality of service

Proceedings of the SIGCHI conference on Human Factors in Computing Systems
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Securing passwords against dictionary attacks

Proceedings of the 9th ACM conference on Computer and communications security
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Hardening Web browsers against man-in-the-middle and eavesdropping attacks

WWW '05 Proceedings of the 14th international conference on World Wide Web
Deciding security of protocols against off-line guessing attacks

Proceedings of the 12th ACM conference on Computer and communications security
Fast dictionary attacks on passwords using time-space tradeoff

Proceedings of the 12th ACM conference on Computer and communications security
A large-scale study of web password habits

Proceedings of the 16th international conference on World Wide Web

SeDiCi: an authentication service taking advantage of zero-knowledge proofs

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

User authentication is a crucial requirement for secure transactions and access to the sensitive resources on the Web. We propose, implement and evaluate a Zero-Knowledge Proof Authentication (ZKP) algorithm based on isomorphic graphs. The proposed mechanism allows for authentication with varying confidence and security levels. We suggest that most of the computations should be carried out by the user's web browser without revealing password or login at any point in time; instead generated random isomorphic graphs and permutation functions based on the user login/password can be exchanged. Our experimental evaluation shows that by combining the asynchronous web with ZKP protocols, it is feasible to satisfy existing usability standards on the web.