Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites

Satish M. Srinivasan; Indranil Sengupta; Pratap K. J. Mohapatra

Call for Paper

June Edition

IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

Process Optimization Time for a Service in 4G Network by SNMP Monitoring and IaaS Cloud Computing

August

2013

An Implementation and Comparative Analysis of PID Controller and their Auto Tuning Method for Three Tank Liquid Level Control

May

2011

Towards Standardization of Deregulated Electricity Market Communications in Nigeria

November

2015

An Analysis of Wide-Area Networks

Oct

2016

Reseach Article

Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites

by Satish M. Srinivasan, Indranil Sengupta, Pratap K. J. Mohapatra

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 180 - Number 13

Year of Publication: 2018

Authors: Satish M. Srinivasan, Indranil Sengupta, Pratap K. J. Mohapatra

10.5120/ijca2018916260

Satish M. Srinivasan, Indranil Sengupta, Pratap K. J. Mohapatra . Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites. International Journal of Computer Applications. 180, 13 ( Jan 2018), 31-35. DOI=10.5120/ijca2018916260

@article{ 10.5120/ijca2018916260,

author = { Satish M. Srinivasan, Indranil Sengupta, Pratap K. J. Mohapatra },

title = { Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites },

journal = { International Journal of Computer Applications },

issue_date = { Jan 2018 },

volume = { 180 },

number = { 13 },

month = { Jan },

year = { 2018 },

issn = { 0975-8887 },

pages = { 31-35 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume180/number13/28923-2018916260/ },

doi = { 10.5120/ijca2018916260 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-07T01:00:35.562155+05:30

%A Satish M. Srinivasan

%A Indranil Sengupta

%A Pratap K. J. Mohapatra

%T Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites

%J International Journal of Computer Applications

%@ 0975-8887

%V 180

%N 13

%P 31-35

%D 2018

%I Foundation of Computer Science (FCS), NY, USA

Abstract

This paper presents the implementation of an interactive Zero Knowledge Password authentication scheme for commercial Web sites. In this scheme, a legitimate prover (client) can exchange a secret code (password) with a remote skeptic (server), in order to reveal his/her identification. Based on the validity of the secret code the skeptic then allows the prover to login to the site and access the web services. This paper introduces a protocol that integrates the concepts of Discrete Logarithm Problem (DLP) and Zero-Knowledge Proofs (ZKP). The protocol consists of three entities, namely, the prover, the skeptic, and the facilitator who interact with one another to generate the secret code. When tested, the time to carry out various operations related to this protocol was reasonably small (under 4 seconds). Our scheme is resistant to man-in-the-middle attack and discourages replaying previously intercepted secret codes. We also propose two modifications to our basic scheme to make it resistant against the attack on Integrity and Denial of Service attack (DOS).

References

W. Stallings, Cryptography and Network Security - Principles and Practice, Second ed., Pearson Education Asia, Prentice Hall, NJ, 1995.
D. Gritzalis, S. Katsikas, Towards a formal system-to-system authentication protocol, Computer Communication, 19 (1996) 954-961.
B. Schneier, Applied Cryptography, Second ed., John Wiley & Sons, Inc., New York, 1996.
D.A. Menasce, A.F. Almeida, Scaling for E-Business, First ed., Prentice Hall, NJ, 1998.
N. Koblitz, A Course in Number Theory and Cryptography, Second ed., Springer–Verlag, New York, 1994.
A. Menezes, P.V. Oorschot, S. Vanstone, Handbook of Applied Cryptography, Fifth ed., CRC Press, 2001.
K. Taekyoung, Authentication and key agreement via memorable password, Computer Communication, 11 (1989) 753-771.
W.H. Yang, S.P. Shieh, Password authentication scheme with smart cards, Computer and Security, 18 (1999) 727-733.
R. Molva, G. Tsudik, Increased randomness in modern password scheme, Computer Communication, 31 (1998) 753-762.
K. Tan, H. Zhu, Remote password authentication scheme based on cross-product, Computer Communication, 22 (1999) 390-393.
T.C. Wu, Remote login authentication scheme based on a geometric approach, Computer Communication, 18 (1995) 959-963.
D. Chaum, J.-H. Evertse, J. van de Graff, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, Advances in Cryptology – Eurocrypt ’87 Proceedings, Springer-Verlag, New York, (1988) 127-141.
D. Chaum, J.-H. Evertse, J. van de Graff, Demonstrating possession of discrete logarithm without revealing it, Advances in Cryptology- Eurocrypt ’86 Proceedings, Springer-Verlag, New York, (1987) 200-212.

Index Terms

Computer Science

Information Sciences

Keywords

Discrete Logarithm Problem (DLP) Zero-Knowledge Proofs (ZKP) Dynamic on-Demand Password (DDP) Authentication commercial web sites and Denial of Service (DOS) attack