We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 November 2024
Reseach Article

Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites

by Satish M. Srinivasan, Indranil Sengupta, Pratap K. J. Mohapatra
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 180 - Number 13
Year of Publication: 2018
Authors: Satish M. Srinivasan, Indranil Sengupta, Pratap K. J. Mohapatra
10.5120/ijca2018916260

Satish M. Srinivasan, Indranil Sengupta, Pratap K. J. Mohapatra . Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites. International Journal of Computer Applications. 180, 13 ( Jan 2018), 31-35. DOI=10.5120/ijca2018916260

@article{ 10.5120/ijca2018916260,
author = { Satish M. Srinivasan, Indranil Sengupta, Pratap K. J. Mohapatra },
title = { Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites },
journal = { International Journal of Computer Applications },
issue_date = { Jan 2018 },
volume = { 180 },
number = { 13 },
month = { Jan },
year = { 2018 },
issn = { 0975-8887 },
pages = { 31-35 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume180/number13/28923-2018916260/ },
doi = { 10.5120/ijca2018916260 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:00:35.562155+05:30
%A Satish M. Srinivasan
%A Indranil Sengupta
%A Pratap K. J. Mohapatra
%T Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites
%J International Journal of Computer Applications
%@ 0975-8887
%V 180
%N 13
%P 31-35
%D 2018
%I Foundation of Computer Science (FCS), NY, USA
Abstract

This paper presents the implementation of an interactive Zero Knowledge Password authentication scheme for commercial Web sites. In this scheme, a legitimate prover (client) can exchange a secret code (password) with a remote skeptic (server), in order to reveal his/her identification. Based on the validity of the secret code the skeptic then allows the prover to login to the site and access the web services. This paper introduces a protocol that integrates the concepts of Discrete Logarithm Problem (DLP) and Zero-Knowledge Proofs (ZKP). The protocol consists of three entities, namely, the prover, the skeptic, and the facilitator who interact with one another to generate the secret code. When tested, the time to carry out various operations related to this protocol was reasonably small (under 4 seconds). Our scheme is resistant to man-in-the-middle attack and discourages replaying previously intercepted secret codes. We also propose two modifications to our basic scheme to make it resistant against the attack on Integrity and Denial of Service attack (DOS).

References
  1. W. Stallings, Cryptography and Network Security - Principles and Practice, Second ed., Pearson Education Asia, Prentice Hall, NJ, 1995.
  2. D. Gritzalis, S. Katsikas, Towards a formal system-to-system authentication protocol, Computer Communication, 19 (1996) 954-961.
  3. B. Schneier, Applied Cryptography, Second ed., John Wiley & Sons, Inc., New York, 1996.
  4. D.A. Menasce, A.F. Almeida, Scaling for E-Business, First ed., Prentice Hall, NJ, 1998.
  5. N. Koblitz, A Course in Number Theory and Cryptography, Second ed., Springer–Verlag, New York, 1994.
  6. A. Menezes, P.V. Oorschot, S. Vanstone, Handbook of Applied Cryptography, Fifth ed., CRC Press, 2001.
  7. K. Taekyoung, Authentication and key agreement via memorable password, Computer Communication, 11 (1989) 753-771.
  8. W.H. Yang, S.P. Shieh, Password authentication scheme with smart cards, Computer and Security, 18 (1999) 727-733.
  9. R. Molva, G. Tsudik, Increased randomness in modern password scheme, Computer Communication, 31 (1998) 753-762.
  10. K. Tan, H. Zhu, Remote password authentication scheme based on cross-product, Computer Communication, 22 (1999) 390-393.
  11. T.C. Wu, Remote login authentication scheme based on a geometric approach, Computer Communication, 18 (1995) 959-963.
  12. D. Chaum, J.-H. Evertse, J. van de Graff, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, Advances in Cryptology – Eurocrypt ’87 Proceedings, Springer-Verlag, New York, (1988) 127-141.
  13. D. Chaum, J.-H. Evertse, J. van de Graff, Demonstrating possession of discrete logarithm without revealing it, Advances in Cryptology- Eurocrypt ’86 Proceedings, Springer-Verlag, New York, (1987) 200-212.
Index Terms

Computer Science
Information Sciences

Keywords

Discrete Logarithm Problem (DLP) Zero-Knowledge Proofs (ZKP) Dynamic on-Demand Password (DDP) Authentication commercial web sites and Denial of Service (DOS) attack