Intrusion Detection in Zero Knowledge System Using Model Checking Approach

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 131)

Abstract

The number of services provided to the modern users of todays’ generation is countless and ever increasing. However, most of these services require the user to login with a username and a password. These sensitive information has to be sent across the network, which is highly insecure, and can be tapped by any unauthorized individual without much difficulty. The Zero Knowledge protocol provides authentication without the need to send any private and confidential information across the network. Only mathematical computations on these confidential information have to be sent across. In this paper, we have modeled the general working of the Zero Knowledge system by considering the various states that a prover (sender) and a verifier (receiver) will be in during the execution of the protocol, and have proved that the authentication of the prover is possible. Zero Knowledge system is usually considered to be unintrudeable, but that does not stop hackers from attempting to intrude this protocol. So in this paper, we have also considered the various states that an intruder will be in while intruding, and have shown that it is possible for the user to detect if somebody is trying to intrude the Zero Knowledge system. The tool used to model the system is NuSMV.

References

  1. 1.
    Wassernann G, Davis C (2008) Static detection of cross-site scripting vulnerabilities. In: Software engineering, 2008. ICSE ’08 ACM/IEEE 30th international conference, pp 171–180Google Scholar
  2. 2.
    Trabelsi Z, Rahmani H, Frikha M (2004) Malicious sniffing systems detection platform. In: Applications and the internet, 2004. Proceedings. 2004 international symposium, pp 171–180Google Scholar
  3. 3.
    Sultana S, Jabiullah M, Rahman M (2009) Improved needham-schroeder protocol for secured and efficient key distributions. In: Computers and information technology, 2009. ICCIT ’09. 12th international conference, pp 564–569Google Scholar
  4. 4.
    Barmawi A, Takada S, Doi N (1997) Augmented encrypted key exchange using rsa encryption. In: Personal, indoor and mobile radio communications, 1997. Waves of the year 2000. PIMRC ’97. The 8th IEEE international symposium, pp 490–494Google Scholar
  5. 5.
    Guilou LC, Berson TA (1990) How to explain zero-knowlege protocols to your children. In: Advances in cryptology—CRYPTO ’89, pp 628–631Google Scholar
  6. 6.
    FBK-IRST: Nusmv. (2012) http://nusmv.fbk.eu/NuSMV/index.html
  7. 7.
    Goldwasser S, Micali S, Rackoff C (1989) The knowledge complexity of interactive proof systems. SIAM J Comput 18:186–208Google Scholar
  8. 8.
    Jun LJ (2010) Brandon: implementing zero-knowledge authentication with zero knowledge. In: The Python papers monograph 2:9 proceedings of PyCon Asia-PacificGoogle Scholar
  9. 9.
    Barak B (2010) Zero knowledge, identification protocols. www.cs.princeton.edu/courses/archive/spr10/cos433/lec18new
  10. 10.
    Cavada R, Cimatti A, Jochim CA, Keighren G, Olivetti E, Pistore M, Roveri M, Tchaltsev A (2010) Nusmv 2.5 user manual. http://nusmv.fbk.eu/NuSMV/userman/index-v2.html
  11. 11.
    Huth M, Ryan M (2004) Logic in computer science: modelling and reasoning about systems. Cambridge University Press, New YorkGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.Department of Information and Communication TechnologyManipal Institute of TechnologyManipalIndia

Personalised recommendations