Zero Knowledge Password Authentication Protocol

Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 203)

Abstract

In many applications, the password is sent as cleartext to the server to be authenticated thus providing the eavesdropper with opportunity to steal valuable data. This paper presents a simple protocol based on zero knowledge proof by which the user can prove to the authentication server that he has the password without having to send the password to the server as either cleartext or in encrypted format. Thus the user can authenticate himself without having to actually reveal the password to the server. Also, another version of this protocol has been proposed which makes use of public key cryptography thus adding one more level of security to the protocol and enabling mutual authentication between the client & server.

Keywords

computer network computer security authentication protocol zero-knowledge proof password 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Simpson, W.: Request for Comments 1994, PPP Challenge Handshake Authentication Protocol (CHAP). Network Working Group, California (1996)Google Scholar
  2. 2.
    Youssef, M.W., El-Gendy, H.: Securing Authentication of TCP/IP Layer Two by Modifying Challenge-Handshake Authentication Protocol. Advanced Computing: An International Journal (ACIJ) 3(2) (March 2012)Google Scholar
  3. 3.
    Zorn, G.: Request for Comments: 2759: Microsoft PPP CHAP Extensions- Version 2, Network Working Group, Microsoft Corporation (2000)Google Scholar
  4. 4.
    Dolev, Yao, A.: On the Security of Public Key Protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)MathSciNetMATHCrossRefGoogle Scholar
  5. 5.
    Verification of two versions of the Challenge Handshake Authentication Protocol (CHAP), Guy Leduc, Research Unit in Networking (RUN)Google Scholar
  6. 6.
    Goldreich, O.: Zero-knowledge twenty years after its invention (2002) (unpublished manuscript)Google Scholar
  7. 7.
    Zero-knowledge proof. Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Zero-knowledge_proof
  8. 8.
    Zero-knowledge password proof Wikepedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Zero-knowledge_password_proof
  9. 9.
    Challenging epistemology: Interactive proofs and zero knowledge Justin Bledin Group in Logic and the Methodology of Science. Journal of Applied Logic 6, 490–501 (2008)Google Scholar
  10. 10.
    Mohr, A.: A Survey of Zero-Knowledge Proofs with Applications to Cryptography. Southern Illinois University, CarbondaleGoogle Scholar
  11. 11.
    “Password Authentication Protocol” Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Password_authentication_protocol
  12. 12.
    Microsoft TechNet, Authentication Methods, http://technet.microsoft.com/en-us/library/cc958013.aspx
  13. 13.
    Microsoft Technet, Password Authentication Protocol, http://technet.microsoft.com/enus/library/cc737807%28v=ws.10%29
  14. 14.
    Lloyd, B., Simpson, W.: Request for Comments 1334. PPP Authentication Protocols, Network Working Group (October 1992)Google Scholar
  15. 15.
    Quisquater, J.-J., Guillou, L.C., Berson, T.A.: How to Explain Zero-Knowledge Protocols to Your Children. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 628–631. Springer, Heidelberg (1990), http://www.cs.wisc.edu/~mkowalcz/628.pdf Google Scholar
  16. 16.
    Cryptographic Hash Function. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Cryptographic_hash_function

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Supercomputer Education & Research CentreIndian Institute of Science, BangaloreBangaloreIndia

Personalised recommendations