Skip to main content

Zero Knowledge Password Authentication Protocol

  • Chapter

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 203)

Abstract

In many applications, the password is sent as cleartext to the server to be authenticated thus providing the eavesdropper with opportunity to steal valuable data. This paper presents a simple protocol based on zero knowledge proof by which the user can prove to the authentication server that he has the password without having to send the password to the server as either cleartext or in encrypted format. Thus the user can authenticate himself without having to actually reveal the password to the server. Also, another version of this protocol has been proposed which makes use of public key cryptography thus adding one more level of security to the protocol and enabling mutual authentication between the client & server.

Keywords

  • computer network
  • computer security
  • authentication protocol
  • zero-knowledge proof
  • password

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Simpson, W.: Request for Comments 1994, PPP Challenge Handshake Authentication Protocol (CHAP). Network Working Group, California (1996)

    Google Scholar 

  2. Youssef, M.W., El-Gendy, H.: Securing Authentication of TCP/IP Layer Two by Modifying Challenge-Handshake Authentication Protocol. Advanced Computing: An International Journal (ACIJ) 3(2) (March 2012)

    Google Scholar 

  3. Zorn, G.: Request for Comments: 2759: Microsoft PPP CHAP Extensions- Version 2, Network Working Group, Microsoft Corporation (2000)

    Google Scholar 

  4. Dolev, Yao, A.: On the Security of Public Key Protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)

    CrossRef  MathSciNet  MATH  Google Scholar 

  5. Verification of two versions of the Challenge Handshake Authentication Protocol (CHAP), Guy Leduc, Research Unit in Networking (RUN)

    Google Scholar 

  6. Goldreich, O.: Zero-knowledge twenty years after its invention (2002) (unpublished manuscript)

    Google Scholar 

  7. Zero-knowledge proof. Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Zero-knowledge_proof

  8. Zero-knowledge password proof Wikepedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Zero-knowledge_password_proof

  9. Challenging epistemology: Interactive proofs and zero knowledge Justin Bledin Group in Logic and the Methodology of Science. Journal of Applied Logic 6, 490–501 (2008)

    Google Scholar 

  10. Mohr, A.: A Survey of Zero-Knowledge Proofs with Applications to Cryptography. Southern Illinois University, Carbondale

    Google Scholar 

  11. “Password Authentication Protocol” Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Password_authentication_protocol

  12. Microsoft TechNet, Authentication Methods, http://technet.microsoft.com/en-us/library/cc958013.aspx

  13. Microsoft Technet, Password Authentication Protocol, http://technet.microsoft.com/enus/library/cc737807%28v=ws.10%29

  14. Lloyd, B., Simpson, W.: Request for Comments 1334. PPP Authentication Protocols, Network Working Group (October 1992)

    Google Scholar 

  15. Quisquater, J.-J., Guillou, L.C., Berson, T.A.: How to Explain Zero-Knowledge Protocols to Your Children. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 628–631. Springer, Heidelberg (1990), http://www.cs.wisc.edu/~mkowalcz/628.pdf

    Google Scholar 

  16. Cryptographic Hash Function. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Cryptographic_hash_function

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Nivedita Datta .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Datta, N. (2013). Zero Knowledge Password Authentication Protocol. In: Patnaik, S., Tripathy, P., Naik, S. (eds) New Paradigms in Internet Computing. Advances in Intelligent Systems and Computing, vol 203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35461-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35461-8_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35460-1

  • Online ISBN: 978-3-642-35461-8

  • eBook Packages: EngineeringEngineering (R0)