Interactive Zero Knowledge Password Authentication Scheme for Commercial Web Sites

This paper presents the implementation of an interactive Zero Knowledge Password authentication scheme for commercial Web sites. In this scheme, a legitimate prover (client) can exchange a secret code (password) with a remote skeptic (server), in order to reveal his/her identification. Based on the validity of the secret code the skeptic then allows the prover to login to the site and access the web services. This paper introduces a protocol that integrates the concepts of Discrete Logarithm Problem (DLP) and Zero-Knowledge Proofs (ZKP). The protocol consists of three entities, namely, the prover, the skeptic, and the facilitator who interact with one another to generate the secret code. When tested, the time to carry out various operations related to this protocol was reasonably small (under 4 seconds). Our scheme is resistant to man-in-the-middle attack and discourages replaying previously intercepted secret codes. We also propose two modifications to our basic scheme to make it resistant against the attack on Integrity and Denial of Service attack (DOS).

[1]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[2]  Tzong-Chen Wu,et al.  Remote login authentication scheme based on a geometric approach , 1995, Comput. Commun..

[3]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[4]  David Chaum,et al.  Demonstrating Possession of a Discrete Logarithm Without Revealing It , 1986, CRYPTO.

[5]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[6]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[7]  Taekyoung Kwon,et al.  Authentication and Key Agreement via Memorable Password , 2000, IACR Cryptol. ePrint Arch..

[8]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[9]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[10]  Dimitris Gritzalis,et al.  Towards a formal system-to-system authentication protocol , 1996, Comput. Commun..

[11]  Yuan Shi A Password Authentication Scheme with Smart Cards , 2002 .

[12]  D.A. Menasce,et al.  Scaling for e-business , 2000, Proceedings 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.PR00728).

[13]  Kaijun Tan,et al.  Remote password authentication scheme based on cross-product , 1999, Comput. Commun..