Design and Implementation of a Zero-Knowledge Authentication Framework for Java Card

Zero-knowledge authentication protocols are an alternative to authentication protocols based on public key cryptography. Low processing and memory consumption make them especially suitable for implementation in smart card microprocessors, which are severely limited in processing power and memory space. This paper describes a design and implementation of a software library providing smart card application developers with a reliable authentication mechanism based on well-known zero-knowledge authentication schemes. Java Card is used as the target smart card platform implementation based on the evaluation of the Fiat-Shamir F-S and Guillou-Quisquater G-Q protocols under various performance criteria are presented to show the effectiveness of the implementation and that G-Q is a more efficient protocol.

[1]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[2]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[3]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[4]  Ahmed Patel,et al.  Concept of Mobile Agent-Based Electronic Marketplace – Safety Measures , 2010 .

[5]  Thomas Beth,et al.  Efficient Zero-Knowledge Identification Scheme for Smart Cards , 1988, EUROCRYPT.

[6]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[7]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[8]  Yvo Desmedt,et al.  Efficient Zero-Knowledge Identification Schemes for Smart Cards , 1992, Comput. J..

[9]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[10]  Ahmed Patel,et al.  Evidence processing and privacy issues in evidence-based reputation systems , 2005, Comput. Stand. Interfaces.

[11]  Ahmed Patel,et al.  A Secure and Trustworthy Framework for Mobile Agent-Based E-Marketplace with Digital Forensics and Security Protocols , 2009, Int. J. Mob. Comput. Multim. Commun..

[12]  Michaël Quisquater,et al.  How to Explain Zero-Knowledge Protocols to Your Children , 1989, CRYPTO.

[13]  Srinivasan Venkatesh,et al.  A Characterization of Non-interactive Instance-Dependent Commitment-Schemes (NIC) , 2007, ICALP.

[14]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[15]  Kazuo Ohta,et al.  A Modification of the Fiat-Shamir Scheme , 1988, CRYPTO.

[16]  Salil P. Vadhan,et al.  Zero Knowledge and Soundness Are Symmetric , 2007, EUROCRYPT.

[17]  Adi Shamir,et al.  An Improvement of the Fiat-Shamir Identification and Signature Scheme , 1988, CRYPTO.

[18]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[19]  Salil P. Vadhan,et al.  Zero knowledge with efficient provers , 2006, STOC '06.

[20]  Z. Chen Java Card Technology for Smart Cards: Architecture and Programmer''s Guide. The Java Series. Addis , 2000 .

[21]  Salil P. Vadhan An Unconditional Study of Computational Zero Knowledge , 2004, FOCS.

[22]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[23]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[24]  Ahmed Patel,et al.  A partial equilibrium view on security and privacy , 2008, Inf. Manag. Comput. Secur..

[25]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.