Abstract
In many applications, the password is sent as cleartext to the server to be authenticated thus providing the eavesdropper with opportunity to steal valuable data. This paper presents a simple protocol based on zero knowledge proof by which the user can prove to the authentication server that he has the password without having to send the password to the server as either cleartext or in encrypted format. Thus the user can authenticate himself without having to actually reveal the password to the server. Also, another version of this protocol has been proposed which makes use of public key cryptography thus adding one more level of security to the protocol and enabling mutual authentication between the client & server.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Simpson, W.: Request for Comments 1994, PPP Challenge Handshake Authentication Protocol (CHAP). Network Working Group, California (1996)
Youssef, M.W., El-Gendy, H.: Securing Authentication of TCP/IP Layer Two by Modifying Challenge-Handshake Authentication Protocol. Advanced Computing: An International Journal (ACIJ) 3(2) (March 2012)
Zorn, G.: Request for Comments: 2759: Microsoft PPP CHAP Extensions- Version 2, Network Working Group, Microsoft Corporation (2000)
Dolev, Yao, A.: On the Security of Public Key Protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Verification of two versions of the Challenge Handshake Authentication Protocol (CHAP), Guy Leduc, Research Unit in Networking (RUN)
Goldreich, O.: Zero-knowledge twenty years after its invention (2002) (unpublished manuscript)
Zero-knowledge proof. Wikipedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Zero-knowledge_proof
Zero-knowledge password proof Wikepedia, The Free Encyclopedia, http://en.wikipedia.org/wiki/Zero-knowledge_password_proof
Challenging epistemology: Interactive proofs and zero knowledge Justin Bledin Group in Logic and the Methodology of Science. Journal of Applied Logic 6, 490–501 (2008)
Mohr, A.: A Survey of Zero-Knowledge Proofs with Applications to Cryptography. Southern Illinois University, Carbondale
“Password Authentication Protocol” Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Password_authentication_protocol
Microsoft TechNet, Authentication Methods, http://technet.microsoft.com/en-us/library/cc958013.aspx
Microsoft Technet, Password Authentication Protocol, http://technet.microsoft.com/enus/library/cc737807%28v=ws.10%29
Lloyd, B., Simpson, W.: Request for Comments 1334. PPP Authentication Protocols, Network Working Group (October 1992)
Quisquater, J.-J., Guillou, L.C., Berson, T.A.: How to Explain Zero-Knowledge Protocols to Your Children. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 628–631. Springer, Heidelberg (1990), http://www.cs.wisc.edu/~mkowalcz/628.pdf
Cryptographic Hash Function. Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Cryptographic_hash_function
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Datta, N. (2013). Zero Knowledge Password Authentication Protocol. In: Patnaik, S., Tripathy, P., Naik, S. (eds) New Paradigms in Internet Computing. Advances in Intelligent Systems and Computing, vol 203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35461-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-35461-8_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35460-1
Online ISBN: 978-3-642-35461-8
eBook Packages: EngineeringEngineering (R0)