Extending web applications with a lightweight zero knowledge proof authentication

Sławomir Grzonkowski, Wojciech Zaremba, Maciej Zaremba, Bill McDaniel
2008 Proceedings of the 5th international conference on Soft computing as transdisciplinary science and technology - CSTST '08  
User authentication is a crucial requirement for secure transactions and access to the sensitive resources on the Web. We propose, implement and evaluate a Zero-Knowledge Proof Authentication (ZKP) algorithm based on isomorphic graphs. The proposed mechanism allows for authentication with varying confidence and security levels. We suggest that most of the computations should be carried out by the user's web browser without revealing password or login at any point in time; instead generated
more » ... m isomorphic graphs and permutation functions based on the user login/password can be exchanged. Our experimental evaluation shows that by combining the asynchronous web with ZKP protocols, it is feasible to satisfy existing usability standards on the web.
doi:10.1145/1456223.1456241 dblp:conf/wstst/GrzonkowskiZZM08 fatcat:l44z6a3idzhr7nigy4pmzbnxnm