Information Technology Reference
In-Depth Information
zero knowledge proof[6], thus protects the sensitive data from being revealed to the
server or any intruder listening to the communication channel. It is meant to to be
basically used in distributed system or peer to peer networks.
This paper first presents a simple version of the ZK-PAP in which the user can
authenticate himself to the server without revealing the password[8]. The protocol
uses a challenge-response mechanism (between the server and client) based on nonce.
A nonce is a randomly generated number to be used only once throughout the session
in order to avoid replay attacks.
The simple version of this protocol supports only one way authentication i.e. only
the clients can authenticate themselves to the server. However, the other way round
authentication is not possible.
The other version of this protocol i.e. ZK-PAP with PKE incorporates the concept
of public key cryptography[4] thus adding a second level of security to the protocol
and also enabling two-way authentication, i.e. the client can authenticate the server
and vice versa.
1.3
Organization of Paper
The paper has been briefly divided into four sections. The first section introduces the
readers to the basic notations and concept such as zero-knowledge proof [6,7,10] and
PAP [11] which one needs to understand before he can understand the protocol
proposed. The second section gives a basic idea about the CHAP authentication
protocol which is a relevant work in this area.
The third section gives some brief idea about the basic primitives or building block
of the protocol followed by description of working of the protocol proposed in this
paper.
2
Notations and Definitions
2.1
Notations
In this section, we shall be discussing some of the basic notations which we will
encounter in the paper later. Key
k
∈
K is symmetric session key which will be
established between the user and client in every session to carry out the further
communication. H is a collision resistant hash function used to generate the hash
value of any data. As discussed already, nonce is a randomly generated data denoted
by Ni (N1, N2 etc) and transformation function is any simple mathematical function
which can be applied on integer data (assuming that nonce here is integer in nature).
Also we have encryption & decryption functions which are denoted by E & D
respectively. In case of asymmetric (public key) cryptography, E
PR-A
& E
PU-A
represent encryption using private key & public key of A respectively. Similarly,
D
PR-A
& D
PU-A
represent decryption using private key & public key of A respectively.
In case of symmetric (private key) cryptography, as we have no concept of public key
hence E
PR-A
& D
PR-A
represent encryption and decryption respectively using the
secret key of A.
