A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution

Mostefa Kara; Konstantinos Karampidis; Zaoui Sayah; Abdelkader Laouid; Giorgos Papadourakis; Mohammad Nadir Abid

doi:10.1007/978-3-031-40598-3_4

A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution

Mostefa Kara^*, Konstantinos Karampidis, Zaoui Sayah, Abdelkader Laouid, Giorgos Papadourakis, Mohammad Nadir Abid

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

19 Scopus citations

Abstract

Password-based authentication is the most common strategy despite it having considerable problems. Password can be stealthily observed, its management is costly where users have to change their passwords regularly. With the appearance of Quantum Computing, the classic authentication models are threatened to be hacked. In this work, we propose a secure authentication scheme based on the zero-knowledge model. In the proposed scheme, the verifier generates random numbers r₁ and r₂ and mixes them with the stored password; after extracting r₁, the user proves the possession of its password using r₁ and another random number r₃. Therefore, both the prover and verifier authenticate each other with only a single message, which provides a lightweight protocol with robust resistance against known attacks. The proposal can resist quantum computer attacks if we use a post-quantum key-establishment algorithm to exchange the password for one-time.

Original language	English
Title of host publication	Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023
Editors	Hind Zantout, Hani Ragab Hassen
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	31-40
Number of pages	10
ISBN (Print)	9783031405976
DOIs	https://doi.org/10.1007/978-3-031-40598-3_4
State	Published - 2023
Externally published	Yes
Event	Proceedings of the 2nd International Conference on Applied Cyber Security, ACS 2023 - Dubai, United Arab Emirates Duration: 29 Apr 2023 → 29 Apr 2023

Publication series

Name	Lecture Notes in Networks and Systems
Volume	760 LNNS
ISSN (Print)	2367-3370
ISSN (Electronic)	2367-3389

Conference

Conference	Proceedings of the 2nd International Conference on Applied Cyber Security, ACS 2023
Country/Territory	United Arab Emirates
City	Dubai
Period	29/04/23 → 29/04/23

Bibliographical note

Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Keywords

Anonymity
Authentication
Post-Quantum
Privacy
Security

ASJC Scopus subject areas

Control and Systems Engineering
Signal Processing
Computer Networks and Communications

Access to Document

10.1007/978-3-031-40598-3_4

Cite this

Kara, M., Karampidis, K., Sayah, Z., Laouid, A., Papadourakis, G., & Abid, M. N. (2023). A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution. In H. Zantout, & H. Ragab Hassen (Eds.), Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023 (pp. 31-40). (Lecture Notes in Networks and Systems; Vol. 760 LNNS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-40598-3_4

Kara, Mostefa ; Karampidis, Konstantinos ; Sayah, Zaoui et al. / A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution. Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023. editor / Hind Zantout ; Hani Ragab Hassen. Springer Science and Business Media Deutschland GmbH, 2023. pp. 31-40 (Lecture Notes in Networks and Systems).

@inproceedings{b9ead71587fc429e84b33a87566b4512,

title = "A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution",

abstract = "Password-based authentication is the most common strategy despite it having considerable problems. Password can be stealthily observed, its management is costly where users have to change their passwords regularly. With the appearance of Quantum Computing, the classic authentication models are threatened to be hacked. In this work, we propose a secure authentication scheme based on the zero-knowledge model. In the proposed scheme, the verifier generates random numbers r1 and r2 and mixes them with the stored password; after extracting r1, the user proves the possession of its password using r1 and another random number r3. Therefore, both the prover and verifier authenticate each other with only a single message, which provides a lightweight protocol with robust resistance against known attacks. The proposal can resist quantum computer attacks if we use a post-quantum key-establishment algorithm to exchange the password for one-time.",

keywords = "Anonymity, Authentication, Post-Quantum, Privacy, Security",

author = "Mostefa Kara and Konstantinos Karampidis and Zaoui Sayah and Abdelkader Laouid and Giorgos Papadourakis and Abid, {Mohammad Nadir}",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Proceedings of the 2nd International Conference on Applied Cyber Security, ACS 2023 ; Conference date: 29-04-2023 Through 29-04-2023",

year = "2023",

doi = "10.1007/978-3-031-40598-3_4",

language = "English",

isbn = "9783031405976",

series = "Lecture Notes in Networks and Systems",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "31--40",

editor = "Hind Zantout and {Ragab Hassen}, Hani",

booktitle = "Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023",

address = "Germany",

}

Kara, M, Karampidis, K, Sayah, Z, Laouid, A, Papadourakis, G & Abid, MN 2023, A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution. in H Zantout & H Ragab Hassen (eds), Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023. Lecture Notes in Networks and Systems, vol. 760 LNNS, Springer Science and Business Media Deutschland GmbH, pp. 31-40, Proceedings of the 2nd International Conference on Applied Cyber Security, ACS 2023, Dubai, United Arab Emirates, 29/04/23. https://doi.org/10.1007/978-3-031-40598-3_4

A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution. / Kara, Mostefa; Karampidis, Konstantinos; Sayah, Zaoui et al.
Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023. ed. / Hind Zantout; Hani Ragab Hassen. Springer Science and Business Media Deutschland GmbH, 2023. p. 31-40 (Lecture Notes in Networks and Systems; Vol. 760 LNNS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution

AU - Kara, Mostefa

AU - Karampidis, Konstantinos

AU - Sayah, Zaoui

AU - Laouid, Abdelkader

AU - Papadourakis, Giorgos

AU - Abid, Mohammad Nadir

PY - 2023

Y1 - 2023

N2 - Password-based authentication is the most common strategy despite it having considerable problems. Password can be stealthily observed, its management is costly where users have to change their passwords regularly. With the appearance of Quantum Computing, the classic authentication models are threatened to be hacked. In this work, we propose a secure authentication scheme based on the zero-knowledge model. In the proposed scheme, the verifier generates random numbers r1 and r2 and mixes them with the stored password; after extracting r1, the user proves the possession of its password using r1 and another random number r3. Therefore, both the prover and verifier authenticate each other with only a single message, which provides a lightweight protocol with robust resistance against known attacks. The proposal can resist quantum computer attacks if we use a post-quantum key-establishment algorithm to exchange the password for one-time.

AB - Password-based authentication is the most common strategy despite it having considerable problems. Password can be stealthily observed, its management is costly where users have to change their passwords regularly. With the appearance of Quantum Computing, the classic authentication models are threatened to be hacked. In this work, we propose a secure authentication scheme based on the zero-knowledge model. In the proposed scheme, the verifier generates random numbers r1 and r2 and mixes them with the stored password; after extracting r1, the user proves the possession of its password using r1 and another random number r3. Therefore, both the prover and verifier authenticate each other with only a single message, which provides a lightweight protocol with robust resistance against known attacks. The proposal can resist quantum computer attacks if we use a post-quantum key-establishment algorithm to exchange the password for one-time.

KW - Anonymity

KW - Authentication

KW - Post-Quantum

KW - Privacy

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=85172121628&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-40598-3_4

DO - 10.1007/978-3-031-40598-3_4

M3 - Conference contribution

AN - SCOPUS:85172121628

SN - 9783031405976

T3 - Lecture Notes in Networks and Systems

SP - 31

EP - 40

BT - Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023

A2 - Zantout, Hind

A2 - Ragab Hassen, Hani

PB - Springer Science and Business Media Deutschland GmbH

T2 - Proceedings of the 2nd International Conference on Applied Cyber Security, ACS 2023

Y2 - 29 April 2023 through 29 April 2023

ER -

Kara M, Karampidis K, Sayah Z, Laouid A, Papadourakis G, Abid MN. A Password-Based Mutual Authentication Protocol via Zero-Knowledge Proof Solution. In Zantout H, Ragab Hassen H, editors, Proceedings of the International Conference on Applied Cybersecurity (ACS) 2023. Springer Science and Business Media Deutschland GmbH. 2023. p. 31-40. (Lecture Notes in Networks and Systems). doi: 10.1007/978-3-031-40598-3_4