Analysis of Authentications in Zero

Download Analysis of Authentications in Zero

Post on 28-Sep-2015

230 views

Category:

Documents

1 download

Embed Size (px)

DESCRIPTION

iaetsd

TRANSCRIPT

<ul><li><p>ANALYSIS OF AUTHENTICATIONS IN ZERO KNOWLEDGE PROTOCOL </p><p>Security related to Internet of Things </p><p>Saranya C.M PG Scholar, Dept. Of CSE </p><p>Vidya Academy of Science and Technology Thrissur, India </p><p>saranyamathukutty@gmail.com </p><p>Nitha K.P Asst. Professor, Dept. Of CSE </p><p>Vidya Academy of Science and Technology Thrissur, India </p><p>nitha.k.p@vidyaacademy.ac.in </p><p>Abstract Security plays a vital role in todays world. Data encryption, data integrity and device authentication are imperative features of secure computer communication. In this paper includes different approaches of zero knowledge protocol. Machine-to-Machine (M2M) authentication of a device is of up most importance for applications of Internet of Things. On theoretical study a new protocol is introduced which combines zero knowledge protocol and key exchange algorithm to provide secure and authenticated communication that can be applied in Internet Of Things. This protocol affords perfect secrecy and evicts the computational overheads. </p><p>KeywordsZero Knowledge proof; IOT; GMW protocol; Elliptic Curve Diffie-Hellman key sharing algorithm; </p><p>I. INTRODUCTION Secure communication always demands the use of effective authentication method. A variety of authentication methods are applied in various communications. Existing authentication methods are password based authentication, mutual authentication, implicit authentication, graphical based authentication etc. Zero-knowledge proof (ZKP) plays an important role in authentication. ZKP have a unique feature that the prover can prove the correctness to the verifier without leaking any information. ZKP have four terminologies, they are secret, accreditation, problem, cut and choose. ZKP can be used in three modes of operations. It ensures data integrity, confidentiality and authentication. The Internet of Things is a new revolution of the Internet. IOT aims the advanced mode of communication of small devices. The IOT also ensures the confidentiality, integrity and authentication that finds inevitable role in ZKP. The goal of the Internet of Things is to enable things to be connected anytime, anyplace, with anything and anyone ideally using any path/network and any service. IOT aims for integrating the physical world with the virtual world by using the Internet as the medium to communicate and exchange information. IOT describes a system where items in the physical world, and sensors within or attached to these items, are connected to the Internet via wireless and wired Internet connections. In IOT, sensors are used for collecting information. These sensors can use various types of local area connections such as RFID, NFC, Wi-Fi, Bluetooth, and Zigbee. Sensors can also have wide area connectivity such as GSM, GPRS, 3G, and LTE. The Internet of Things will connect both inanimate and living things. For providing higher security in IOT zero knowledge protocol is used. To attain high security in ZKP we have to set the secret as hard as possible. </p><p> On comparing different ZKP approaches, a method for peer-to peer authentication and encryption based on the Goldreich-Micali-Wigderson (GMW) graph isomorphism zero knowledge protocol and the Diffie-Hellman key exchange [1] is a promising approach that can be implemented on the small embedded systems. Embedded systems are becoming increasingly vulnerable to masquerade and replay attacks due to increased connectivity, creating a need for authentication. Different authentication schemes are used in embedded systems for providing security and unauthorized access. </p><p>Network security is a critical requirement in emerging networks. The purpose of network security, quite simply, is to protect the network and its component parts from unauthorized access and misuse [21]. Network security is provided by the internet protocol Transport Layer Security (TLS). TLS is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. This approach is implemented for small devices using IOT. </p><p>PROCEEDINGS OF INTERNATIONAL CONFERENCE ON RECENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY</p><p>IAETSD 2015: ALL RIGHTS RESERVED</p><p>ISBN: 978-15-08772460-24</p><p>www.iaetsd.in</p><p>Date: 8.3.2015</p><p>86</p></li><li><p>II. LITERATURE SURVEY . </p><p>A. Zero Knowledge Protocol Zero-knowledge protocols, as their name says, are cryptographic protocols which do not reveal the information or secret </p><p>itself during the protocol or to any eavesdropper. ZKP is an advanced protocol and it consists of prover and verifier. An alternative to the MIM (Man In the Middle) attack and authentication problems in general is the use of ZKP. Zero Knowledge Protocols have the following properties: </p><p> The verifier cannot learn anything from the protocol. </p><p> The prover cannot cheat the verifier. </p><p> The verifier cannot cheat the prover. </p><p> The verifier cannot pretend to be the prover to a third party. ZKP have the concept of interactive proof system and non interactive proof system. ZKP authentication can applied on </p><p>variety of areas such as mobile adhoc networks, wireless sensor network, authentication, web applications, and embedded systems as well as they are prone to many security attacks. In [22] proposes a new concept based on the non interactive proof system. This work is used for exchanging information confidentially through insecure environments on mobile adhoc networks. This technology is merges with everyday use that electronic devices that can be useful to humans, uniquely identified, monitored and interconnected. The secret sets in this work are graph isomorphism. The main drawback of this method is complexity of asymmetric cryptography. </p><p>Zero knowledge proof is applied in lattice encryption. Lattice problems are an attractive basis for cryptographic systems because they seem to offer better security than discrete logarithm and factoring based problems. Efficient lattice-based constructions are known for signature and encryption schemes. Several lattice based encryption schemes are used in ZKP, but many of their applications in more complex primitives require efficient zero-knowledge proofs of the encrypted plaintext. In [24] proposes A new protocol can be combined with a proof of knowledge for Pedersen commitments in order to prove that the committed value is the same as the encrypted one. This protocol has number of steps for the implementation part. This method can be related to the ZKP device authentication. </p><p>Zero knowledge protocol is applied on the portable devices by using encryption method. So [23] proposed on proofs of knowledge of discrete logarithm relations sets (DLRS), and the delegation of some prover's computations, without leaking any critical information to the delegatee. This method also related to internet of things. </p><p>ZKP is used in ISIS problem. This work [25] focused on ZKPoK for an important hard-on-average problem in lattice based cryptography the Inhomogeneous Small Integer Solution (ISIS) problem, In [2] zero knowledge protocol to address cloning attack by attaching unique finger print to each node compromised node with help of zero knowledge protocol. To give security to WSN from zero knowledge protocol, and need to generate finger print of each node by using neighbouring node information. These fingerprints are subsequently used to detect clone attack. Finger print method only detects Man In the Middle attack, replay attack and clone attack. </p><p> Zero Knowledge protocol is also applicable for web applications by using a light weight zero knowledge protocol[4]. The motivation for this research is to develop a fast and lightweight userid/password login model using zero knowledge proof (ZKP) to provide added security. Due to the ZKP nature, the server's challenges cannot be delivered to the user with the login form. The authentication process is more computationally expensive and consumes more bandwidth. To satisfy these requirements, combined Ajax (Asynchronous JavaScript and XML) that is an asynchronous web technology with a graph isomorphism protocol. The approach taken reduces computation and communication cost. The approach is related to graph isomorphism, but the problem is to find the permutation of graph and also this work only increases the speed of brute force attacks. </p><p>The proposed GMW ZKP method gives more security in authentication of small devices when compared with other authentication schemes and encryption schemes. It is applied in Internet Of Things. </p><p>B. Key Sharing </p><p> Different key sharing algorithms can be applied in this protocol according to the basis of embedded systems. In this approach simple key exchange algorithms are possible. Because here using small embedded systems. DiffieHellman key exchange (DH) is used in the proposed architecture. DH is a specific method of exchanging cryptographic keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The DiffieHellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an </p><p>PROCEEDINGS OF INTERNATIONAL CONFERENCE ON RECENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY</p><p>IAETSD 2015: ALL RIGHTS RESERVED</p><p>ISBN: 978-15-08772460-24</p><p>www.iaetsd.in</p><p>Date: 8.3.2015</p><p>87</p></li><li><p>insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. . D-H is simple and proved algorithm. </p><p>In [17] Modified version of D-H can be applied in ZKP. Modified version means that solving the attacks or problems in simple basic D-H by using Zero Knowledge Protocol. Simple D-H can be modified [15] with Elliptic curve cryptography and DiffieHellman key agreement protocol. D-H Itself is an anonymous key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide forward secrecy for web browsers application using HTTPS. An efficient and secure mutual authentication and key establishment protocol based on Elliptic Curve Cryptography (ECC) by which different classes of nodes, with very different capabilities, can authenticate each other and establish a secret key for secure communication. </p><p>Improving the security of the Diffie-Hellman key agreement and encryption decryption schemes, these improvements use randomized parameter to secure every shared secret key and every encrypted message block so that even if the same message is sent many times the encrypted message block will look different. Encryption and decryption by using DES algorithm and the key is generated by DH algorithm. It gives more security. But it is hard to implement in GMW protocol. It contains more computational rounds. So it decreases computational speed. </p><p>Mainly this protocol is applicable in small embedded systems. So we have to use low size algorithms with fast computation and power savings. C. Graph isomorphism </p><p> Here ZKP authentication is implementing using GMW method by using graph isomorphism. Two graphs G1 and G2 are </p><p>said to be isomorphic, they differ only by the names of the vertices and edges. There is a complete structural equivalence between two such graphs. If two graphs are isomorphic, they must have: </p><p> The same number of vertices. The same number of edges The same degrees for corresponding vertices The same number of connected components The same number of loops. The same number of parallel edges. </p><p> Figure 1: Graph isomorphism </p><p> There are different approaches to the problem of finding isomorphism of a graph, however most practical algorithms available in the literature are sub-divisible into two different categories in [11].The algorithms in the first category proceed directly by taking the two graphs to be compared for isomorphism, and try to find a match between them. </p><p>On the other hand, the algorithms in the second category proceed by considering one graph at the time. They take a single graph, say G1 and compute a function C(G1) which returns a certificate or a canonical label of the graph, such that for two graphs that are being compared (G1 and G2), C(G1) = C(G2) if and only if G1 and G2 are isomorphic[11]. </p><p>III. THE GOLDREICH-MICALI-WIGDERSON ZKP </p><p> The GMW protocol is based on graph isomorphism . Two graphs H = (V1,E1) and G1 = (V2,E2) that have the same number of vertices are isomorphic, if there exists a permutation 0 on vertices of H, so that any edge between vertices (u, v) in H can be mapped onto G1. The graph isomorphism problem is NP, as there is no known polynomial time algorithm that solves it. In the GMW protocol the provers secret is a graph permutation that is the isomorphism between two publically known graphs G1 and G2[11]. </p><p> Suppose there are two graphs G1 and G2, such that the graph G2 is generated by relabeling the vertices of G1 according to a secret permutation while preserving the edges. [11]The pair of graphs G1 and G2 forms the public key pair, and the </p><p>PROCEEDINGS OF INTERNATIONAL CONFERENCE ON RECENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY</p><p>IAETSD 2015: ALL RIGHTS RESERVED</p><p>ISBN: 978-15-08772460-24</p><p>www.iaetsd.in</p><p>Date: 8.3.2015</p><p>88</p></li><li><p>permutation serves as the private key. A third graph H, which is either obtained from G1 or G2 using another random permutation, say is sent to the verifier who will in return challenge the prover to provide the permutation which can map H back to either G1 or G2. </p><p>For instance, if H is obtained from G1 and the verifier challenges the prover to map H to G1, then = -1. Similarly, if H is obtained from G2 and the verifier challenges the prover to map H to G2, then = -1. On the other hand, if H is obtained from G1 and the verifier challenges the prover to provide the permutation that maps H to G2, then = -1 , which is a combination of -1 and . In fact, -1 will be applied to H to obtain G1 then the vertices of G1 will be modified according to the secret permutation to get G2. Finally, if H is obtained from G2 and the verifier challenges the prover to map H to G1, then = -1 -1[11]. </p><p>IV. PROPOSED ARCHITECTURE </p><p>The proposed architecture should have a prior knowledge about the network setup and number of interconnected devices. The system consists of a network manager. Network manager distributes a public graph to all devices and each device has a random secret permutation. Graph permutation is stored in a hash table. The completed hash table is stored in all devices. The system starts with a handshake. During handshaking both devices decide the number of rounds. After that it enters in to the authentication process. Each device sends an authentication frame to other devices and finally they mutually authenticated [1]. The authentication frame consist of </p><p> Where, IG Initial Graph I Number of rounds Id Unique identifier Success Flag indication SOL Respons...</p></li></ul>