Analysis of Authentications in Zero

Download Analysis of Authentications in Zero

Post on 28-Sep-2015




1 download





    Security related to Internet of Things

    Saranya C.M PG Scholar, Dept. Of CSE

    Vidya Academy of Science and Technology Thrissur, India

    Nitha K.P Asst. Professor, Dept. Of CSE

    Vidya Academy of Science and Technology Thrissur, India

    Abstract Security plays a vital role in todays world. Data encryption, data integrity and device authentication are imperative features of secure computer communication. In this paper includes different approaches of zero knowledge protocol. Machine-to-Machine (M2M) authentication of a device is of up most importance for applications of Internet of Things. On theoretical study a new protocol is introduced which combines zero knowledge protocol and key exchange algorithm to provide secure and authenticated communication that can be applied in Internet Of Things. This protocol affords perfect secrecy and evicts the computational overheads.

    KeywordsZero Knowledge proof; IOT; GMW protocol; Elliptic Curve Diffie-Hellman key sharing algorithm;

    I. INTRODUCTION Secure communication always demands the use of effective authentication method. A variety of authentication methods are applied in various communications. Existing authentication methods are password based authentication, mutual authentication, implicit authentication, graphical based authentication etc. Zero-knowledge proof (ZKP) plays an important role in authentication. ZKP have a unique feature that the prover can prove the correctness to the verifier without leaking any information. ZKP have four terminologies, they are secret, accreditation, problem, cut and choose. ZKP can be used in three modes of operations. It ensures data integrity, confidentiality and authentication. The Internet of Things is a new revolution of the Internet. IOT aims the advanced mode of communication of small devices. The IOT also ensures the confidentiality, integrity and authentication that finds inevitable role in ZKP. The goal of the Internet of Things is to enable things to be connected anytime, anyplace, with anything and anyone ideally using any path/network and any service. IOT aims for integrating the physical world with the virtual world by using the Internet as the medium to communicate and exchange information. IOT describes a system where items in the physical world, and sensors within or attached to these items, are connected to the Internet via wireless and wired Internet connections. In IOT, sensors are used for collecting information. These sensors can use various types of local area connections such as RFID, NFC, Wi-Fi, Bluetooth, and Zigbee. Sensors can also have wide area connectivity such as GSM, GPRS, 3G, and LTE. The Internet of Things will connect both inanimate and living things. For providing higher security in IOT zero knowledge protocol is used. To attain high security in ZKP we have to set the secret as hard as possible.

    On comparing different ZKP approaches, a method for peer-to peer authentication and encryption based on the Goldreich-Micali-Wigderson (GMW) graph isomorphism zero knowledge protocol and the Diffie-Hellman key exchange [1] is a promising approach that can be implemented on the small embedded systems. Embedded systems are becoming increasingly vulnerable to masquerade and replay attacks due to increased connectivity, creating a need for authentication. Different authentication schemes are used in embedded systems for providing security and unauthorized access.

    Network security is a critical requirement in emerging networks. The purpose of network security, quite simply, is to protect the network and its component parts from unauthorized access and misuse [21]. Network security is provided by the internet protocol Transport Layer Security (TLS). TLS is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. This approach is implemented for small devices using IOT.



    ISBN: 978-15-08772460-24

    Date: 8.3.2015



    A. Zero Knowledge Protocol Zero-knowledge protocols, as their name says, are cryptographic protocols which do not reveal the information or secret

    itself during the protocol or to any eavesdropper. ZKP is an advanced protocol and it consists of prover and verifier. An alternative to the MIM (Man In the Middle) attack and authentication problems in general is the use of ZKP. Zero Knowledge Protocols have the following properties:

    The verifier cannot learn anything from the protocol.

    The prover cannot cheat the verifier.

    The verifier cannot cheat the prover.

    The verifier cannot pretend to be the prover to a third party. ZKP have the concept of interactive proof system and non interactive proof system. ZKP authentication can applied on

    variety of areas such as mobile adhoc networks, wireless sensor network, authentication, web applications, and embedded systems as well as they are prone to many security attacks. In [22] proposes a new concept based on the non interactive proof system. This work is used for exchanging information confidentially through insecure environments on mobile adhoc networks. This technology is merges with everyday use that electronic devices that can be useful to humans, uniquely identified, monitored and interconnected. The secret sets in this work are graph isomorphism. The main drawback of this method is complexity of asymmetric cryptography.

    Zero knowledge proof is applied in lattice encryption. Lattice problems are an attractive basis for cryptographic systems because they seem to offer better security than discrete logarithm and factoring based problems. Efficient lattice-based constructions are known for signature and encryption schemes. Several lattice based encryption schemes are used in ZKP, but many of their applications in more complex primitives require efficient zero-knowledge proofs of the encrypted plaintext. In [24] proposes A new protocol can be combined with a proof of knowledge for Pedersen commitments in order to prove that the committed value is the same as the encrypted one. This protocol has number of steps for the implementation part. This method can be related to the ZKP device authentication.

    Zero knowledge protocol is applied on the portable devices by using encryption method. So [23] proposed on proofs of knowledge of discrete logarithm relations sets (DLRS), and the delegation of some prover's computations, without leaking any critical information to the delegatee. This method also related to internet of things.

    ZKP is used in ISIS problem. This work [25] focused on ZKPoK for an important hard-on-average problem in lattice based cryptography the Inhomogeneous Small Integer Solution (ISIS) problem, In [2] zero knowledge protocol to address cloning attack by attaching unique finger print to each node compromised node with help of zero knowledge protocol. To give security to WSN from zero knowledge protocol, and need to generate finger print of each node by using neighbouring node information. These fingerprints are subsequently used to detect clone attack. Finger print method only detects Man In the Middle attack, replay attack and clone attack.

    Zero Knowledge protocol is also applicable for web applications by using a light weight zero knowledge protocol[4]. The motivation for this research is to develop a fast and lightweight userid/password login model using zero knowledge proof (ZKP) to provide added security. Due to the ZKP nature, the server's challenges cannot be delivered to the user with the login form. The authentication process is more computationally expensive and consumes more bandwidth. To satisfy these requirements, combined Ajax (Asynchronous JavaScript and XML) that is an asynchronous web technology with a graph isomorphism protocol. The approach taken reduces computation and communication cost. The approach is related to graph isomorphism, but the problem is to find the permutation of graph and also this work only increases the speed of brute force attacks.

    The proposed GMW ZKP method gives more security in authentication of small devices when compared with other authentication schemes and encryption schemes. It is applied in Internet Of Things.

    B. Key Sharing

    Different key sharing algorithms can be applied in this protocol according to the basis of embedded systems. In this approach simple key exchange algorithms are possible. Because here using small embedded systems. DiffieHellman key exchange (DH) is used in the proposed architecture. DH is a specific method of exchanging cryptographic keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The DiffieHellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an



    ISBN: 978-15-08772460-24

    Date: 8.3.2015


  • insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher. . D-H is simple and proved algorithm.

    In [17] Modified version of D-H can be applied in ZKP. Modified version means that solving the attacks or problems in simple basic D-H by using Zero Knowledge Protocol. Simple D-H can be modified [15] with Elliptic curve cryptography and DiffieHellman key agreement protocol. D-H Itself is an anonymous key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide forward secrecy for web browsers application using HTTPS. An efficient and secure mutual authentication and key establishment protocol based on Elliptic Curve Cryptography (ECC) by which different classes of nodes, with very different capabilities, can authenticate each other and establish a secret key for secure communication.

    Improving the security of the Diffie-Hellman key agreement and encryption decryption schemes, these improvements use randomized parameter to secure every shared secret key and every encrypted message block so that even if the same message is sent many times the encrypted message block will look different. Encryption and decryption by using DES algorithm and the key is generated by DH algorithm. It gives more security. But it is hard to implement in GMW protocol. It contains more computational rounds. So it decreases computational speed.

    Mainly this protocol is applicable in small embedded systems. So we have to use low size algorithms with fast computation and power savings. C. Graph isomorphism

    Here ZKP authentication is implementing using GMW method by using graph isomorphism. Two graphs G1 and G2 are

    said to be isomorphic, they differ only by the names of the vertices and edges. There is a complete structural equivalence between two such graphs. If two graphs are isomorphic, they must have:

    The same number of vertices. The same number of edges The same degrees for corresponding vertices The same number of connected components The same number of loops. The same number of parallel edges.

    Figure 1: Graph isomorphism

    There are different approaches to the problem of finding isomorphism of a graph, however most practical algorithms available in the literature are sub-divisible into two different categories in [11].The algorithms in the first category proceed directly by taking the two graphs to be compared for isomorphism, and try to find a match between them.

    On the other hand, the algorithms in the second category proceed by considering one graph at the time. They take a single graph, say G1 and compute a function C(G1) which returns a certificate or a canonical label of the graph, such that for two graphs that are being compared (G1 and G2), C(G1) = C(G2) if and only if G1 and G2 are isomorphic[11].


    The GMW protocol is based on graph isomorphism . Two graphs H = (V1,E1) and G1 = (V2,E2) that have the same number of vertices are isomorphic, if there exists a permutation 0 on vertices of H, so that any edge between vertices (u, v) in H can be mapped onto G1. The graph isomorphism problem is NP, as there is no known polynomial time algorithm that solves it. In the GMW protocol the provers secret is a graph permutation that is the isomorphism between two publically known graphs G1 and G2[11].

    Suppose there are two graphs G1 and G2, such that the graph G2 is generated by relabeling the vertices of G1 according to a secret permutation while preserving the edges. [11]The pair of graphs G1 and G2 forms the public key pair, and the



    ISBN: 978-15-08772460-24

    Date: 8.3.2015


  • permutation serves as the private key. A third graph H, which is either obtained from G1 or G2 using another random permutation, say is sent to the verifier who will in return challenge the prover to provide the permutation which can map H back to either G1 or G2.

    For instance, if H is obtained from G1 and the verifier challenges the prover to map H to G1, then = -1. Similarly, if H is obtained from G2 and the verifier challenges the prover to map H to G2, then = -1. On the other hand, if H is obtained from G1 and the verifier challenges the prover to provide the permutation that maps H to G2, then = -1 , which is a combination of -1 and . In fact, -1 will be applied to H to obtain G1 then the vertices of G1 will be modified according to the secret permutation to get G2. Finally, if H is obtained from G2 and the verifier challenges the prover to map H to G1, then = -1 -1[11].


    The proposed architecture should have a prior knowledge about the network setup and number of interconnected devices. The system consists of a network manager. Network manager distributes a public graph to all devices and each device has a random secret permutation. Graph permutation is stored in a hash table. The completed hash table is stored in all devices. The system starts with a handshake. During handshaking both devices decide the number of rounds. After that it enters in to the authentication process. Each device sends an authentication frame to other devices and finally they mutually authenticated [1]. The authentication frame consist of

    Where, IG Initial Graph I Number of rounds Id Unique identifier Success Flag indication SOL Response of challenge CHL New challenge

    Figure 2: Proposed Architecture GMW ZKP


    Applications of ZKP are watermarking, smartcard applications, web applications, web based messaging system and also applicable in authentication. One of the main applications of ZKP is in obtaining the cryptographic objective of authentication. ZKPs can be a good solution to security problems in financial or other security critical applications; Smart cards are vulnerable to reverse engineering to extract vital information. A zero knowledge proof system can be implemented to withstand such attacks. The purpose of the implementation is to make implementing the Zero-Knowledge Proof Authentication portable and easily customizable. This is achieved by using python based scripts in web applications to simulate the protocol.



    ISBN: 978-15-08772460-24

    Date: 8.3.2015


  • Zero Knowledge Protocol authentications are applied smart card applications [6]. To demonstrate a zero-knowledge authentication protocol for smart cards. The protocol is statistically zero knowledge, meaning that it does not leak any knowledge about the secret, even to an infinitely powerful malicious verifier. The proposed authentication protocol achieved higher security. This authentication protocol is generally used for active attacks as well as concurrent attacks.

    ZKP implemented in secure messaging system [17]. A web-based messaging system is presented with implementing a new version of Diffie-Hellman protocol, to assure mutual authentication between client and server along with exchanging key securely without sending it through the channel. The proposed message system has the capability for sending/receiving messages in a secure way. Encryption needs a key, which is accrued from implementing ZKP. It accomplished the security services authenticity, Integrity, Confidentiality.


    Different authentication methods are used in cryptography. Zero knowledge protocol is powerful method for authentication. Our system is to find better authentication in small embedded systems using Zero knowledge protocol and a key sharing algorithm that can be applied in IOT. The table shows the comparative study of ZKP and key sharing algorithm. Graph isomorphism based ZKP and D-H algorithm provides better result for authentication in small embedded systems.

    Sl N0 Algorithms Findings

    1 Zero

    Knowledge Protocol

    ZKP for lattice encryption

    Related to IOT and authentication

    Based on graph isomorphism

    Effective authentication in small embedded systems.

    Non-interactive authentication for

    lightweight environments

    Applicable in mobile adhoc network

    Efficient delegation of

    ZKPoK pairing friendly setting

    Good authentication method in portable devices.

    Authenticating grid using graph


    Effective authentication method compared to other authentication schemes.

    2 Key Sharing

    D-H key Exchange algorithm

    Simple and proved algorithm. Avoid MIM


    Modification of D-H

    Protocol protected from discrete logarithmic attack

    ECC DH Key Exchange algorithm

    Smaller key size, faster computation, low power


    DH key exchange using


    Computational speed decreases

    Table 1: comparison of ZKP and Key sharing algorithms


    In this paper proposed a new method to provide privacy, integrity and authentication among peers in static devices. It primarily focuses on the issue of security in small embedded systems. It is based on a zero knowledge protocol and a key exchange algorithm. It provides mutual authentication based on the GMW protocol. The proposed architecture provides perfect forward secrecy .It aims low data rate, low power consumptions and fast computation.



    ISBN: 978-15-08772460-24

    Date: 8.3.2015


  • References

    [1] Pdraig Flood, Michael Schukat ,Peer to Peer Authentication for Small Embedded Systems, 2014 IEEE. [2] Siba K. Udgata, AlefiahMubeen, Samrat L. Sabat Wireless Sensor Network Security model using Zero Knowledge Protocol. IEEE Communications Society

    subject matter experts for publication in the IEEE ICC 2011 proceedings. [3] Quan Nguyen, Mikhail Rudoy, ArjunSrinivasan Two Factor Zero Knowledge Proof Authentication System6.857 Spring 2014 Project. [4] SawomirGrzonkowski, WojciechZaremba, MaciejZaremba, Bill McDanielExtending Web Applications with a Lightweight Zero Knowledge Proof

    Authentication CSTST 2008 October 27-31, 2008, Cergy-Pontoise, France [5] MahmoodKhalelIbrahem.Modification of DiffieHellman Key Exchange Algorithm for Zero Knowledge Proof. 2012 IEEE on future communications. [6] Mohammad SadeqDousti and RasoolJalili. Efficient Statistical Zero-Knowledge Authentication Protocols for Smart Cards Secure Against Active &

    Concurrent Attacks. [7] Li Lu, Jinsong Han, Lei Hu1, JinpengHuai, Yunhao Liu, and Lionel M. NiPseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer

    Protocols. 1-4244-0910-1/07/$20.00 2007 IEEE. [8] thomasbeth, universitatkarlsruhe, fakultatfur lnformatiklnstitutfur algorithmen und kognitivesysteme. Efficient zero-knowledge identification scheme for

    smart cards.@ Spnnger-Verlag Berlin Heidelberg 1988. [9] Sarah Meiklejohn, C. Chris Erway, AlptekinKpZKPDL: A Language-Based System for Efficient Zero-Knowledge Proofs and Electronic Cash. [10] Sukriti Bhattacharya, AgostinoCortesi. Zero-knowledge SoftwareWatermarking for C Programs. 2010 International Conference on Advances in

    Communication, Network, and Computing. [11] Eric Ayeh, An Investigation Into Graph Isomorphism Based Zero-Knowledge Proofs University Of North Texas December 2009. [12] Zakir Durumeric1, James Kasten,David Adrian1, J. Alex Halderman,Michael BaileyThe Matter of HeartbleedUniversity of Michigan University of Illinois,

    Urbana Champaign. [13] MalekJakobKakishSecurityImprovments To The Diffie-Hellman SchemesIJRRAS 8 (1) July 2011. [14] Ram RatanAhirwal, ManojAhkeElliptic Curve Diffie-Hellman Key Exchange Algorithm For Securing Hypertext Information On Wide Area Network

    (IJCSIT) 2013. [15] SarmadUllahKhana, Claudio Pastroneb, Luciano Lavagnoa, Maurizio A. Spirit,An Authentication and Key Establishment Scheme for the IP-Based Wireless

    Sensor Networks, Elsevier 2012. [16] Maryam Ahmed, BaharanSanjabi, DifoAldiaz, AmirhosseinRezaei, HabeebOmotunde, Diffie-Hellman And Its Application in Security Protocols, ISO

    9001:2008 Certified International Journal of Engineering Science and Innovative Technology (IJESIT) Volume 1, Issue 2, November 2012. [17] MahmoodKhalelIbrahem, Tamara Alaa M. Ali, Secure Messaging System using ZKP,MahmoodKhalelIbrahem et al | IJCSET | November 2013 | Vol 3, Issue

    11, 388-393. [18] Gerardo I. SimariA Primer on Zero Knowledge Protocols Universidad Nacionaldel Sur - June 27, 2002. [19] Manish Jain_, DmytroKorzhyky, OndrejVanek+, Vincent Conitzery,A Double Oracle Algorithm for Zero-Sum Security Games on Graphs May, 26, 2011. [20] OvidiuVermesan, Internet Of Things- Converging Technologies for Smart Environments and Integrated Eco Systems ,River Publishers series in

    communication. [21] University of Florida Department of Electrical and Computer Engineering Bhavya Daya Network Security :History, Importance ,and Future [22] Huixin Wu and FengWang Survey of non-interactive zero knowledge proof system and its applications. [23] Sfebastien Canard, David Pointcheval, and Olivier Sanders Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting [24] Fabrice Benhamouda1, Jan Camenisch2, Stephan Krenn Better Zero-Knowledge Proofs for Lattice Encryption and Their Application to Group Signatures [25] San Ling1, Khoa Nguyen1, Damien Stehl2, Huaxiong Wang1 Improved Zero-knowledge Proofs of Knowledge for the ISIS Problem, and Applications



    ISBN: 978-15-08772460-24

    Date: 8.3.2015



View more >