DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for
Distributed Systems
Vaishnavi C Shubin Jhansy Harshitha
B190653EC B190628EC
Abstract This project paper focuses on authentication and proposes a
ZKP-based authentication mechanism for use in distributed Security has always been a major concern in most net- systems. works and distributed systems, and authentication is the central issue because it protects against unautho- 2 Zero Knowledge Proof (ZKP) rised use and ensures the system’s proper operation. This paper investigates and proposes DS-NIZKP, a Zero Knowledge Proof (ZKP) is a protocol which enables one method for authenticating users using three factors party (the prover) to demonstrate knowledge of a certain secret (password, smart-card, and biometrics) based on the to another party (the verifier) without revealing any informa- Zero Knowledge Proof (ZKP) concept, so that no tion about the secret itself.A ZKP must satisfy three major re- sensitive information is revealed during a communi- quirements: completeness, soundness, and zero-knowledge. cation. The proposal makes use of the digital signa- Completeness means that a prover P can always successfully ture (DS) concept to verify the identity of the sender complete the proof for any valid input (i.e. the verifier ac- or signer within a single communication. Because cepts the prover’s claim). Soundness ensures that no mali- DS uses asymmetric encryption, a one-way hash of cious prover P can build a valid proof system (i.e., no prover the user’s identity is generated and signed with the can ever persuade the verifier if its claim is false). Zero- private key.Hashing prevents information about the knowledge ensures that no malicious verifier V can derive user from being revealed, whereas signing provides additional knowledge from the interaction (i.e. the verifier authentication, non-repudiation, and integrity. This cannot learn anything other than the fact). approach not only saves time by requiring only a sin- ZKP algorithms are classified into two types: gle message between the prover and the verifier, but it also protects the user’s privacy in distributed systems. 1. Interactive ZKPs: Interactive ZKP algorithms involve a series of mathematical challenges which the receiving 1 Introduction party must satisfy, which implies a very high communi- cation cost. A distributed system is a group of autonomous computer sys- tems that are physically separated but linked by a centralised 2. Non-Interactive ZKPs: Non-Interactive ZKP algorithms computer network that is outfitted with distributed system do not involve any interaction between the parties in- software. The autonomous computers will communicate with volved, or the verification process occurs at a later stage. one another by sharing resources and files and carrying out This necessitates the use of more computing resources. the tasks that have been assigned to them.One of the most Only one message is required to verify the user’s identity. critical issues in distributed systems is security. When data is spread across multiple networks or information is transferred In this project, node authentication is carried out using an over public networks, it becomes vulnerable to attacks.. Au- NIZKP-based approach and a digital signature known as DS- thentication of local and remote entities in the system is a NIZKP.This method makes use of a digital signature with a critical concern when developing a secure distributed system. hash function to provide zero knowledge authentication of Authentication is a process in which a node (or user) provides both the sender and the message. some form of proof of his identity in order to access the sys- tem where he had previously registered for an account. This 3 Digital signature entails demonstrating that he is the same user who created the A digital signature is an authentication mechanism that allows account. Authentication is simply identification plus verifi- the message’s creator to attach a code that serves as a signature. cation. A proof of identity can be any piece of information Typically, the signature is created by taking the message’s hash accepted by an authentication server: something users own, and encrypting it with the creator’s private key. Asymmetric something they know, or something they are. It is also critical encryption is used in digital signatures, which typically consist that no authentication information leaks while authenticating of three algorithms: a user in order to prevent a third party from impersonating the user.Zero knowledge protocols can be used to improve on 1. A key generation algorithm: generates private key and this. public key for a signer 2. A signing algorithm: Non-Interactive ZKP algorithms do 5.2.2 Stage 2: Generating user’s signature (Sign) not involve any interaction between the parties involved, Encrypting each hashed component of the identity above with or the verification process occurs at a later stage. This the user’s private key yields the user’s signature. This encryp- necessitates the use of more computing resources. Only tion ensures privacy, non-repudiation, and integrity. one message is required to verify the user’s identity. Sign = EPR (ID) = EPR (id1) where E is an encryption function and PR the user’s private key 3. A signature verifying algorithm: Given the message, After the signature has been generated, the pair user identity public key, and signature, receiving party either accepts and signature, (ID, sign) is sent to the server for verification. or rejects the message’s claim to authenticity. 5.3 Stage 3: Verification of user’s information 4 Hash Funtion Verification of user’s signature: The server decrypts Sign A hash function is a function that takes a variable-length using the user’s public key and verifies with the received ID message as input and converts it into a fixed-length output information . known as a hash value or message digest. A hash function’s Sign’ = DPU (Sign) = DPU (EPR(id1) ) primary goal is data integrity. Indeed, any change to any bit where D is a decryption function and PU the user’s public key in the message results in a change in the hash value with a high probability. Cryptographic hash function that has three 6 Security analysis main properties : the hash value is simple to compute for any given input message Finding two distinct messages with the The user generates, hashes, and signs its identity before sub- same hash value is impossible. It is impossible to reconstruct mitting it to the authentication server. The server validates a message from its hash value. The Secure Hash Algorithms the user by examining its signature. Each component of the (SHA) are a family of cryptographic hash functions which are obtained signature Sign’ must match those of the one received commonly used. Sign for the user to be valid. The user identity ID’s validity is clearly dependent on the validity of its signature Sign as 5 Proposed Approach well as the validity of each of its components . As a result, if the server is honest, it will easily detect the invalid identity. 5.1 Preliminaries As a result, the ZKP completeness and soudness property is The proposed scheme uses a password based authentication. satisfied. We generate a digital signature by hashing a message into a Before sending personal information to the server, DS-NIZKP short (fixed-length) string (via the SHA-1 algorithm) and then uses a cryptographic hash function to disguise it. Hash func- applying the RSA signature scheme to the resulting hash- tions have the property of making recovering a message from value. The signature is then formed by encrypting this hash its hash value impossible (one way functions; which means value with the sender’s private key. The message as well as they cannot be reversed). So the authentication server receives the signature are then sent. The message is received by the only the values required to individually prove the validity of recipient, who generates a hash value. The recipient also uses the user’s identity, but the user does not send any value to the the sender’s public key to decrypt the signature. server in order for the server to reveal the value of an identity. As a result, the protocol’s zero-knowledge property is satis- 5.1.1 RSA operation fied. RSA algorithm is a widely used asymmetric cryptography al- The SHA-1 family algorithms we chose are intended to pro- gorithm. vide unique properties such as resistance to collision, pre- Key generation: Select two large prime numbers (p and q) image, and second pre-image attacks. As a result, the pro- Determine n = p*q and z = (p-1)(q-1) Select a number e where posal is immune to common cryptographic operations-based 1 ¡e¡ z Determine d = e-1mod (p-1)(q-1) You can package a attacks (such as identity theft and Man in the Middle attacks), private key pair as (n,d) and public key pair as (n,e). because its security is supported by NIZKP and is based on Encryption/Decryption Function: After generating the digital signatures, current standard hashing, and encryption. keys, you pass the parameters to the functions that compute the ciphertext and plaintext using the appropriate key. 7 Conclusion If the plaintext is m, then the ciphertext = me mod n. If the ciphertext is c, the plaintext = cd mod n. DS-NIZKP just requires one factor for user authentication. Each user can self-generate a number of authorised identities 5.2 DS-NIZKP-based authentication to demonstrate his or her legal status when connecting with The proposed solution consists of 03 stages as described be- peer users, service providers, or other infrastructure thanks low. to the system’s non-interactive ZKP and homomorphic en- cryption design. Digital signatures have been used to apply 5.2.1 Stage 1: Building user’s identity (ID) the ZKP principle and safeguard user privacy. The proposed What the user knows yields id1. The identity is then hashed, method is more straightforward because there is only one mes- using a hash function, to obtain a digest of fixed size. Some- sage required, as opposed to the interaction between the prover thing user knows refers to password or PIN, social security and the verifier in normal ZKP systems. number, mother’s maiden name, pet’s name, a picture, etc References [1] DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distributed Systems ”International Journal of Computer Science and Information Security (IJCSIS)” Vol. 16, No. 6, June 2018
[2] Thomas Y .C. Woo and Simon S. Lam, Authentication
for Distributed Systems, In Internet Besieged: Countering Cyberspace Scofflaws. 1997. ACM Press and Addison- Wesley.