Mutual zero-knowledge authentication based on virtual passwords per session (MAVPS)

Currently, web applications have become more relevant to citizens' privacy. The heightened security in this public space is not yet assured which always creates problems of mutual trust and validity of information. In fact, the majority of web applications are insecure, despite the widespread u...

Full description

Saved in:
Bibliographic Details
Main Authors: Asimi, Younes, Amghar, Abdellah, Asimi, Ahmed, Sadqi, Yassine
Format: Conference Proceeding
Language:English
Subjects:
Browsers
Complexity theory
Cryptography
Lead
Mutual authentication
Nickel
Private data exchanged
Secure communication channel and Attacks
Servers
Virtual password per session
Web applications
Zero-knowledge users' identification
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Currently, web applications have become more relevant to citizens' privacy. The heightened security in this public space is not yet assured which always creates problems of mutual trust and validity of information. In fact, the majority of web applications are insecure, despite the widespread usage of SSL protocol ([13], [18]), which is, recently, the only protocol for securing the communication between the client and server. The objective of this paper is to propose a new mutual authentication system based on virtual passwords per session (MAVPS), as an alternative of SSL protocol. The aim is to introduce an authentication system able to the zero knowledge users' identification ensuring untraceability, portability, unpredictability, integrity and reusability of their authentication settings. The users' authentication is founded on the symmetric encryption by a virtual password regenerated in each session. The interest is to assure the integrity and the confidentiality of the private data exchanged between the client and server. This strengthen authentication process aims to create a secure communication channel able to protect our system against any information leak and to supply better defense against the various types of attacks.
DOI:10.1109/ICoCS.2014.7060878