Guillou-Quisquater Guillou-quisquater protocol for user authentication based on zero knowledge proofProtocol for User Authentication based on Zero Knowledge Proof

Kevin Kusnardi, Dennis Gunawan

Abstract


Authentication is the act of confirming the validity of someone’s personal data. In the traditional authentication system, username and password are sent to the server for verification. However, this scheme is not secure, because the password can be sniffed. In addition, the server will keep the user’s password for the authentication. This makes the system vulnerable when the database server is hacked. Zero knowledge authentication allows server to authenticate user without knowing the user’s password. In this research, this scheme was implemented with Guillou-Quisquater protocol. Two login mechanisms were used: file-based certificate with key and local storage. Testing phase was carried out based on the Open Web Application Security Project (OWASP) penetration testing scheme. Furthermore, penetration testing was also performed by an expert based on Acunetix report. Three potential vulnerabilities were found and risk estimation was calculated. According to OWASP risk rating, these vulnerabilities were at the medium level.

Keywords


cryptography; guillou-quisquater; security; user authentication; zero knowledge proof



DOI: http://dx.doi.org/10.12928/telkomnika.v17i2.11754

Refbacks

  • There are currently no refbacks.


Copyright (c) 2018 Universitas Ahmad Dahlan

TELKOMNIKA Telecommunication, Computing, Electronics and Control
ISSN: 1693-6930, e-ISSN: 2302-9293
Universitas Ahmad Dahlan, 4th Campus, 9th Floor, LPPI Room
Jl. Ringroad Selatan, Kragilan, Tamanan, Banguntapan, Bantul, Yogyakarta, Indonesia 55191
Phone: +62 (274) 563515, 511830, 379418, 371120 ext. 4902, Fax: +62 274 564604

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

View TELKOMNIKA Stats