Advertisement

Towards a Two Factor Authentication Method Using Zero-Knowledge Protocol in Online Banking Services

  • Manish SinghEmail author
  • Yichen HanEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 931)

Abstract

The main objective of our work is to explore the applicability of cryptographic authentication techniques in two factor/step authentication techniques for online banking systems. In particular, we are investigating zero-knowledge protocol as the second step authentication in the aforementioned systems. Many of the existing two-factor authentication schemes involves the third party in their authentication scheme and/or send user information such as passwords over the network. We have proposed a model which utilizes zero-knowledge proof for second step authentication. The proposed system does not involve the third party or require user passwords to be sent over the network. We also have analyzed and discussed some of the security aspects such as key logging, shoulder surfing and eavesdropping which existing one-factor username password-based systems are not immune to.

Keywords

Zero-knowledge proof Two-factor authentication Online banking 

References

  1. 1.
    Sottek, T.C., Kopfstein, J.: Everything you need to know about PRISM. https://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet. Accessed 17 July 2013
  2. 2.
    Tamimi, A.A., Al-Allaf, O.N.A., Alia, M.A.: Cryptography based authentication methods. In: Proceedings of the World Congress on Engineering and Computer Science, pp. 199–204 (2014)Google Scholar
  3. 3.
  4. 4.
    Fiat, A., Shamir, A., Feige, U.: Zero-knowledge proofs of identity. J. Cryptol. 1, 77–94 (1988)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Christie, S.: FRIDAY AFTERNOON FRAUD How hackers can pose as your email contacts to take your cash… and the banks will NOT refund you. The Sun. https://www.thesun.co.uk/living/2699976/how-criminals-can-hack-into-emails-and-trick-you-into-transferring-cash-and-banks-have-no-way-to-stop-it/. Accessed 25 Jan 2017
  6. 6.
    Touryalai, H.: World’s 100 Biggest Banks: China’s ICBC #1, No U.S. Banks in Top 5. https://www.forbes.com/sites/halahtouryalai/2014/02/12/worlds-100-biggest-banks-chinas-icbc-1-no-u-s-banks-in-top-5/#1c75f0ce22ab. Accessed 12 Feb 2014
  7. 7.
  8. 8.
    Tierney, S.: Wire Transfers: What Banks Charge. https://www.nerdwallet.com/blog/banking/wire-transfers-what-banks-charge/. Accessed 8 Sept 2017
  9. 9.
    real banks: Banks around the World (2017). https://www.relbanks.com/oceania/new-zealand/anz-new-zealand
  10. 10.
  11. 11.
  12. 12.
  13. 13.
  14. 14.
  15. 15.
    Micali, S., Rackof, C., Goldwasser, S.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 186–208 (1989)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Goldreich, O., Lindell, Y.: Session-key generation using human passwords only. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 408–432. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_24CrossRefGoogle Scholar
  17. 17.
    Nyguyen, Q., Rudoy, M., Srinivasan, A.: Two factor zero knowledge proof authentication system. (n.d.) (2014)Google Scholar
  18. 18.
    Datta, N.: Zero knowledge password authentication protocol. In: Patnaik, S., Tripathy, P., Naik, S. (eds.) New Paradigms in Internet Computing. Advances in Intelligent Systems and Computing, vol. 203, pp. 71–79. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-35461-8_7Google Scholar
  19. 19.
    Chaum, D., Evertse, J.-H., van de Graaf, J., Peralta, R.: Demonstrating possession of a discrete logarithm without revealing it. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 200–212. Springer, Heidelberg (1987).  https://doi.org/10.1007/3-540-47721-7_14CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Wellington Institute of TechnologyLower HuttNew Zealand

Personalised recommendations