Abstract
Transmission of users’ profiles over insecure communication means is a crucial task of today’s ecommerce applications. In addition, the users have to createmany profiles and remember many credentials. Thus they retype the same information over and over again. Each time the users type their credentials, they expose them to phishing or eavesdropping attempts.These problems could be solved by using Single Sign-on (SSO). The idea of SSO is that the users keep using the same set of credentials when visiting different websites. For web-aplications, OpenID1. is the most prominent solution that partially impelemtns SSO. However, OpenID is prone to phishing attempts and it does not preserve users’ privacy [1].
To address phishing and eavesdropping, we developed SeDiCi, a secure SSO. This technology takes advantage of Zero-Knowledge Proof (ZKP) authentication that is based on our previous work [2]. The technology also supports RESTbased API that enables taking advantage of the service by mobile phones, webapplications and other client applications. To provide interoperability with other systems, SeDiCi stores data using semantic web standards such as FOAF. Thus, the users are able to use their profiles and social networks from other services.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adida, B.: Beamauth: two-factor web authentication with a bookmark. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 48–57. ACM, New York (2007)
Grzonkowski, S., Zaremba, W., Zaremba, M., McDaniel, B.: Extending web applications with a lightweight zero knowledge proof authentication. In: CSTST 2008: Proceedings of the 5th International Conference on Soft Computing as Transdisciplinary Science and Technology, pp. 65–70. ACM, New York (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Grzonkowski, S. (2010). SeDiCi: An Authentication Service Taking Advantage of Zero-Knowledge Proofs. In: Sion, R. (eds) Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14577-3_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-14577-3_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14576-6
Online ISBN: 978-3-642-14577-3
eBook Packages: Computer ScienceComputer Science (R0)