SeDiCi: An authentication service taking advantage of zero-knowledge proofs

Abstract

Transmission of users' profiles over insecure communication means is a crucial task of today's ecommerce applications. In addition, the users have to createmany profiles and remember many credentials. Thus they retype the same information over and over again. Each time the users type their credentials, they expose them to phishing or eavesdropping attempts.These problems could be solved by using Single Sign-on (SSO). The idea of SSO is that the users keep using the same set of credentials when visiting different websites. For web-aplications, OpenID1. is the most prominent solution that partially impelemtns SSO. However, OpenID is prone to phishing attempts and it does not preserve users' privacy [1]. To address phishing and eavesdropping, we developed SeDiCi, a secure SSO. This technology takes advantage of Zero-Knowledge Proof (ZKP) authentication that is based on our previous work [2]. The technology also supports RESTbased API that enables taking advantage of the service by mobile phones, webapplications and other client applications. To provide interoperability with other systems, SeDiCi stores data using semantic web standards such as FOAF. Thus, the users are able to use their profiles and social networks from other services. © 2010 Springer-Verlag Berlin Heidelberg.