Strong Zero-Knowledge Authentication Based on the Session Keys (SASK)

Abstract

In this article, we propose a new symmetric communication system secured, founded upon strong zero knowledge authentication protocol based on session keys (SASK). The users’ authentication is done in two steps: the first is to regenerate a virtual password, and to assure the integrity and the confidentiality of nonces exchanged thanks to the symmetric encryption by a virtual password. The second is to calculate a session key shared between the client and the web server to insure the symmetric encryption by this session key. This passage allows to strengthen the process of users’ authentication, also, to evolve the process of update and to supply a secure communication channel. This evolution aims at implementing an authentication protocol with session keys able to verify the users’ identity, to create a secure communication channel, and to supply better cyber-defense against the various types of attacks.