Simple arithmetic enables faster and more secure access to websites

A new approach to website and database security may enable a faster and more secure user identification process for multimedia websites. A Boolean identification process will allow thousands of users, and possibly even millions of users, to more quickly access the content they are entitled to access, content such as music, video and images. The same approach may also reduce the risk of unauthorized users and hackers accessing information illegally.

The accepted identification method requires the remote user to send a username and password to the system he wishes to verify his identity. The system looks up the username in its local database, and if the password sent matches the stored password, the user is granted access to the system. The detection method assumes that there are no users with malicious intentions and that their local terminals are not infected with viruses.

Today these assumptions seem more and more naive. It cannot be assumed that all users have good intentions. Contemporary technology allows eavesdropping on operations carried out by means of wireless communication. Users with malicious intent and various software can obtain usernames and passwords and use them to gain illegal access to systems.

Now, Nikolaos Bardis of the University of Military Education in Vari, Greece, and colleagues there and at the Kyiv Polytechnic Institute, Ukraine, have developed an innovative approach to user identification that implements an advanced concept of zero-knowledge identification. The method is based on a collection of relatively simple mathematical functions, known as one-way Boolean operations, which are used to verify the user's identity instead of the encryption/decryption calculations accepted today. The team explains that initial tests show that their approach to a user identification algorithm may be hundreds and perhaps even thousands of times faster than conventional user identification methods. One of the important aspects of the method is that it will reduce the calculation requirements on the server side, and it will also increase the degree of security of the process.

"The degree of effectiveness of an information security algorithm is defined based on two factors: the level of security and the amount of computing resources necessary to implement the security functions" Bardis and his colleagues explain in the latest issue of the International Journal of Multimedia Intelligence and Security.

In principle, every information security algorithm is a mathematical problem based on an irreversible function. The encryption function is defined as a function applied to X that returns Y. Y=F(X). The function that is used is a complicated function that cannot find an inverse function, just as it is not possible to invert an operation of mixing colors. Asymmetric cryptographic algorithms (public key encryption algorithms) use this approach and are very common in browsers and in accessing many systems that contain a wide variety of data types. This identification method requires high computing capabilities and is a slow method by nature. The team points out that a Boolean function can be just as sophisticated but requires much less computing power and therefore can be much faster.

0-order user authentication methods provide the user with a special function that produces many, many different results for all possible input values. Choose a set of values ​​that give the same result. These values ​​are the user's passwords. A new user registers in the system by sending his function and the joint result to the system. The user verifies his identity for normal login to the system by coming up with one of the passwords and uses each password only once. The user sends the password at the beginning of each login. The system calculates the value of the function when the password is used as input to the function. If the value is equal to the shared result, then the authentication is successful and the user is granted access to the system. Someone trying to gain access to the system without the necessary knowledge (malicious user) will have to try all possible password combinations to arrive at the correct password.

Usually functions for encrypting passwords require calculating large numbers to the power of large numbers and dividing large numbers to find the remainder of the division. These operations cause normal processors to work slowly and when the system has many users they are a significant burden even on large systems. The proposed method uses a system of non-linear Boolean equations to generate the unique function. Boolean equations process binary data using simple logical operations on bits, operations that are relatively easy to perform with a computer. For example XOR (eXclusive OR) operation. The calculations are much simpler because it is much easier to calculate a logical expression than raising a 100-digit number to the power of a 10-digit number and dividing the result by another large number. The dialogue between the user side and the server side in the registration and verification operations is conducted as before. But the shared input and output values ​​are binary vectors.

"User identification based on zero knowledge solves the security problems by using passwords that change with each login and are not known to the system in advance. The system can only check the validity of passwords," explains team member Nicolas Doukas. "The proposed method has potential use in any system where malicious users have incentives to gain illegal access and perform actions they are not authorized to perform. The number of systems that fit this description increases rapidly with the increase in the value of information," he concludes.

Link to the researchers' original message

Nikolaos Bardis, Nikolaos Doukas, Oleksandr P. Markovskyi. Fast subscriber identification based on the zero knowledge principle for multimedia content distribution. International Journal of Multimedia Intelligence and Security, 2010; 1 (4): 363 DOI