University of Houston

In recent years, we have been witnessing an architectural shift of applications towards inclusion of web services. In this thesis, the focus is on integrating a new method of authentication in web services which is capable of adding an additional (optional) security layer above the existing authentication technologies. The authentication technology used is a zero knowledge protocol which works between two interactive web services.  The goal of Zero knowledge proof is that prover should prove to the verifier that he knows some information without revealing anything about the information itself.

We designed a simple zero knowledge proof protocol, based on SPEKE, between two web services. SPEKE, one of the older and familiar protocols in the area of zero knowledge proof, provides authentication and thereby establishes shared key between two parties over an insecure communication channel. Our protocol allows multiple clients to request zero knowledge proof to a service. A performance review of the protocol is provided based on various factors which can affect its execution time.