Mutual zero-knowledge authentication based on virtual passwords per session (MAVPS)

Currently, web applications have become more relevant to citizens´ privacy. The heightened security in this public space is not yet assured which always creates problems of mutual trust and validity of information. In fact, the majority of web applications are insecure, despite the widespread usage of SSL protocol ([13], [18]), which is, recently, the only protocol for securing the communication between the client and server. The objective of this paper is to propose a new mutual authentication system based on virtual passwords per session (MAVPS), as an alternative of SSL protocol. The aim is to introduce an authentication system able to the zero knowledge users´ identification ensuring untraceability, portability, unpredictability, integrity and reusability of their authentication settings. The users´ authentication is founded on the symmetric encryption by a virtual password regenerated in each session. The interest is to assure the integrity and the confidentiality of the private data exchanged between the client and server. This strengthen authentication process aims to create a secure communication channel able to protect our system against any information leak and to supply better defense against the various types of attacks.