Challenge Response Protocol Based Authentication with Blockchains

Miyuru Dayarathna
Apr 17 · 6 min read

1. Introduction

Challenge-response protocol (also known as Zero-Knowledge Proof) is a fundamental operation for block chain based applications which enables the external parties to gain access to the application. This approach is based on asymmetric key encryption. This article explains our experience of implementing Challenge-response protocol based authentication for a Ballerina application based on Blockchain technology.

2. Challenge-response Protocol

Challenge-response protocol is based on the concept of challenging an entity which is trying to access the services of a system to prove itself first using a known fact about that entity. Here we use the symmetric key encryption technique as a means of implementing the challenge-response protocol. The entity which requires to access the services first needs to generate a public/private key pair and register the public key with the service in advance. The service leverages the fact that any information encrypted by using a public key can only be decrypted by using the corresponding private key. Hence whenever an entity tries to gain access to the service, it gets challenged to decrypt some encrypted text using entity’s private key to verify its identity. Next, we will provide brief overviews to Ballerina and Blockchain technologies which are the key underlying technologies of our application.

3. Technology Overview

We developed the challenge-response protocol application with Ballerina and Blockchain technologies.

3.1 Ballerina

Ballerina is a compiled, transactional, statically and strongly typed programming language with textual and graphical syntaxes. Ballerina embeds fundamental concepts of distributed system integration into the programming language. Ballerina offers a type safe, concurrent environment to implement microservices with distributed transactions, reliable messaging, stream processing, and workflows. The use case scenario described in this article can be considered as a software integration scenario hence Ballerina matches well for this application.

3.2 Blockchain

Blockchain is a distributed ledger technology with some special features. Blockchain is a linked list (i.e., a chain) of blocks. A block is a group of ordered transactions. Blockchain is the technology which enables moving digital assets/coins from one individual to another. Blockchain was intended to solve the problem of money transfer. It is based on three concepts,

Although blockchains has become popular due to its association with digital currencies, in recent times multiple different applications of blockchain has emerged in the IT industry. Applications that run on custom built Blockchains are called smart contracts and they run exactly as programmed without any possibility of downtime, censorship, fraud or third-party interference. Ethereum is a decentralized platform that runs smart contracts.

Next, we will describe an example use case where Challenge-response protocol has been applied.

4. Application Use Case

Challenge-response protocol has versatile applications. The scenario which we implement and present in this article is a group chat application. The chat application is accessible by a group of users who have registered their public key with the blockchain. If a user gains access to the chat application, the user is able to post messages to the group chat interface. The messages get broadcasted to all the subscribed users in the group chat. User could post any amount of messages to the chat application and logout from the system anytime he/she wishes. However, their conversions will be left in the group chat. Hence, if the user logs back in few moments after logout he/she will be able to see the messages that got posted in the earlier session. If the authentication attempt was not successful, the user will get directed to an error message page.

5. Implementation

The processing flow associated with the application can be shown as shown in Figure 1. We designed the application as an interaction between a web browser, Ballerina service, and Ethereum Blockchain. Ballerina service functions as a web server. Whenever the user tries to access the chat application, he gets directed to the user login page of the Ballerina chat application (See Figure 1).

Figure 1: Blockchain based chat application’s login page

Figure 1: Blockchain based chat application’s login page

Once the User Login page gets loaded,the user who wants to login to the chat application submits his/her email address and the private key to the browser which does the communication with the Ballerina service. The sequence diagram for this process is shown in Figure 2.

Figure 2: Process flow of challenge-response protocol of the chat application

Note that even though the user submits his/her private key to the browser the private key is not sent outside from the browser and it is used only within the Javascript based encryption algorithms that are running within the browser.

User’s email address is sent to Ballerina service which looks up the corresponding hash of the public key from the blockchain. We use the Smart Contract shown in Listing 1 for storing the hash of the user’s public key within the blockchain.

Listing 1: Smart contract for storing and retrieving the hash codes of the public keys of the users

pragma solidity ^0.4.22;contract registry {string private miyurudatwso2dotcomHash;string private isurupatwso2dotcomHash;string private nadheeshatwso2dotcomHash;function setmiyurudatwso2dotcom(string x) public {miyurudatwso2dotcomHash = x;}function getmiyurudatwso2dotcom() public view returns (string) {return miyurudatwso2dotcomHash;}function setisurupatwso2dotcom(string x) public {isurupatwso2dotcomHash = x;}function getisurupatwso2dotcom() public view returns (string) {return isurupatwso2dotcomHash;}function setnadheeshatwso2dotcom(string x) public {nadheeshatwso2dotcomHash = x;}function getnadheeshatwso2dotcom() public view returns (string) {return nadheeshatwso2dotcomHash;}}

We compiled the smart contract using remix IDE, obtained the Javascript version of the application, and deployed it in an Ethereum blockchain. Next, we set the SHA-1 hash codes of the public keys in the blockchain using the setter operations of the smart contract. These hash values are accessed via the getter operations. Note that we assume the SHA-1 behaves like a “random oracle” which basically returns random values, with the condition that once it has returned output A on input B, it must always thereafter return A on input B.

When the user clicks on the submit button of the login page, the user’s email address is transferred to the Ballerina service which uses that value for executing the corresponding getter operation for obtaining the hash values of the public key.

Figure 3: The group chat interface

The hash value is used to fetch the public key which is stored on the local disk of the computer where the Ballerina service is running. The public keys of each user are stored in text files which are named using the SHA-1 hash codes generated using them. Next, Ballerina service generates a random string and encrypts it with the public key of the user and sends it back to the browser. If the browser was able to decrypt the encrypted text, Ballerina service directs the browser to the homepage of the chat group (shown in Figure 3). Ballerina service also maintains the user session in a map until when the user logs out from the application by clicking the Logout button.

The complete source code of our application is accessible from GitHub.

6. Summary

In this article we described how we implemented a challenge-response protocol on top of a Ballerina application using blockchain technology. The application we developed is a group chat application and it demonstrates how such challenge-response protocol be implemented with smart contracts. This application demonstrates “login” which is one of the core operations of decentralized applications. We currently investigate on the implementation of other similar core operations of decentralized applications.

Miyuru Dayarathna

Written by

Senior Technical Lead at WSO2. A computer scientist with multiple research interests and contributions in stream computing, graph data processing, etc.