Token Based Authentication and Authorization with Zero-Knowledge Proofs for Enhancing Web API Security and Privacy

Author

Michael Lodder

Date of Award

Spring 1-2023

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Operations (PhDCO)

Department

Computer Science

First Advisor

Michael Ham

Second Advisor

Austin O'Brien

Third Advisor

Stephen Kresbach

Abstract

This design science study showcases an innovative artifact that utilizes Zero-Knowledge Proofs for API Authentication and Authorization. A comprehensive examination of existing literature and technology is conducted to evaluate the effectiveness of this alternative approach. The study reveals that existing APIs are using slower techniques that don’t scale, can’t take advantage of newer hardware, and have been unable to adequately address current security issues. In contrast, the novel technique presented in this study performs better, is more resilient in privacy sensitive and security settings, and is easy to implement and deploy. Additionally, this study identifies potential avenues for further research that could help advance the field of Web API development in terms of security, privacy, and simplicity.

Recommended Citation

Lodder, Michael, "Token Based Authentication and Authorization with Zero-Knowledge Proofs for Enhancing Web API Security and Privacy" (2023). Masters Theses & Doctoral Dissertations. 425.
https://scholar.dsu.edu/theses/425