A Modular Framework for Multi-Factor Authentication and Key Exchange

  • Nils Fleischhacker
  • Mark Manulis
  • Amir Azodi
Conference paper

DOI: 10.1007/978-3-319-14054-4_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8893)
Cite this paper as:
Fleischhacker N., Manulis M., Azodi A. (2014) A Modular Framework for Multi-Factor Authentication and Key Exchange. In: Chen L., Mitchell C. (eds) Security Standardisation Research. SSR 2014. Lecture Notes in Computer Science, vol 8893. Springer, Cham


Multi-Factor Authentication (MFA), often coupled with Key Exchange (KE), offers very strong protection for secure communication and has been recommended by many major governmental and industrial bodies for use in highly sensitive applications. Over the past few years many companies started to offer various MFA services to their users and this trend is ongoing.

The MFAKE protocol framework presented in this paper offers à la carte design of multi-factor authentication and key exchange protocols by mixing multiple types and quantities of authentication factors in a secure way: MFAKE protocols designed using our framework can combine any subset of multiple low-entropy (one-time) passwords/PINs, high-entropy private/public keys, and biometric factors. This combination is obtained in a modular way from efficient single-factor password-based, public key-based, and biometric-based authentication-only protocols that can be executed in concurrent sessions and bound to a single session of an unauthenticated key exchange protocol to guarantee forward secrecy.

The modular approach used in the framework is particularly attractive for MFAKE solutions that require backward compatibility with existing single-factor authentication solutions or where new factors should be introduced gradually over some period of time. The framework is proven secure using the state-of-the art game-based security definitions where specifics of authentication factors such as dictionary attacks on passwords and imperfectness of the biometric matching processes are taken into account.


two-factor multi-factor authentication tag-based authentication key exchange framework modular design 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Nils Fleischhacker
    • 1
  • Mark Manulis
    • 2
  • Amir Azodi
    • 3
  1. 1.Saarland UniversityGermany
  2. 2.Surrey Centre for Cyber SecurityUniversity of SurreyUK
  3. 3.Hasso Plattner InstituteGermany

Personalised recommendations