Scalable Two-Factor Authentication Using Historical Data

  • Aldar C.-F. Chan
  • Jun Wen Wong
  • Jianying Zhou
  • Joseph Teo
Conference paper

DOI: 10.1007/978-3-319-45744-4_5

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9878)
Cite this paper as:
Chan A.CF., Wong J.W., Zhou J., Teo J. (2016) Scalable Two-Factor Authentication Using Historical Data. In: Askoxylakis I., Ioannidis S., Katsikas S., Meadows C. (eds) Computer Security – ESORICS 2016. ESORICS 2016. Lecture Notes in Computer Science, vol 9878. Springer, Cham

Abstract

Two-factor authentication is increasingly demanded in the Internet of Things (IoT), especially those deployed in the critical infrastructure. However, resource and operational constraints of typical IoT devices are the key impediment, especially when the IoT device acts as a verifier. This paper proposes a novel authentication factor (namely, historical data) which, when combined with the conventional first authentication factor (a secret key), results in a scalable, lightweight two-factor entity authentication protocol for use in the IoT. In the new authentication factor, the data exchanged between a verifier and a prover is used as the secret information for the verifier to prove his identity to the verifier. Practically, the verifier needs all the historical data to prove his identity. Yet, through an innovative use of the proof of retrievability, the verifier only needs a constant storage regardless of the size of the historical data. Leveraging on the data retrieval and searching capability of contemporary big data technologies, the proposed authentication factor can achieve realtime, fault-tolerant verification. The use of historical data as an authentication factor has a very interesting leakage-resilience property. Besides, the proposed scheme demonstrates a tradeoff between security and computational overhead, and such scalability particularly suits the IoT, with devices of diverse capabilities.

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Aldar C.-F. Chan
    • 1
  • Jun Wen Wong
    • 2
  • Jianying Zhou
    • 2
  • Joseph Teo
    • 3
  1. 1.Hong Kong R&D Centre for LSCM Enabling TechnologiesHong KongChina
  2. 2.Institute for Infocomm Research, A*STARSingaporeSingapore
  3. 3.CSITSingaporeSingapore

Personalised recommendations