Skip to main content

A Modular Framework for Multi-Factor Authentication and Key Exchange

  • Conference paper
Security Standardisation Research (SSR 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8893))

Included in the following conference series:

Abstract

Multi-Factor Authentication (MFA), often coupled with Key Exchange (KE), offers very strong protection for secure communication and has been recommended by many major governmental and industrial bodies for use in highly sensitive applications. Over the past few years many companies started to offer various MFA services to their users and this trend is ongoing.

The MFAKE protocol framework presented in this paper offers à la carte design of multi-factor authentication and key exchange protocols by mixing multiple types and quantities of authentication factors in a secure way: MFAKE protocols designed using our framework can combine any subset of multiple low-entropy (one-time) passwords/PINs, high-entropy private/public keys, and biometric factors. This combination is obtained in a modular way from efficient single-factor password-based, public key-based, and biometric-based authentication-only protocols that can be executed in concurrent sessions and bound to a single session of an unauthenticated key exchange protocol to guarantee forward secrecy.

The modular approach used in the framework is particularly attractive for MFAKE solutions that require backward compatibility with existing single-factor authentication solutions or where new factors should be introduced gradually over some period of time. The framework is proven secure using the state-of-the art game-based security definitions where specifics of authentication factors such as dictionary attacks on passwords and imperfectness of the biometric matching processes are taken into account.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. PCI Data Security Standard, Ver.2 (2010), http://www.pcisecuritystandards.org/

  2. NIST Special Publication 800-63, Rev.1 (2011), http://csrc.nist.gov/publications/

  3. Abdalla, M., Chevassut, O., Pointcheval, D.: One-Time Verifier-Based Encrypted Key Exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-Based Authenticated Key Exchange in the Three-Party Setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Abdalla, M., Pointcheval, D.: Simple Password-Based Encrypted Key Exchange Protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191–208. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  6. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  7. Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  8. Benhamouda, F., Pointcheval, D.: Verifier-based password-authenticated key exchange: New models and constructions. Cryptology ePrint Archive, Report 2013/833 (2013), http://eprint.iacr.org/2013/833

  9. Blake-Wilson, S., Johnson, D., Menezes, A.: Key Agreement Protocols and Their Security Analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)

    Google Scholar 

  10. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure Remote Authentication Using Biometric Data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Brainard, J.G., Juels, A., Rivest, R.L., Szydlo, M., Yung, M.: Fourth-Factor Authentication: Somebody You Know. In: ACM CCS 2006, pp. 168–178. ACM (2006)

    Google Scholar 

  12. Bringer, J., Chabanne, H.: An Authentication Protocol with Encrypted Biometric Data. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 109–124. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Bringer, J., Chabanne, H., Izabachène, M., Pointcheval, D., Tang, Q., Zimmer, S.: An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 96–106. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  15. De Cristofaro, E., Manulis, M., Poettering, B.: Private Discovery of Common Social Contacts. International Journal of Information Security 12(1), 49–65 (2013)

    Article  Google Scholar 

  16. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  17. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  18. Federal Financial Institutions Examination Council. Authentication in an Internet Banking Environment (2005), http://www.ffiec.gov/pdf/authentication_guidance.pdf

  19. Fleischhacker, N., Manulis, M., Azodi, A.: A Modular Framework for Multi-Factor Authentication and Key Exchange. Cryptology ePrint Archive, Report 2012/181 (2012), http://eprint.iacr.org/2012/181.pdf (last updated in 2014)

  20. Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  21. Garcia, F.D., van Rossum, P., Verdult, R., Schreur, R.W.: Dismantling SecureMemory, CryptoMemory and CryptoRF. In: ACM CCS 2010, pp. 250–259. ACM (2010)

    Google Scholar 

  22. Gentry, C., MacKenzie, P.D., Ramzan, Z.: Password authenticated key exchange using hidden smooth subgroups. In: ACM CCS 2005, pp. 299–309. ACM (2005)

    Google Scholar 

  23. Gentry, C., MacKenzie, P.D., Ramzan, Z.: A Method for Making Password-Based Key Exchange Resilient to Server Compromise. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 142–159. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  24. Hao, F., Clarke, D.: Security Analysis of a Multi-factor Authenticated Key Exchange Protocol. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 1–11. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  25. Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: Generic Compilers for Authenticated Key Exchange. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 232–249. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  26. Kiefer, F., Manulis, M.: Zero-Knowledge Password Policy Checks and Verifier-Based PAKE. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part II. LNCS, vol. 8713, pp. 295–312. Springer, Heidelberg (2014)

    Google Scholar 

  27. LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger Security of Authenticated Key Exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  28. Lee, Y., Kim, S., Won, D.: Enhancement of Two-Factor Authenticated Key Exchange Protocols in Public Wireless LANs. Computers & Electrical Engineering 36(1), 213–223 (2010)

    Article  MATH  Google Scholar 

  29. Li, C.-T., Hwang, M.-S.: An Efficient Biometrics-Based Remote User Authentication Scheme Using Smart Cards. Journal of Network and Computer Applications 33(1), 1–5 (2010)

    Article  Google Scholar 

  30. Li, X., Niu, J.-W., Ma, J., Wang, W.-D., Liu, C.-L.: Cryptanalysis and Improvement of a Biometrics-Based Remote User Authentication Scheme Using Smart Cards. Journal of Network and Computer Applications 34(1), 73–79 (2011)

    Article  MATH  Google Scholar 

  31. Park, Y.M., Park, S.K.: Two Factor Authenticated Key Exchange (TAKE) Protocol in Public Wireless LANs. IEICE Transactions on Communications E87-B(5), 1382–1385 (2004)

    Google Scholar 

  32. Paterson, K.G., Stebila, D.: One-Time-Password-Authenticated Key Exchange. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 264–281. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  33. Pointcheval, D., Zimmer, S.: Multi-factor Authenticated Key Exchange. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 277–295. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  34. Song, R.: Advanced Smart Card Based Password Authentication Protocol. Computer Standards & Interfaces 32(5-6), 321–325 (2010)

    Article  Google Scholar 

  35. Stebila, D., Udupi, P., Chang, S.: Multi-Factor Password-Authenticated Key Exchange. In: Eighth Australasian Information Security Conference (AISC 2010), vol. 105, pp. 56–66 (2010)

    Google Scholar 

  36. Tapiador, J.E., Hernandez-Castro, J.C., Peris-Lopez, P., Clark, J.A.: Cryptanalysis of Song’s Advanced Smart Card Based Password Authentication Protocol. arXiv.org, Cryptography and Security (2011), http://arxiv.org/abs/1111.2744v1

  37. Wang, X., Zhang, W.: An Efficient and Secure Biometric Remote User Authentication Scheme Using Smart Cards. In: Pacific-Asia Workshop on Computational Intelligence and Industrial Application (PACIIA 2008), vol. 2, pp. 913–917. IEEE (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Fleischhacker, N., Manulis, M., Azodi, A. (2014). A Modular Framework for Multi-Factor Authentication and Key Exchange. In: Chen, L., Mitchell, C. (eds) Security Standardisation Research. SSR 2014. Lecture Notes in Computer Science, vol 8893. Springer, Cham. https://doi.org/10.1007/978-3-319-14054-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-14054-4_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-14053-7

  • Online ISBN: 978-3-319-14054-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics