Security Analysis of a Multi-factor Authenticated Key Exchange Protocol
This paper shows several security weaknesses of a Multi-Factor Authenticated Key Exchange (MK-AKE) protocol, proposed by Pointcheval and Zimmer at ACNS’08. The Pointcheval-Zimmer scheme was designed to combine three authentication factors in one system, including a password, a secure token (that stores a private key) and biometrics. In a formal model, Pointcheval and Zimmer formally proved that an attacker had to break all three factors to win. However, the formal model only considers the threat that an attacker may impersonate the client; it however does not discuss what will happen if the attacker impersonates the server. We fill the gap by analyzing the case of the server impersonation, which is a realistic threat in practice. We assume that an attacker has already compromised the password, and we then present two further attacks: in the first attack, an attacker is able to steal a fresh biometric sample from the victim without being noticed; in the second attack, he can discover the victim’s private key based on the Chinese Remainder theorem. Both attacks have been experimentally verified. In summary, an attacker actually only needs to compromise a single password factor in order to break the entire system. We also discuss the deficiencies in the Pointcheval-Zimmer formal model and countermeasures to our attacks.
KeywordsSmart Card Authentication Scheme Chinese Remainder Theorem Fuzzy Extractor Iris Code
Unable to display preview. Download preview PDF.
- 1.Anderson, R.J., Needham, R.: Robustness Principles for Public Key Protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995)Google Scholar
- 2.Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley (2008)Google Scholar
- 3.Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure Remote Authentication Using Biometric Data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005); Lee, J.K., Ryu, S.R.: Fingerprint-based Remote User Authentication Scheme Using Smart Cards. Electronics Leters 38(12), 554–555 (2005)CrossRefGoogle Scholar
- 4.Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer (2003)Google Scholar
- 5.Boyen, X.: Reusable Cryptographic Fuzzy Extractors. In: ACM CCS 2004, pp. 82–91 (2004)Google Scholar
- 9.Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
- 10.Hwang, M., Chong, S., Chen, T.: DoS-Resistant ID-Based Password Authentication Scheme Using Smart Cards. Computer Journal of Systems and Software 7(50), 147–150 (2009)Google Scholar
- 16.Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996)Google Scholar
- 20.Tapiador, J.E., Hernandez-Castro, J.C., Peris-Lopez, P., Clark, J.A.: Cryptanalysis of Song’s Advanced Smart Card Based Password Authentication Protocol (2011), Technical report available at http://arxiv.org/pdf/1111.2744
- 21.Wu, S., Zhu, Y.: Improved Two-Factor Authenticated Key Exchange Protocol. The International Arab Journal of Information Technology 8(4), 430–439 (2011)Google Scholar