Modular Design and Analysis Framework for Multi-Factor Authentication and Key Exchange
نویسندگان
چکیده
Multi-Factor Authentication (MFA), often coupled with Key Exchange (KE), offers very strong protection for secure communication and has been recommended by many major governmental and industrial bodies for use in highly sensitive applications. Instantiations of the MFA concept vary in practice and in the research literature and various efforts in designing secure MFA protocols have proven unsuccessful. We present a modular approach to the design and analysis of arbitrary MFAKE protocols, in form of an (α, β, γ)-MFAKE framework, that can accommodate multiple types and quantities of authentication factors, focusing on the three widely adopted categories that provide evidence of knowledge, possession, and physical presence. The framework comes with (i) a model for generalized MFAKE that implies some known flavors of singleand multi-factor Authenticated Key Exchange (AKE), and (ii) generic and modular constructions of secure MFAKE protocols that can be tailored to the needs of a particular application. Our generic (α, β, γ)-MFAKE protocol is based on the new notion of tag-based MFA that in turn implies tag-based versions of many existing single-factor authentication schemes. We show examples and discuss generic ways to obtain tag-based flavors of password-based, public key-based, and biometric-based authentication protocols. By combining multiple single-factor tag-based authentication-only protocols with a single run of an Unauthenticated Key Exchange (UKE) we construct (α, β, γ)-MFAKE that is in most cases superior to the black-box combination of single-factor AKE schemes.
منابع مشابه
A Modular Framework for Multi-Factor Authentication and Key Exchange
Multi-Factor Authentication (MFA), often coupled with Key Exchange (KE), offers very strong protection for secure communication and has been recommended by many major governmental and industrial bodies for use in highly sensitive applications. Over the past few years many companies started to offer various MFA services to their users and this trend is ongoing. The MFAKE protocol framework prese...
متن کاملA Lightweight Privacy-preserving Authenticated Key Exchange Scheme for Smart Grid Communications
Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Because of the complex design of s...
متن کاملProcess algebraic modeling of authentication protocols for analysis of parallel multi-session executions
Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...
متن کاملSecurity Analysis of Lightweight Authentication Scheme with Key Agreement using Wireless Sensor Network for Agricultural Monitoring System
Wireless sensor networks have many applications in the real world and have been developed in various environments. But the limitations of these networks, including the limitations on the energy and processing power of the sensors, have posed many challenges to researchers. One of the major challenges is the security of these networks, and in particular the issue of authentication in the wireles...
متن کاملKey Exchange with Unilateral Authentication: Composable Security Definition and Modular Protocol Design
Key exchange with unilateral authentication (short: unilateral key exchange) is an important primitive in practical security protocols; a prime example is the widely deployed TLS protocol, which is usually run in this mode. Unilateral key-exchange protocols are employed in a clientserver setting where only the server has a certified public key. The client is then authenticated by sending creden...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2012 شماره
صفحات -
تاریخ انتشار 2012