Abstract
In this paper, we study on how to construct an authenticated key exchange protocol in a device based authentication setting where an user who has a ${\textsf {PUF}}$ -based device and its multi-factor authenticators desires to mutually authenticate a server. Generally, in a secure multi-factor authentication schemes, any adversary cannot impersonates a valid users unless $\mathcal {A}$ fully corrupts all multi-factor authenticators. However, in recent ${\textsf {PUF}}$ -based device authenticated key exchange schemes, we observe a new impersonation attack that any adversary with only ${\textsf {PUF}}$ ’s output is always able to impersonate any user. We first analyze how recent schemes are vulnerable against the new attack. Then we build a secure ${\textsf {PUF}}$ -based device authenticated key exchange ( ${\textsf {PDAKE}}$ ) with provable result. Since in our ${\textsf {PDAE}}$ , user’s device is an important authenticator, it is well applicable to establish a secure channel in multi-factor based ${\textsf {FIDO}}$ (fast identification online) or cloud setting service like storage and e-mail services.
Highlights
An authenticated key exchange (AKE) allows two participants to agree on a session key with mutual authentication
In order to make a secure channel over public networks, a secure agreement of a session key should be efficiently made between participants
We focus on an authenticated key exchange protocol in a device based authentication setting where an user has a physical unclonable function (PUF)-based device and its multi-factor authenticators desire to mutually authenticate a server
Summary
An authenticated key exchange (AKE) allows two participants to agree on a session key with mutual authentication. We reanalyze the security of PUF-based multi-factor authenticated key exchange (PMAKE) protocols in aspect of a new compromise attack. We assume that each user is equipped with each PUF-embedded device that takes multi-factor authenticators as input and outputs a secret s. In a secure multi-factor authenticated key exchange (MAKE) schemes, any adversary A cannot impersonate a valid users unless A corrupts all multi-factor authenticators such as password, biometrics, long-term secret. We demonstrate that some PMAKE protocols allows any adversary to impersonate a specific user just by using a PUF’s output secret s To handle this new issue, we build a secure PUF-based device authentication and key exchange (PDAKE) that only users who necessarily equip multi-factor authenticators, password (pwd), long-term secret (ks), biometric secret (kb) and a device Dipuf (·) can pass an user authentication by a server.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
