Abstract
Smart-card based password authentication has been the most widely used two-factor authentication (2FA) mechanism for security-critical applications (e.g., e-Health, smart grid and e-Commerce) in the past decades, and it is likely to hold its status in the foreseeable future. Hundreds of this type of 2FA schemes have been proposed, yet to our knowledge, most of them are built on the intractability of conventional hard problems (e.g., discrete logarithm problems and integer factoring problems) which are no longer hard in the quantum era. With the recent advancements in quantum computing, the design of secure and efficient smart-card based password authentication schemes against quantum attacks is becoming increasingly urgent. However, it is not as simple as it seems, <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">how to design such a quantum-resistant 2FA scheme is challenging due to the demanding security requirements and the resource-constrained nature of mobile devices</i> . In this work, we take the first step towards this issue by proposing Quantum2FA, a practical quantum-resistant smart-card-based password authentication scheme that employs Alkim <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</i> ’s lattice-based key exchange and Wang-Wang’s “fuzzy-verifier + honeywords” technique (IEEE TDSC’18). Particularly, Quantum2FA can thwart the newly revealed key-reuse attack (ACISP’18, CT-RSA’19) against lattice-based key exchange schemes in two aspects: signal leakage attacks and key mismatch attacks. Specifically, it restricts the necessary conditions (i.e., the attacker must be the initiator of the key exchange) for an adversary to analyze the signal; It introduces honeywords to detect the key mismatches between the smart card and the server, and thus smart card loss attack can be thwarted. We formally prove the security of Quantum2FA under the random oracle model and demonstrate its efficiency through experiments on a 32 MHz 8-bit AVR Embedded Processor. Comparison results show that Quantum2FA is not only more secure but also offers better computation efficiency than the state-of-the-art conventional 2FA schemes.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: IEEE Transactions on Dependable and Secure Computing
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.