Remote data backup technology avoids the risk of data loss and tampering, and has higher security compared to local data backup solutions. However, the data transmission channel for remote data backup is not secure, and the backup server cannot be fully trusted, so users usually encrypt the data before uploading it to the remote server. As a result, how to protect this encryption key is crucial. We design a User-Centric Design (UCD) data backup scheme based on multi-factor authentication to protect this encryption key. Our scheme utilizes a secret sharing scheme to divide the encryption key into three parts, which are stored in the laptop, the smart card, and the server. The encryption key can be easily reconstructed from any two parts with user's private information password, identity and biometrics. As long as the biometrics has enough entropy, our scheme can resist replay attacks, impersonation user attacks, impersonation server attacks, malicious servers and offline password guessing attacks.
Read full abstract