Secure Two-factor Authentication Research Articles

A Secure Two-Factor Authentication Key Exchange Scheme

A Secure Two-Factor Authentication Key Exchange Scheme

A Provably Secure and Lightweight Two-Factor Authentication Protocol for Wireless Sensor Network

Wireless Sensor Networks (WSNs) are rapidly being integrated into various fields, significantly impacting and facilitating many aspects of human life. However, the increasingly prominent security issues associated with WSNs have become a significant challenge. This paper provides an in-depth analysis of the security challenges faced by WSNs in resource constrained and open communication environments. As a key component of the Internet of Things (IoT), a WSN can perceive, collect and transmit physical environmental data in real-time, and is widely used in military, medical, agricultural and other fields. However, the insecurity of communication channels and unauthorized user access pose severe threats to network security and data integrity. To address these challenges, this paper proposes a provably secure two-factor authentication protocol. This protocol utilizes a Chebyshev chaotic map and a two-factor authentication mechanism, which not only enhances security in WSNs but also improves authentication efficiency. The protocol is validated through security proof and performance experiments, demonstrating excellent security, functionality and efficiency. This provides strong support for secure and efficient communication in WSNs across various application scenarios.

A Lightweight, Secure Big Data-Based Authentication and Key-Agreement Scheme for IoT with Revocability

With the rapid development of Internet of Things (IoT), designing a secure two-factor authentication scheme for IoT is becoming increasingly demanding. Two-factor protocols are deployed to achieve a higher security level than single-factor protocols. Given the resource constraints of IoT devices, other factors such as biometrics are ruled out as additional authentication factors due to their large overhead. Smart cards are also prone to side-channel attacks. Therefore, historical big data have gained interest recently as a novel authentication factor in IoT. In this paper, we show that existing big data-based schemes fail to achieve their claimed security properties such as perfect forward secrecy (PFS), key compromise impersonation (KCI) resilience, and server compromise impersonation (SCI) resilience. Assuming a real strong attacker rather than a weak one, we show that previous schemes not only fail to provide KCI and SCI but also do not provide real two-factor security and revocability and suffer inside attack. Then, we propose our novel scheme which can indeed provide real two-factor security, PFS, KCI, and inside attack resilience and revocability of the client. Furthermore, our performance analysis shows that our scheme has reduced modular exponentiation operation and multiplication for both the client and the server compared to Liu et al.’s scheme which reduces the execution time by one third for security levels of λ = 128 . Moreover, in order to cope with the potential threat of quantum computers, we suggest using lightweight XMSS signature schemes which provide the desired security properties with λ = 128 bit postquantum security. Finally, we prove the security of our proposed scheme formally using both the real-or-random model and the ProVerif analysis tool.

A Secure Two-factor Authentication Framework Based on Deep Learning

A Secure Two-factor Authentication Framework Based on Deep Learning

Design and Analysis of a Provable Secure Two-Factor Authentication Protocol for Internet of Things

Because sensor nodes are deployed in public areas, these sensors are easy to capture by adversaries. Once a sensor is stolen, the sensitive information stored in it is likely to be exposed. Accordingly, designing a secure authentication protocol should consider this issue. Sadri et al. recently proposed a two-factor authentication protocol with anonymity for wireless sensor networks. Unfortunately, we found that their protocol had a design flaw in the user and sensor authentication phase. Besides, their protocol can not resist stolen smart card attacks, sensor capture attacks, and user impersonation attacks. In addition, their protocol does not provide perfect forward security. This paper proposes a provably secure authentication to overcome these weaknesses and flaws. By comparing the security and performance of the proposed protocol with other related protocols, we find that our work has reasonable computation overhead and better security.

A Secure Two-Factor Authentication Scheme From Password-Protected Hardware Tokens

We investigate existing “password+hardware token”-based authentication schemes deployed in real-world applications and observe that they are vulnerable to critical threats. Specifically, a compromised manufacturer may issue a backdoored hardware token to a user and later recover the user’s secret, which is well known as backdoor attacks. Additionally, an authentication credential in these schemes consists of two parts: the one is derived from the password, the other one is derived from the hardware token. However, since the two parts are independent of each other, if an adversary can physically access the hardware token of a victim, he is able to break security of these schemes by performing dictionary-guessing attacks (DGA), which is called mislaying-then-DGA. In this paper, we design a non-interactively re-randomizable reverse firewall signature mechanism for securing hardware tokens, such that the user’s secret is well protected even if a backdoor is embedded. We also utilize a servers-aided password-based encryption mechanism to harden hardware tokens, so as to “seamlessly” integrate the two factors into one credential. Based on the above mechanisms, we develop a secure two-factor authentication scheme, dubbed ATTACH. We evaluate ATTACH in terms of security and efficiency to demonstrate it achieves a strong security guarantee with high efficiency.

Two-factor Password-authenticated Key Exchange with End-to-end Security

We present a secure two-factor authentication (TFA) scheme based on the user’s possession of a password and a crypto-capable device. Security is “end-to-end” in the sense that the attacker can attack all parts of the system, including all communication links and any subset of parties (servers, devices, client terminals), can learn users’ passwords, and perform active and passive attacks, online and offline. In all cases the scheme provides the highest attainable security bounds given the set of compromised components. Our solution builds a TFA scheme using any Device-enhanced Password-authenticated Key Exchange (PAKE), defined by Jarecki et al., and any Short Authenticated String (SAS) Message Authentication, defined by Vaudenay. We show an efficient instantiation of this modular construction, which utilizes any password-based client-server authentication method, with or without reliance on public-key infrastructure. The security of the proposed scheme is proven in a formal model that we formulate as an extension of the traditional PAKE model. We also report on a prototype implementation of our schemes, including TLS-based and PKI-free variants, as well as several instantiations of the SAS mechanism, all demonstrating the practicality of our approach. Finally, we present a usability study evaluating the viability of our protocol contrasted with the traditional PIN-based TFA approach in terms of efficiency, potential for errors, user experience, and security perception of the underlying manual process.1

A Provably Secure Two-Factor Authentication Scheme for USB Storage Devices

Universal Serial Bus (USB) is widely used, for example to facilitate hot-swapping and plug-and-play. However, USB ports can be exploited by an adversary to extract private or personal data from the connected devices. Hence, a number of organizations and workplaces have prohibited their employees from using USB devices, and there have been efforts to design secure USB storage device schemes to more effectively resist different known security attacks. However, designing such schemes is challenging. For example, in this article we revisit the Wei et al.’s scheme, and demonstrate that it is vulnerable to attacks such as password guessing and user impersonation. We also explain that the scheme does not verify the correctness of user’s input in the login phase, which is another design flaw. Then, we present an improved scheme and prove it secure in the random oracle model.

Perfect forward secrecy via an ECC-based authentication scheme for SIP in VoIP

With the advent of the internet, Voice over Internet Protocol (VoIP) has obtained a considerable amount of attention due to its low cost, and ease of implementation. Similar to other emerging technologies, VoIP faces several challenges, including security in terms of confidentiality, integrity, and authenticity. Specifically, there is a need for secure and efficient authentication and key agreement scheme to address the security requirements of communications over VoIP networks. Recently, Ravanbakhsh et al. have presented an authentication and key agreement protocol for VoIP networks. Here, in this article, we first prove that Ravanbakhsh et al.’s scheme cannot provide perfect forward secrecy. Next, we present an elliptic curve cryptography-based secure two-factor authentication and key agreement scheme. We analyze the security of the proposed scheme informally, and demonstrate that the proposed scheme can provide different security features, including perfect forward secrecy, and is robust against security attacks such as the impersonation attack, the replay attack, and the stolen-verifier attack. Furthermore, we simulate the protocol and analyze its security formally using Scyther tool. The results show its robustness against different attacks, and its ability to provide perfect forward secrecy. We compare the computation cost of the proposed scheme with the related schemes. Results show that the proposed scheme achieves a satisfiable performance comparable to other ECC-based methods.

Anonymous two factor authentication protocol for roaming service in global mobility network with security beyond traditional limit

In a globalized world, the mobile user roams frequently from one place to other. Global mobility network provides roaming services to a mobile user when the mobile user is away from his home network and wants to avail the services of the foreign network. Roaming authentication protocol supports authentication between the mobile user and the foreign server in global mobility network so that the malicious user can not get access the roaming services in the foreign network. Moreover, privacy-preserving authentication between the mobile user and the foreign server is an essential technology for the secure access of global mobility network because mobile user’s privacy protection has become a major issue due to increasingly misuse of consumer’s private data by various organizations and individuals. Many privacy-preserving two-factor authentication protocols have been proposed to provide secure roaming services in global mobility network but they failed to support privacy and security while ensuring efficient typo detection by the smart card. We propose a privacy-preserving secure two-factor authentication protocol for roaming service in global mobility network which not only ensures the privacy of the mobile user but also provides efficient typo detection using fuzzy verifier and honeyword technique. Moreover, the proposed protocol overcomes the problem of desynchronization attack using public key encryption technique based on quadratic residue assumption with low computational load at the mobile user.

An Efficient Generic Framework for Three-Factor Authentication With Provably Secure Instantiation

Remote authentication has been widely studied and adapted in distributed systems. The security of remote authentication mechanisms mostly relies on one of or the combination of three factors: 1) something users know—password; 2) something users have—smart card; and 3) something users are—biometric characteristics. This paper introduces an efficient generic framework for three-factor authentication. The proposed generic framework enhances the security of existing two-factor authentication schemes by upgrading them to three-factor authentication schemes, without exposing user privacy. In addition, we present a case study by upgrading a secure two-factor authentication scheme to a secure three-factor authentication scheme. Furthermore, implementation analysis, formal proof, and privacy discussion are provided to show that the derived scheme is practical, secure, and privacy preserving.

Secure Encrypted Steganography Graphical Password scheme for Near Field Communication smartphone access control system

The revolutionary development of smartphone which offers compelling computing and storage capabilities has radically changed the digital lifestyles of users. The integration of Near Field Communication (NFC) into smartphone has further opened up opportunities for new applications and business models such as in industry for payment, electronic ticketing and access control systems. NFC and graphical password scheme are two imperative technologies that can be used to achieve secure and convenient access control system. One of the potential uses of such technologies is the integration of steganography graphical password scheme into NFC-enabled smartphone to transcend conventional digital key/tokens access control systems into a more secure and convenient environment. Smartphone users would have more freedom in customizing the security level and how they interact with the access control system. As such, this paper presents a secure two-factor authentication NFC smartphone access control system using digital key and the proposed Encrypted Steganography Graphical Password (ESGP). This paper also validates the user perception and behavioral intention to use NFC ESGP smartphone access control system through an experiment and user evaluation survey. Results indicated that users weigh security as a dominant attribute for their behavioral intention to use NFC ESGP smartphone access control system. Our findings offer a new insight for security scholars, mobile device service providers and expert systems to leverage on the two-factor authentication with the use of NFC-enabled smartphone.

Strong Authentication Scheme for Telecare Medicine Information Systems

The telecare medicine information system enables or supports health-care delivery services. A secure authentication scheme will thus be needed to safeguard data integrity, confidentiality, and availability. In this paper, we propose a generic construction of smart-card-based password authentication protocol and prove its security. The proposed framework is superior to previous schemes in three following aspects : (1) our scheme is a true two-factor authentication scheme. (2) our scheme can yield a forward secure two-factor authentication scheme with user anonymity when appropriately instantiated. (3) our scheme utilizes each user's unique identity to accomplish the user authentication and does not need to store or verify others's certificates. And yet, our scheme is still reasonably efficient and can yield such a concrete scheme that is even more efficient than previous schemes. Therefore the end result is more practical for the telecare medicine system.