Two-factor Authentication Protocol Research Articles

Design and Implementation of USB Key System Based on Dual-Factor Identity Authentication Protocol

With the increasing demand for information security, traditional single-factor authentication technology can no longer meet security requirements. To this end, this paper proposes a Universal Serial Bus (USB) Key hardware and software system based on a two-factor authentication protocol, aiming to improve the security and reliability of authentication. This paper first analyzes the current status and technical principles of USB Key-related research domestically and internationally and designs a two-factor authentication protocol that combines impact/response authentication and static password authentication. The system consists of a host computer and a USB Key device. The host computer interacts with the USB Key through a graphical user interface. The Secure Hash Algorithm 1 (SHA-1) and MySQL database are used to implement the authentication function. Experimental results show that the designed two-factor authentication protocol can effectively prevent replay attacks and information tampering, and improve the security of authentication. If the corresponding USB Key is not inserted, the system will prompt that the device is not found. Once the USB Key is inserted, user identity is confirmed through two-factor verification, which includes impact/response authentication and static password authentication.

2FAKA-C/S: A Robust Two-Factor Authentication and Key Agreement Protocol for C/S Data Transmission in Federated Learning

As a hot technology trend, the federated learning (FL) cleverly combines data utilization and privacy protection by processing data locally on the client and only sharing model parameters with the server, embodying an efficient and secure collaborative learning model between clients and aggregated Servers. During the process of uploading parameters in FL models, there is susceptibility to unauthorized access threats, which can result in training data leakage. To ensure data security during transmission, the Authentication and Key Agreement (AKA) protocols are proposed to authenticate legitimate users and safeguard training data. However, existing AKA protocols for client–server (C/S) architecture show security deficiencies, such as lack of user anonymity and susceptibility to password guessing attacks. In this paper, we propose a robust 2FAKA-C/S protocol based on ECC and Hash-chain technology. Our security analysis shows that the proposed protocol ensures the session keys are semantically secure and can effectively resist various attacks. The performance analysis indicates that the proposed protocol achieves a total running time of 62.644 ms and requires only 800 bits of communication overhead, showing superior computational efficiency and lower communication costs compared to existing protocols. In conclusion, the proposed protocol securely protects the training parameters in a federated learning environment and provides a reliable guarantee for data transmission.

An Improved Lightweight Two-Factor Authentication Protocol for IoT Applications

The Internet of Things (IoT) is defined as a network of connected objects or devices that gather information and share or exchange them through communication systems. In many applications, maintaining the privacy and security of the exchanged data is of great importance. Therefore protecting sensitive data against security threats is a major concern in IoT applications. Using Multi-factor authentication protocols is an efficient solution to provide these features. Recently, a two-factor authentication protocol using Physical Unclonable Functions (PUFs) and wireless fingerprints has been proposed by Aman et al. In this paper, we first analyze Aman et al.'s protocol and discuss its weaknesses and vulnerabilities. Then, we propose an improved two-factor authentication protocol to provide strong mutual authentication and overcome the mentioned issues. The informal security analysis of the proposed scheme demonstrates that it is resistant to several well-known attacks. We also perform a security analysis of the proposed scheme using Burrows-Abadi-Needham (BAN) logic. We further evaluate the proposed protocol in terms of computational complexity and security features. The results demonstrate that our scheme has significantly better computational efficiency and provides better security features compared to Aman et al.'s protocol.

A Robust and Effective Two-Factor Authentication (2FA) Protocol Based on ECC for Mobile Computing

The rapid development of mobile computing (e.g., mobile health, mobile payments, and smart homes) has brought great convenience to our lives. It is well-known that the security and privacy of user information from these applications and services is critical. Without the prevention provided by an authentication mechanism, safety vulnerabilities may accumulate, such as illegal intrusion access resulting in data leakage and fraudulent abuse. Luckily, the two-factor authentication (2FA) protocols can secure access and communication for mobile computing. As we understand it, existing 2FA authentication protocols weaken security in the pursuit of high efficiency. How efficiency can be achieved while preserving the protocol’s security remains a challenge. In this study, we designed a robust and effective 2FA protocol based on elliptic curve cryptography (ECC) for authentication of users and service providers. We proved the robustness (respectively, the effectiveness) of the presented protocol with the heuristic analysis and security verification provided by the ProVerif tool (respectively, with a performance comparison based on six schemes). Performance comparisons in terms of message rounds, communication, and computation overheads showed that our scheme was superior to the exiting schemes or comparable as a whole; i.e., only two rounds, 1376 bits, and 1.818 ms were required in our scheme, respectively. The evaluation results showed that the proposed 2FA protocol provides a better balance between security and availability compared to state-of-the-art protocols.

A novel two-factor multi-gateway authentication protocol for WSNs

With Wireless Sensor Networks(WSNs) rapid development, it is a hot topic that designing a secure and effective authentication protocol to guarantee the safety of WSNs. Many two-factor multi-gateway authentication protocols have been proposed for WSNs. However, almost all the known protocols were found insecure. Especially, all the existing two-factor multi-gateway authentication protocols cannot resist the password and identity(ID) guessing together with the smart card loss attack. We present a novel two-factor multi-gateway authentication protocol based on password and smart card in multi-gateway wireless sensor networks in this paper. Thanks to “fuzzy-verifier” and “honeywords” technique, the new protocol can effectively resist the joint password and identity guessing with the smart card loss attack. In addition, key negotiation is based on discrete elliptic curve encryption, which ensures forward security of the protocol and resists sensor capture attack. Subsequently, we use BAN-logic to ensure the authentication is implemented, and the session key is negotiated. Moreover, a formal security proof of the new protocol based on the game sequence is conducted in Random Oracle model (RO model). Finally, we compare our work with other schemes in the same field in terms of security, communication efficiency and computational efficiency.

An Effective Privacy-Preserving Blockchain-Assisted Security Protocol for Cloud-Based Digital Twin Environment

Recently, the Digital Twin (DT) technology has procured a lot of attention because of its applicability in the manufacturing and space industries. The DT environment involves the formation of a clone of the tangible object to perform simulations in the virtual space. The combination of conceptual development, predictive maintenance, real-time monitoring, and simulation characteristics of DT has increased the utilization of DT in different scenarios, such as medical environments, healthcare, manufacturing industries, aerospace, etc. However, these utilizations have also brought serious security pitfalls in DT deployment. Towards this, several authentication protocols with different security and privacy features for DT environments have been proposed. In this article, we first review a recently proposed two-factor authentication protocol for DT environments that utilizes the blockchain technology. However, the analyzed scheme is unable to offer the desirable security and cannot withstand various security attacks like offline password-guessing attack, smart card stolen attack, anonymity property, and known session-specific temporary information attack. We also demonstrate that an attacker can impersonate the analyzed protocol’s legal user, owner, and cloud server. To mitigate these security loopholes, we devise an effective three-factor privacy-preserving authentication scheme for DT environments. The proposed work is demonstrated to be secure by performing the informal security analysis, the formal security analysis using the widely recognized Burrows-Abadi-Needham (BAN) logic, and the Real-or-Random (ROR) model. A detailed comparative study with the existing competing schemes including the analyzed scheme demonstrates that the devised framework furnishes better security features while also having lower computation costs and comparable communication costs than the existing schemes.

BioP-TAP: An efficient method of template protection and two-factor authentication protocol combining biometric and PUF

We propose an efficient identity authentication protocol based on cancelable biometric and Physical Uncloable Function (PUF) namely BioP-TAP, which realizes the two-way authentication between the user and the server. Specially, the concept of biometric template protection is added to the proposed protocol to better protect user privacy. We use the properties of PUF to generate the cancelable biometric and adds it to the authentication protocol. Then, we design a complete authentication protocol combining the elliptic curve Pedersen commitment and Zero-knowledge proof. Finally, we adopt the method of combining formalization and non-formalization to carry out scientific evaluation from multiple perspectives. And the performance analysis and comparison with existing schemes are employed to evaluate the proposed scheme, so as to ensure the effectiveness and security. The results show that the proposed method is more effective for security than existing methods, and more suitable for the user biometric authentication in a multi-server environment.

LLAKEP: A Low-Latency Authentication and Key Exchange Protocol for Energy Internet of Things in the Metaverse Era

The authenticated key exchange (AKE) protocol can ensure secure communication between a client and a server in the electricity transaction of the Energy Internet of things (EIoT). Park proposed a two-factor authentication protocol 2PAKEP, whose computational burden of authentication is evenly shared by both sides. However, the computing capability of the client device is weaker than that of the server. Therefore, based on 2PAKEP, we propose an authentication protocol that transfers computational tasks from the client to the server. The client has fewer computing tasks in this protocol than the server, and the overall latency will be greatly reduced. Furthermore, the security of the proposed protocol is analyzed by using the ROR model and GNY logic. We verify the low-latency advantage of the proposed protocol through various comparative experiments and use it for EIoT electricity transaction systems in a Metaverse scenario.

Design and Analysis of a Provable Secure Two-Factor Authentication Protocol for Internet of Things

Because sensor nodes are deployed in public areas, these sensors are easy to capture by adversaries. Once a sensor is stolen, the sensitive information stored in it is likely to be exposed. Accordingly, designing a secure authentication protocol should consider this issue. Sadri et al. recently proposed a two-factor authentication protocol with anonymity for wireless sensor networks. Unfortunately, we found that their protocol had a design flaw in the user and sensor authentication phase. Besides, their protocol can not resist stolen smart card attacks, sensor capture attacks, and user impersonation attacks. In addition, their protocol does not provide perfect forward security. This paper proposes a provably secure authentication to overcome these weaknesses and flaws. By comparing the security and performance of the proposed protocol with other related protocols, we find that our work has reasonable computation overhead and better security.

Two-Factor Authentication and Key Agreement Schemes for Smart Home Fingerprint Characteristics

Aiming at the potential security threat of personal information disclosure in smart homes, a two-factor authentication and key protocol scheme based on fingerprint feature was designed to ensure privacy and secure communication in a smart home environment. The scheme consisted of fingerprint authentication and a key protocol. Fingerprint features were extracted by fuzzy processor to ensure the stability of fingerprint features and effectively prevent the failure of fingerprint extraction caused by subtle changes. The key protocol was used to ensure the security of the communication process. Through performance comparison and security analysis, it was proved that the proposed scheme can meet the security requirements.

A low-cost privacy preserving user access in mobile edge computing framework

The computational offloading from conventional cloud datacenter towards edge devices sprouted a new world of prospective applications in pervasive and Mobile Edge Computing (MEC) paradigm, leading to substantial gains in the form of increased availability, bandwidth with low latency. The MEC offers real-time computing and storage facility within the proximity of mobile user-access network, hence it is imperative to secure communication between end user and edge server. The existing schemes do not fulfill real time processing and efficiency requirements for using complex crypto-primitives. To this end, we propose a novel two-factor biometric authentication protocol for MEC enabling efficient and secure combination of Physically Unclonable Functions (PUFs) with user-oriented biometrics employing fuzzy extractor-based procedures. The performance analysis depicts that our scheme offers resistance to known attacks using lightweight operations and supports 30% more security features than comparative studies. Our scheme is provably secure under Real-or-Random (ROR) formal security analysis model.

Attacks and Solutions for a Two-Factor Authentication Protocol for Wireless Body Area Networks

As an extension of the 4G system, 5G is a new generation of broadband mobile communication with high speed, low latency, and large connection characteristics. It solves the problem of human-to-thing and thing-to-thing communication to meet the needs of intelligent medical devices, automotive networking, smart homes, industrial control, environmental monitoring, and other IoT application needs. This has resulted in new research topics related to wireless body area networks. However, such networks are still subject to significant security and privacy threats. Recently, Fotouhi et al. proposed a lightweight and secure two-factor authentication protocol for wireless body area networks in medical IoT. However, in this study, we demonstrate that their proposed protocol is still vulnerable to sensor-capture attacks and the lack of authentication between users and mobile devices. In addition, we propose a new protocol to overcome the limitations mentioned above. A detailed comparison shows that our proposed protocol is better than the previous protocols in terms of security and performance.

An anonymous two-factor authentication protocol for IoT-based applications

Internet of things (IoT) allows people to establish a real-time connection with physical objects. To fulfill this lifelong ambition, the infrastructure of Wireless Sensor Networks (WSNs) plays a pivotal role. However, the public channel that is used by the sensors and users can imperil the security of their connection. Accordingly, many authentication protocol have been proposed to preserve the integrity and confidentiality of the transmitted messages. In this paper, we examine Wu et al.’s protocol as one of the most state-of-the-art protocols and prove that it is susceptible to sensor capture attack, user trace attack, and DoS attack, also it cannot provide forward secrecy. To mitigate these weaknesses, we propose our protocol and analyze that with both formal and informal methods to show that it is secure against various known attacks such as sensor and user trace, sensor capture, offline password guessing, and replay attacks. Finally, we evaluate our protocol in terms of security features and communication and computation costs. The results show that our protocol not only is more secure than other existing protocols but also reduces 62.1% of the computation cost and 30.76% of the communication cost in comparison with the costs of Wu et al.’s protocol.

An Efficient and Provable Multifactor Mutual Authentication Protocol for Multigateway Wireless Sensor Networks

As the most popular way of communication technology at the moment, wireless sensor networks have been widely concerned by academia and industry and plays an important role in military, agriculture, medicine, and other fields. Identity authentication offers the first line of defence to ensure the security communication of wireless sensor networks. Since the sensor nodes are resource-limited in the wireless networks, how to design an efficient and secure protocol is extremely significant. The current authentication protocols have the problem that the sensor nodes need to execute heavy calculation and communication consumption during the authentication process and cannot resist node capture attack, and the protocols also cannot provide perfect forward and backward security and cannot resist replay attack. Multifactor identity authentication protocols can provide a higher rank of security than single-factor and two-factor identity authentication protocols. The multigateway wireless sensor networks’ structure can provide a larger communication coverage area than the single-gateway network structure, so it has become the focus of recent studies. Therefore, we design a novel multifactor authentication protocol for multigateway wireless sensor networks, which only apply the lightweight hash function and are given biometric information to achieve a higher level of security and efficiency and a larger communication coverage area. We separately apply BAN logic, random oracle model, and AVISPA tool to validate the security of our authentication protocol in Case 1 and Case 2. We put forward sixteen evaluation criteria to comprehensively evaluate our authentication protocol. Compared with the related authentication protocols, our authentication protocol is able to achieve higher security and efficiency.

Voltage Over-Scaling-Based Lightweight Authentication for IoT Security

It is a challenging task to deploy lightweight security protocols in resource-constrained IoT applications. A hardware-oriented lightweight authentication protocol based on device signature generated during voltage over-scaling (VOS) was recently proposed to address this issue. VOS-based authentication employs the computation unit such as adders to generate the process variation dependent error, which is combined with secret keys to create a two-factor authentication protocol. In this article, machine learning (ML)-based modeling attacks to break such authentication is presented. We also propose a <u>c</u>hallenge <u>s</u>elf-<u>o</u>bfuscation <u>s</u>tructure (CSoS) which employs previous challenges combined with keys or random numbers to obfuscate the current challenge for the VOS-based authentication to resist ML attacks. Experimental results show that ANN, RNN, and CMA-ES can clone the challenge-response behavior of VOS-based authentication with up to 99.65 percent prediction accuracy, while the prediction accuracy is less than 51.2 percent after deploying our proposed ML resilient technique. In addition, our proposed CSoS also shows good obfuscation ability for strong PUFs. Experimental results show that the modeling accuracy is below 54 percent when 10⁶ challenge-response pairs (CRPs) are collected to model the CSoS-based Arbiter PUF with ML attacks based on LR, SVM, ANN, RNN, and CMA-ES.

Fuzzy-in-the-Loop-Driven Low-Cost and Secure Biometric User Access to Server

Fuzzy systems can aid in diminishing uncertainty and noise from biometric security applications by providing an intelligent layer to the existing physical systems to make them reliable. In the absence of such fuzzy systems, a little random perturbation in captured human biometrics could disrupt the whole security system, which may even decline the authentication requests of legitimate entities during the protocol execution. In the literature, few fuzzy logic-based biometric authentication schemes have been presented; however, they lack significant security features including perfect forward secrecy (PFS), untraceability, and resistance to known attacks. This article, therefore, proposes a novel two-factor biometric authentication protocol enabling efficient and secure combination of physically unclonable functions, a physical object analogous to human fingerprint, with user biometrics by employing fuzzy extractor-based procedures in the loop. This combination enables the participants in the protocol to achieve PFS. The security of the proposed scheme is tested using the well-known real-or-random model. The performance analysis signifies the fact that the proposed scheme not only offers PFS, untraceability, and anonymity to the participants, but is also resilient to known attacks using light-weight symmetric operations, which makes it an imperative advancement in the category of intelligent and reliable security solutions.

An Enhanced Authentication Protocol for Multi-server Environment Using Password and Smart Card

In the past two decades, numerous two-factor authentication protocols have been proposed for the multi-server environment using a smart card and password. Sahoo et al. recently proposed an authentication protocol for the multi-server environments. Our cryptanalysis shows that the Sahoo et al. scheme is susceptible to several attacks such as offline password guessing, spoofing, replay and smart-card-lost. Also their scheme does not provide two-factor security truly. We propose a new secure, mutually authenticated key-sharing protocol for the multi-server environment to overcome the security flaws in their scheme. We formally prove the secure authentication of the proposed scheme using Burrows–Abadi–Needham logic and simulate various attacks through the automated validation of internet security protocols and applications tool. Additionally, we provide an informal security analysis to show the security and functionality features of the proposed scheme. Moreover, the security and performance comparison results shows that the proposed scheme offers better security and performance.

Secured and flexible user authentication protocol for wireless sensor network

PurposeIn wireless sensor network (WSN), user authentication plays as a vital role in which data sensing, as well as sharing, will be spoiled by hackers. To enhance user security, user authentication must be focused.Design/methodology/approachIn previous works, for secured authentication, Enhanced User Authentication Protocol (EUAP) is presented. On the other hand, the user free password generation is permitted in the previous technique.FindingsHere, password leakage may cause a malevolent user's contribution to the WSN environment. By presenting the Flexible and Secured User Authentication Protocol (FSUAP), this is solved in the presented technique in which secured as well as reliable sharing of data contents via unsecured wireless sensor devices was accomplished.Originality/valueThe foremost objective of the present technique is to device the protocol that would verify the users beforehand letting them access the sensor devices situated in various sites. The use of a sensor device could be reduced in a significant way. Three-factor authentication protocols are presented in place of two-factor authentication protocol in the presented technique that could deal with and safeguard the environment from a brute force attack in an effective manner.

An Improved Anonymous Authentication Protocol for Wearable Health Monitoring Systems

Wearable health monitoring system (WHMS), which helps medical professionals to collect patients’ healthcare data and provides diagnosis via mobile devices, has become increasingly popular thanks to the significant advances in the wireless sensor network. Because health data are privacy-related, they should be protected from illegal access when transmitted over a public wireless channel. Recently, Jiang et al. presented a two-factor authentication protocol on quadratic residues with fuzzy verifier for WHMS. However, we observe that their scheme is vulnerable to known session special temporary information (KSSTI) attack, privileged insider attack, and denial-of-service (DoS) attack. To defeat these weaknesses, we propose an improved two-factor authentication and key agreement scheme for WHMS. Through rigorous formal proofs under the random oracle model and comprehensive informal security analysis, we demonstrate that the improved scheme overcomes the disadvantages of Jiang et al.’s protocol and withstands possible known attacks. In addition, comparisons with several relevant protocols show that the proposed scheme achieves more security features and has suitable efficiency. Thus, our scheme is a reasonable authentication solution for WHMS.

Secure two-factor lightweight authentication protocol using self-certified public key cryptography for multi-server 5G networks

Recently Ying and Nayak proposed a multi-server supported lightweight authentication protocol for 5G networks and confirmed the security of their protocol against all prominent attacks. Nevertheless, this paper will show certain shortcomings in their protocol, like vulnerability against identity guessing, password guessing, and user impersonation attacks. Additionally, it lacks in rendering strong user anonymity and truly two-factor security. Following the crypt-analysis, we propose an improved multi-server authentication protocol, that resists all recognized attacks, including these traps. The formal analysis using broadly accepted BAN-logic assures that the proposed protocol provides mutual authentication among the user and service-providing server. Additionally, the automated verification using the “Automated Validation of Internet Security Protocols and Applications” (AVISPA) tool asserts that improved protocol is safe toward active attacks. The performance comparison with the Ying-Nayak's protocol is evident that the proposed protocol is efficient concerning computational complexity and communication costs.