We present a modular approach to the design and analysis of arbitrary MFAKE protocols, in form of an $(\alpha,\beta,\gamma)$-MFAKE framework, that can accommodate multiple \emph{types} and \emph{quantities} of authentication factors, focusing on the three widely adopted categories that provide evidence of knowledge, possession, and physical presence. The framework comes with (i) a model for \emph{generalized MFAKE} that implies some known flavors of single- and multi-factor Authenticated Key Exchange (AKE), and (ii) generic and modular constructions of secure MFAKE protocols that can be tailored to the needs of a particular application.
Our generic $\mfake$ protocol is based on the new notion of \emph{tag-based MFA} that in turn implies tag-based versions of many existing single-factor authentication schemes. We show examples and discuss generic ways to obtain tag-based flavors of password-based, public key-based, and biometric-based authentication protocols.
By combining multiple single-factor tag-based authentication-only protocols with a single run of an Unauthenticated Key Exchange (UKE) we construct $\mfake$ that is superior to a na{\"i}ve black-box combination of single-factor AKE schemes.
Category / Keywords: cryptographic protocols / multi-factor authentication, framework, tag-based authentication Date: received 4 Apr 2012, last revised 9 Apr 2013 Contact author: mark at manulis eu Available formats: PDF | BibTeX Citation Note: Mostly some updates in Section 4.2. Version: 20130409:131722 (All versions of this report) Discussion forum: Show discussion | Start new discussion