The MFAKE protocol framework presented in this paper offers \emph{à la carte} design of multi-factor authentication and key exchange protocols by mixing multiple \emph{types} and \emph{quantities} of authentication factors in a secure way: MFAKE protocols designed using our framework can combine any subset of multiple low-entropy (one-time) passwords/PINs, high-entropy private/public keys, and biometric factors. This combination is obtained in a modular way from efficient single-factor password-based, public key-based, and biometric-based authentication-only protocols that can be executed in concurrent sessions and bound to a single session of an unauthenticated key exchange protocol to guarantee forward secrecy.
The modular approach used in the framework is particularly attractive for MFAKE solutions that require backward compatibility with existing single-factor authentication solutions or where new factors should be introduced gradually over some period of time. The framework is proven secure using the state-of-the art game-based security definitions where specifics of authentication factors such as dictionary attacks on passwords and imperfectness of the biometric matching processes are taken into account.
Category / Keywords: cryptographic protocols / multi-factor authentication, framework, tag-based authentication Date: received 4 Apr 2012, last revised 17 Sep 2014 Contact author: mark at manulis eu Available format(s): PDF | BibTeX Citation Note: The previous title of this paper was "Modular Design and Analysis Framework for Multi-Factor Authentication and Key Exchange". Version: 20140917:111018 (All versions of this report) Short URL: ia.cr/2012/181 Discussion forum: Show discussion | Start new discussion