Abstract
We present a secure two-factor authentication (TFA) scheme based on the user’s possession of a password and a crypto-capable device. Security is “end-to-end” in the sense that the attacker can attack all parts of the system, including all communication links and any subset of parties (servers, devices, client terminals), can learn users’ passwords, and perform active and passive attacks, online and offline. In all cases the scheme provides the highest attainable security bounds given the set of compromised components. Our solution builds a TFA scheme using any Device-enhanced Password-authenticated Key Exchange (PAKE), defined by Jarecki et al., and any Short Authenticated String (SAS) Message Authentication, defined by Vaudenay. We show an efficient instantiation of this modular construction, which utilizes any password-based client-server authentication method, with or without reliance on public-key infrastructure. The security of the proposed scheme is proven in a formal model that we formulate as an extension of the traditional PAKE model. We also report on a prototype implementation of our schemes, including TLS-based and PKI-free variants, as well as several instantiations of the SAS mechanism, all demonstrating the practicality of our approach. Finally, we present a usability study evaluating the viability of our protocol contrasted with the traditional PIN-based TFA approach in terms of efficiency, potential for errors, user experience, and security perception of the underlying manual process.1
- RSA breach leaks data for hacking securid tokens. 2011. http://goo.gl/tcEoS.Google Scholar
- LinkedIn Confirms Account Passwords Hacked. 2012. http://goo.gl/AWB5KC.Google Scholar
- Google acquires slicklogin, the sound-based password alternative.2014. https://goo.gl/V9J8rv.Google Scholar
- Russian Hackers Amass Over a Billion Internet Passwords. 2014. Available at: http://goo.gl/aXzqj8.Google Scholar
- Hack Brief: Yahoo Breach Hits Half a Billion Users. 2016. https://goo.gl/nz4uJG.Google Scholar
- Sim swap fraud. 2016. http://goo.gl/y4Eogg.Google Scholar
- Sms-based two-factor authentication. 2016. https://bit.ly/2GiH4aN.Google Scholar
- Yahoo Says 1 Billion User Accounts Were Hacked. 2016. https://goo.gl/q4WZi9.Google Scholar
- Over 560 Million Passwords Discovered in Anonymous Online Database. 2017. https://goo.gl/upDqzt.Google Scholar
- Google Cloud Messaging. 2018. https://goo.gl/EFvXt9.Google Scholar
- Duo Security Two-Factor Authentication. 2019. https://goo.gl/e38UnB.Google Scholar
- Facebook stored hundreds of millions of passwords in plain text. 2019. https://www.theverge.com/2019/3/21/18275837/facebookplain-text-password-storage-hundreds-millions-users.Google Scholar
- FIDO Universal 2nd Factor (U2F) Overview. 2019. https://bit.ly/2IpPYH8.Google Scholar
- Google Authenticator Android app. 2019. https://goo.gl/Q4LU7k.Google Scholar
- Google stored some passwords in plain text for fourteen years. 2019. https://www.theverge.com/2019/5/21/18634842/googlepasswords-plain-text-g-suite-fourteen-years.Google Scholar
- Sign in faster with 2-Step Verification phone prompts. 2019. https://goo.gl/3vjngW.Google Scholar
- Signal by Open Whisper Systems. 2019. https://signal.org/.Google Scholar
- Sound Login Two Factor Authentication. 2019. https://goo.gl/LJFkvT.Google Scholar
- Two-factor authentication - authy. 2019. https://www.authy.com/.Google Scholar
- WhatsApp Simple, Secure, Reliable messaging. 2019. https://www.whatsapp.com/.Google Scholar
- YubiKeys: Your key to two-factor authentication. 2019. https://goo.gl/LLACvP.Google Scholar
- Zxing (“zebra crossing”) barcode scanning library for java, android. 2019. https://github.com/zxing/zxing.Google Scholar
- Michel Abdalla, Mihir Bellare, and Phillip Rogaway. 2001. The oracle Diffie-Hellman assumptions and an analysis of DHIES. In Proceedings of the Topics in Cryptology Conference (CT-RSA’01) (Lecture Notes in Computer Science), Vol. 2020. Springer.Google Scholar
Cross Ref
- Tolga Acar, Mira Belenkiy, and Alptekin Küpçü. 2013. Single password authentication. Comput. Netw. 57, 13 (2013).Google Scholar
- Mihir Bellare, David Pointcheval, and Phillip Rogaway. 2000. Authenticated key exchange secure against dictionary attacks. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt’02).Google Scholar
Cross Ref
- Steven M. Bellovin and Michael Merritt. 1993. Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’93). 244--250.Google Scholar
- Daniel J. Bernstein, Mike Hamburg, Anna Krasnova, and Tanja Lange. 2013. Elligator: Elliptic-curve points indistinguishable from uniform random strings. In Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security. 967--980.Google Scholar
Digital Library
- Xavier Boyen. 2009. Hidden credential retrieval from a reusable password. In Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS’09). DOI:https://doi.org/10.1145/1533057.1533089Google Scholar
Digital Library
- Xavier Boyen. 2009. HPAKE: Password authentication secure against cross-site user impersonation. In Proceedings of the Conference on Cryptology and Network Security (CANS’09). Springer, 279--298.Google Scholar
Digital Library
- John Brainard, Ari Juels, Burt Kaliski, and Michael Szydlo. 2003. A new two-server approach for authentication with short secrets. In Proceedings of the 12th USENIX Security Symposium. 201--213.Google Scholar
- John Brooke et al. 1996. SUS-A quick and dirty usability scale. Usabil. Eval. Industry 189, 194 (1996), 4--7. Retrieved from http://goo.gl/XDqBqg.Google Scholar
- Ran Canetti and Hugo Krawczyk. 2001. Analysis of key-exchange protocols and their use for building secure channels. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. 453--474.Google Scholar
Cross Ref
- Sonia Chiasson, Paul C. van Oorschot, and Robert Biddle. 2006. A usability study and critique of two password managers. In Proceedings of the Usenix Security Conference.Google Scholar
- Alexei Czeskis, Michael Dietz, Tadayoshi Kohno, Dan Wallach, and Dirk Balfanz. 2012. Strengthening user authentication through opportunistic cryptographic identity assertions. In Proceedings of ACM Conference on Computer and Communications Security. ACM.Google Scholar
Digital Library
- Emiliano De Cristofaro, Honglu Du, Julien Freudiger, and Greg Norcie. 2013. A comparative usability study of two-factor authentication. arXiv preprint arXiv:1309.5344.Google Scholar
- Sergej Dechand, Dominik Schürmann, Karoline Busse, Yasemin Acar, Sascha Fahl, and Matthew Smith. 2016. An empirical study of textual key-fingerprint representations. In Proceedings of the USENIX Security Symposium. 193--208.Google Scholar
- Ben Dodson, Debangsu Sengupta, Dan Boneh, and Monica S. Lam. 2010. Secure, consumer-friendly web authentication and payments with a phone. In Proceedings of the International Conference on Mobile Computing, Applications, and Services. Springer.Google Scholar
- Warwick Ford and Burton S. Kaliski Jr. 2000. Server-assisted generation of a strong secret from a password. In Proceedings of the IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE’00). 176--180.Google Scholar
- Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan. 2006. A method for making password-based key exchange resilient to server compromise. In Proceedings of the Advances in Cryptology Conference.Google Scholar
Digital Library
- Nancie Gunson, Diarmid Marshall, Hazel Morton, and Mervyn Jack. 2011. User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Comput. Secur. 30, 4 (2011).Google Scholar
- Shai Halevi and Hugo Krawczyk. 1999. Public-key cryptography and password protocols. ACM Transactions on Information and System Security (TISSEC) 2, 3 (Aug. 1999), 230--268.Google Scholar
Digital Library
- Devriş İşler, Alptekin Küpçü, and Aykut Coskun. [n.d.]. User study on single password authentication. ([n.d.]).Google Scholar
- Tibor Jager, Florian Kohlar, Sven Schäge, and Jörg Schwenk. 2012. On the security of TLS-DHE in the standard model. In Proceedings of the International Cryptology Conference (CRYPTO’12). 273--293.Google Scholar
Digital Library
- Stanislaw Jarecki, Aggelos Kiayias, Hugo Krawczyk, and Jiayu Xu. 2015. Highly efficient and composable password-protected secret sharing. In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P’15).Google Scholar
- Stanislaw Jarecki, Hugo Krawczyk, Maliheh Shirvanian, and Nitesh Saxena. 2016. Device-enhanced password protocols with optimal online-offline protection. In Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS’16). Retrieved from http://ia.cr/2015/1099.Google Scholar
Digital Library
- Stanislaw Jarecki, Hugo Krawczyk, Maliheh Shirvanian, and Nitesh Saxena. 2018. Two-factor authentication with end-to-end password security. In Proceedings of the International Conference on Practice and Theory of Public Key Cryptography (PKC’18).Google Scholar
Cross Ref
- Stanislaw Jarecki, Hugo Krawczyk, and Jiayu Xu. 2018. OPAQUE: An asymmetric PAKE protocol secure against pre-computation attacks. In Proceedings of the Advances in Cryptology Conference (EUROCRYPT’18).Google Scholar
Cross Ref
- Stanislaw Jarecki, Jubur Mohammed, Hugo Krawczyk, Maliheh Shirvanian, and Nitesh Saxena. [n.d.]. Two-factor password-authenticated key exchange with end-to-end password security. Cryptology ePrint Archive report 2018/033.Google Scholar
- Katie Kleemola John Scott-Railton. 2015. London Calling: Two-Factor Authentication Phishing From Iran. Retrieved from https://goo.gl/yt12xH.Google Scholar
- Ronald Kainda, Ivan Flechais, and Andrew William Roscoe. 2009. Usability and security of out-of-band channels in secure device pairing protocols. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’09).Google Scholar
Digital Library
- Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun. 2015. Sound-proof: Usable two-factor authentication based on ambient sound. In Proceedings of the USENIX Security Symposium.Google Scholar
- Ambarish Karole, Nitesh Saxena, and Nicolas Christin. 2011. A comparative usability evaluation of traditional password managers. In Proceedings of the Information Security and Cryptology Conference (ICISC’11).Google Scholar
Cross Ref
- Jonathan Katz, Philip D. MacKenzie, Gelareh Taban, and Virgil D. Gligor. 2005. Two-server password-only authenticated key exchange. In Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS’05). 1--16.Google Scholar
- Swati Khandelwal. 2017. Real-world SS7 Attack. Retrieved from https://thehackernews.com/2017/05/ss7-vulnerability-bank-hacking.html.Google Scholar
- Hugo Krawczyk. 2005. HMQV: A high-performance secure Diffie-Hellman protocol. In Proceedings of the Annual International Cryptology Conference. 546--566.Google Scholar
Digital Library
- Arun Kumar, Nitesh Saxena, Gene Tsudik, and Ersin Uzun. 2009. Caveat emptor: A comparative study of secure device pairing methods. In Proceedings of the International Conference on Pervasive Computing and Communications (PerCom).Google Scholar
- Juan Lang, Alexei Czeskis, Dirk Balfanz, Marius Schilder, and Sampath Srinivas. 2016. Security keys: Practical cryptographic second factors for the modern web. In International Conference on Financial Cryptography and Data Security. Springer, 422--440.Google Scholar
- Chia-Chi Lin, Hongyang Li, Xiao-yong Zhou, and XiaoFeng Wang. 2014. Screenmilker: How to milk your Android screen for secrets. In Proceedings of the Network & Distributed System Security Symposium.Google Scholar
Cross Ref
- Philip MacKenzie, Thomas Shrimpton, and Markus Jakobsson. 2002. Threshold password-authenticated key exchange. In Proceedings of the Advances in Cryptology Conference (CRYPTO’02).Google Scholar
Cross Ref
- Daniel McCarney, David Barrera, Jeremy Clark, Sonia Chiasson, and Paul C. van Oorschot. 2012. Tapas: Design, implementation, and usability evaluation of a password manager. In Proceedings of the Annual Computer Security Applications Conference.Google Scholar
- Jonathan M. McCune, Adrian Perrig, and Michael K. Reiter. 2005. Seeing-is-believing: Using camera phones for human-verifiable authentication. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 110--124.Google Scholar
- D. M’raihi, M. Bellare, F. Hoornaert, D. Naccache, and O. Ranen. 2005. Hotp: An HMAC-based One-time Password Algorithm. Technical Report.Google Scholar
Cross Ref
- David M’Raihi, Salah Machani, Mingliang Pei, and Johan Rydell. 2011. Totp: Time-based One-time Password Algorithm. Technical Report. Retrieved from https://goo.gl/9Ba5hv.Google Scholar
- David Pointcheval and Sébastien Zimmer. 2008. Multi-factor authenticated key exchange. In Proceedings of the Conference on Applied Cryptography and Network Security.Google Scholar
Cross Ref
- Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan. 2006. Secure device pairing based on a visual channel. In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
- Svenja Schröder, Markus Huber, David Wind, and Christoph Rottermanner. 2016. When SIGNAL hits the fan: On the usability and security of state-of-the-art secure mobile messaging. In Proceedings of the European Workshop on Usable Security (EuroUSEC).Google Scholar
Cross Ref
- Maliheh Shirvanian, Stanislaw Jarecki, Nitesh Saxena, and Naveen Nathan. 2014. Two-factor authentication resilient to server compromise using mix-bandwidth devices. In Proceedings of the Network and Distributed System Security Symposium (NDSS’14).Google Scholar
Cross Ref
- Maliheh Shirvanian, Nitesh Saxena, and Jesvin James George. 2017. On the pitfalls of end-to-end encrypted communications: A study of remote key-fingerprint verification. In Proceedings of the 33rd Annual Computer Security Applications Conference. ACM, 499--511.Google Scholar
Digital Library
- Victor Shoup. 2004. ISO 18033-2: An Emerging Standard for Public-Key Encryption. Final Committee Draft.Google Scholar
- Bradley Neal Suggs. 2013. Pairing a device based on a visual code. U.S. Patent App. 13/194,267.Google Scholar
- Ersin Uzun, Kristiina Karvonen, and Nadarajah Asokan. 2007. Usability analysis of secure pairing methods. In Proceedings of the International Conference on Financial Cryptography and Data Security.Google Scholar
Cross Ref
- Serge Vaudenay. 2005. Secure communications over insecure channels based on short authenticated strings. In Proceedings of the Advances in Cryptology Conference (CRYPTO’05).Google Scholar
Digital Library
- Ding Wang and Ping Wang. 2014. On the usability of two-factor authentication. In Proceedings of the International Conference on Security and Privacy in Communication Systems. Springer, 141--150.Google Scholar
- Catherine S. Weir, Gary Douglas, Martin Carruthers, and Mervyn Jack. 2009. User perceptions of security, convenience and usability for ebanking authentication tokens. Comput. Secur. 28, 1--2 (2009), 47--62.Google Scholar
Digital Library
- Catherine S. Weir, Gary Douglas, Tim Richardson, and Mervyn Jack. 2009. Usable security: User preferences for authentication methods in eBanking and the effects of experience. Interact. Comput. 22, 3 (2009), 153--164.Google Scholar
Digital Library
- Devriş İşler and Alptekin Küpçü. 2018. Distributed Single Password Protocol Framework. Cryptology ePrint Archive, Report 2018/976. Retrieved from https://eprint.iacr.org/2018/976.Google Scholar
- Devriş İşler and Alptekin Küpçü. 2018. Threshold Single Password Authentication. Cryptology ePrint Archive, Report 2018/977. Retrieved from https://eprint.iacr.org/2018/977.Google Scholar
Index Terms
Two-factor Password-authenticated Key Exchange with End-to-end Security
Recommendations
Efficient and secure authenticated key exchange using weak passwords
Mutual authentication and authenticated key exchange are fundamental techniques for enabling secure communication over public, insecure networks. It is well known how to design secure protocols for achieving these goals when parties share high-entropy ...
Provably secure CL-KEM-based password-authenticated key exchange protocol
Traditional password-based authentication protocols are vulnerable to various password-related attacks, while public key cryptography PKC is expensive to manage certificates. Moreover, the traditional identity-based cryptography suffers to key escrow. ...
Multi-factor password-authenticated key exchange
AISC '10: Proceedings of the Eighth Australasian Conference on Information Security - Volume 105We consider a new form of authenticated key exchange which we call multi-factor password-authenticated key exchange, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a ...






Comments