Practical Threshold Multi-Factor Authentication

Wenting Li, Haibo Cheng, Ping Wang, Kaitai Liang

Research output: Contribution to journalArticleScientificpeer-review

18 Downloads (Pure)

Abstract

Multi-factor authentication (MFA) has been widely used to safeguard high-value assets. Unlike single-factor authentication (e.g., password-only login), t-factor authentication (tFA) requires a user always to carry and present t specified factors so as to strengthen the security of login. Nevertheless, this may restrict user experience in limiting the flexibility of factor usage, e.g., the user may prefer to choose any factors at hand for login authentication. To bring back usability and flexibility without loss of security, we introduce a new notion of authentication, called (t, n) threshold MFA, that allows a user to actively choose t factors out of n based on preference. We further define the “most-rigorous” multi-factor security model for the new notion, allowing attackers to control public channels, launch active/passive attacks, and compromise/corrupt any subset of parties as well as factors. We state that the model can capture the most practical security needs in the literature. We design a threshold MFA key exchange (T-MFAKE) protocol built on the top of a threshold oblivious pseudorandom function and an authenticated key exchange protocol. Our protocol achieves the “highest-attainable” security against all attacking attempts in the context of parties/factors being compromised/corrupted. As for efficiency, our design only requires 4+t exponentiations, 2 multi-exponentiations and 2 communication rounds. Compared with existing tFA schemes, even the degenerated (t, t) version of our protocol achieves the strongest security (stronger than most schemes) and higher efficiency on computational and communication. We instantiate our design on real-world platform to highlight its practicability and efficiency.

Original languageEnglish
Article number9432950
Pages (from-to)3573-3588
Number of pages16
JournalIEEE Transactions on Information Forensics and Security
Volume16
DOIs
Publication statusPublished - 2021

Keywords

  • Authentication
  • Biometrics (access control)
  • Key Exchange
  • Multi-Factor Authentication
  • Password
  • Protocols
  • Security
  • Servers
  • Threshold
  • Usability

Fingerprint

Dive into the research topics of 'Practical Threshold Multi-Factor Authentication'. Together they form a unique fingerprint.

Cite this