A Modular Framework for Multi-Factor Authentication and Key Exchange

Fleischhacker, Nils; Manulis, Mark; Azodi, Amir

doi:10.1007/978-3-319-14054-4_12

Cited by 18 publications

(22 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We require tag-based password authentication protocol (tPAuth) and tag-based password-authenticated keyexchange protocol (tPAKE), which will provide secure mutual authentication (resistant to offline dictionary attacks) based on knowledge of a shared secret password, and with acceptance only if both parties use the same, possibly public, auxiliary tag [21,28].…”

Section: Tag-based Password Authentication and Key Exchangementioning

confidence: 99%

“…In our reference implementation we use tSOKE a tagged version of the Simple Open Key Exchange (SOKE) protocol [1] that is described in Sect. 7; note that any tPAuth or tPAKE protocol could be used in our generic constructions, and any PAKE protocol can in fact be transformed into a tPAuth or tPAKE protocol by hashing the original password with the tag and using the result as a new password [21].…”

Section: Tag-based Password Authentication and Key Exchangementioning

confidence: 99%

“…This concept was introduced in [28] for public key-based authentication protocols and then generalized in [21] for other types of authentication factors, including passwords and biometrics. Our PACCE constructions 1 and 2 will make use of a tag-based password authentication (tPAuth) protocol.…”

Section: Building Block: Tpauthmentioning

confidence: 99%

See 2 more Smart Citations

Secure modular password authentication for the web using channel bindings

Manulis

Stebila

Kiefer³

et al. 2016

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

Secure protocols for password-based user authentication are well-studied in the cryptographic literature but have failed to see wide-spread adoption on the internet; most proposals to date require extensive modifications to the Transport Layer Security (TLS) protocol, making deployment challenging. Recently, a few modular designs have been proposed in which a cryptographically secure password-based mutual authentication protocol is run inside a confidential (but not necessarily authenticated) channel such as TLS; the password protocol is bound to the established channel to prevent active attacks. Such protocols are useful in practice for a variety of reasons: security no longer relies on users' ability to validate server certificates and can potentially be implemented with no modifications to the secure channel protocol library. We provide a systematic study of such authentication protocols. Building on recent advances in modeling TLS, we give a formal definition of the intended security goal, which we call password-authenticated and confidential channel establishment (PACCE). We show generically that combining a secure Queensland University of Technology, Brisbane, Australia channel protocol, such as TLS, with a password authentication or password-authenticated key exchange protocol, where the two protocols are bound together using the transcript of the secure channel's handshake, the server's certificate, or the server's domain name, results in a secure PACCE protocol. Our prototypes based on TLS are available as a cross-platform client-side Firefox browser extension as well as an Android application and a server-side web application that can easily be installed on servers.

show abstract

Section: Tag-based Password Authentication and Key Exchangementioning

confidence: 99%

Section: Tag-based Password Authentication and Key Exchangementioning

confidence: 99%

See 1 more Smart Citation

Secure modular password authentication for the web using channel bindings

Manulis

Stebila

Kiefer³

et al. 2016

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Two factor authentication: As its name implies two factors means two authentication levels are used .As in the case of ATM, user swipes card, then enters a PIN (Personal Identification Number) code for the transaction to be done. Here the attacker must have the user's ATM card and PIN code to gain access [3]. 3.…”

Section: Introductionmentioning

confidence: 99%

“…Multi factor has many factors like passwords, fingerprints, smart card, voice, location, etc. Now, if the attackers get any one factor of the listed above he cannot get to the user's information [3]. 4.…”

Section: Introductionmentioning

confidence: 99%

Multifactor Authentication for Hospital Inventory access in Virtual Private Cloud

Deep¹,

Kaur²,

Mohana³

2018

IJET

View full text Add to dashboard Cite

In recent times, cloud computing has influenced every sector of life, from managing user database online on the cloud to access it on the cloud makes it more flexible to use. Cloud computing has its own security issues like privacy, integrity, confidentiality and authentication. In order to access data on the cloud Authentication majorly plays a very important role. This paper presents a secure multifactor authentication that can be used for Hospital Inventory access in Virtual Private Cloud. Virtual Private cloud is having the benefit of localization as all the data of cloud are accessible within the organization. To secure Hospital Inventory access in Virtual Private Cloud this paper proposes multifactor authentication technique using Biometric, MAC address via payload .The proposed a multifactor authentication protocol which is also validated by using a validation tool Scyther. The outcomes indicate that the proposed multifactor authentication is a robust technique.

show abstract

Biometric-Authenticated Searchable Encryption

Gardham

Manulis

Drăgan

2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We introduce Biometric-Authenticated Keyword Search (BAKS), a novel searchable encryption scheme that relieves clients from managing cryptographic keys and relies purely on client's biometric data for authenticated outsourcing and retrieval of files indexed by encrypted keywords.BAKS utilises distributed trust across two servers and the liveness assumption which models physical presence of the client; in particular, BAKS security is guaranteed even if clients' biometric data, which often has low entropy, becomes public. We formalise two security properties, Authentication and Indistinguishability against Chosen Keyword Attacks, which ensure that only a client with a biometric input sufficiently close to the registered template is considered legitimate and that neither of the two servers involved can learn any information about the encrypted keywords.Our BAKS construction further supports outsourcing and retrieval of files using multiple keywords and flexible search queries (e.g., conjunction, disjunction and subset-type queries). An additional update mechanism allows clients to replace their registered biometrics without requiring re-encryption of outsourced keywords, which enables smooth user migration across devices supporting different types of biometrics.

show abstract

A Modular Framework for Multi-Factor Authentication and Key Exchange

Cited by 18 publications

References 29 publications

Secure modular password authentication for the web using channel bindings

Secure modular password authentication for the web using channel bindings

Multifactor Authentication for Hospital Inventory access in Virtual Private Cloud

Biometric-Authenticated Searchable Encryption

Contact Info

Product

Resources

About