Multi-Factor Password-Authenticated Key Exchange via Pythia PRF Service
- Authors
- Li, Zengpeng; Wang, Jiuru; Choi, Chang; Zhang, Wenyin
- Issue Date
- May-2020
- Publisher
- TECH SCIENCE PRESS
- Keywords
- Multi-factor authentication key exchange; biometric data; password-to-random; Pythia PRF
- Citation
- CMC-COMPUTERS MATERIALS & CONTINUA, v.63, no.2, pp.663 - 674
- Journal Title
- CMC-COMPUTERS MATERIALS & CONTINUA
- Volume
- 63
- Number
- 2
- Start Page
- 663
- End Page
- 674
- URI
- https://scholarworks.bwise.kr/gachon/handle/2020.sw.gachon/78488
- DOI
- 10.32604/cmc.2020.06565
- ISSN
- 1546-2218
- Abstract
- Multi-factor authentication (MFA) was proposed by Pointcheval et al. [Pointcheval and Zimmer (2008)] to improve the security of single-factor (and two-factor) authentication. As the backbone of multi-factor authentication, biometric data are widely observed. Especially, how to keep the privacy of biometric at the password database without impairing efficiency is still an open question. Using the vulnerability of encryption (or hash) algorithms, the attacker can still launch offline brute-force attacks on encrypted (or hashed) biometric data. To address the potential risk of biometric disclosure at the password database, in this paper, we propose a novel efficient and secure MFA key exchange (later denoted as MFAKE) protocol leveraging the Pythia PRF service and password-to-random (or PTR) protocol. Armed with the PTR protocol, a master password pwd can be translated by the user into independent pseudorandom passwords (or rwd) for each user account with the help of device (e.g., smart phone). Meanwhile, using the Pythia PRF service, the password database can avoid leakage of the local user's password and biometric data. This is the first paper to achieve the password and biometric harden service simultaneously using the PTR protocol and Pythia PRF.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - IT융합대학 > 컴퓨터공학과 > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.