清晨好,您是今天最早来到科研通的研友!由于当前在线用户较少,发布求助请尽量完整地填写文献信息,科研通机器人24小时在线,伴您科研之路漫漫前行!

Understanding Failures in Security Proofs of Multi-Factor Authentication for Mobile Devices

计算机科学 随机预言 计算机安全 可证明的安全性 数学证明 认证(法律) 身份验证协议 质询-响应身份验证 形式证明 多因素身份验证 密码学 加密 公钥密码术 几何学 数学
作者
Qingxuan Wang,Ding Wang
出处
期刊:IEEE Transactions on Information Forensics and Security [Institute of Electrical and Electronics Engineers]
卷期号:18: 597-612 被引量:22
标识
DOI:10.1109/tifs.2022.3227753
摘要

Multi-factor authentication is a promising way to enhance the security of password-based authenticated key exchange (PAKE) schemes. It is widely deployed in various daily applications for mobile devices (e.g., e-Bank, smart home, and cloud services) to provide the first line of defense for system security. However, despite intensive research, how to design a secure and efficient multi-factor authentication scheme is still a challenging problem. Hundreds of new schemes have been successfully proposed, and many are even equipped with a formal security proof. However, most of them have been shortly found to be insecure and cannot achieve the claimed security goals. Now a paradox arises: How can a multi-factor scheme that was “formally proven secure” later be found insecure? To answer this seemingly contradicting question, this paper takes a substantial first step towards systematically exploring the security proof failures in multi-factor authentication schemes for mobile devices. We first investigate the root causes of the “provable security” failure in vulnerable multi-factor authentication schemes under the random oracle model, and classify them into eight different types in terms of the five steps of conducting a formal security proof. Then, we elaborate on each type of these eight proof failures by examining three typical vulnerable protocols, and suggest corresponding countermeasures. Finally, we conduct a large-scale comparative measurement of 70 representative multi-factor authentication schemes under our extended evaluation criteria. The schemes we select range from 2009 to 2022, and the comparison results suggest that understanding failures in formal security proofs is helpful to design more secure multi-factor authentication protocols for mobile devices.
最长约 10秒,即可获得该文献文件

科研通智能强力驱动
Strongly Powered by AbleSci AI
更新
PDF的下载单位、IP信息已删除 (2025-6-4)

科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
wayne完成签到 ,获得积分10
刚刚
1秒前
七人七发布了新的文献求助30
5秒前
elisa828完成签到,获得积分10
6秒前
lzz完成签到 ,获得积分10
7秒前
LQX2141完成签到 ,获得积分10
8秒前
希望天下0贩的0应助yeurekar采纳,获得10
9秒前
沫荔完成签到 ,获得积分10
15秒前
科研通AI5应助七人七采纳,获得30
17秒前
charih完成签到 ,获得积分10
33秒前
墨墨完成签到,获得积分10
34秒前
伶俐芷珊完成签到,获得积分10
35秒前
土拨鼠完成签到 ,获得积分10
35秒前
36秒前
文献完成签到 ,获得积分10
40秒前
45秒前
taster发布了新的文献求助10
49秒前
49秒前
SciGPT应助科研通管家采纳,获得10
49秒前
芋芋完成签到,获得积分10
51秒前
taster完成签到,获得积分10
1分钟前
研友_8y2G0L完成签到,获得积分10
1分钟前
天下无马完成签到 ,获得积分10
1分钟前
量子星尘发布了新的文献求助10
1分钟前
欧阳完成签到,获得积分10
1分钟前
慕容飞凤完成签到,获得积分10
1分钟前
wjx完成签到 ,获得积分10
1分钟前
HCCha完成签到,获得积分10
1分钟前
萝卜猪完成签到,获得积分10
1分钟前
1分钟前
应夏山完成签到 ,获得积分10
2分钟前
七人七发布了新的文献求助30
2分钟前
2分钟前
jjjjjj完成签到,获得积分10
2分钟前
萌大叔发布了新的文献求助10
2分钟前
huyz完成签到,获得积分10
2分钟前
文与武完成签到 ,获得积分10
2分钟前
jiujieweizi完成签到 ,获得积分10
2分钟前
ii完成签到 ,获得积分10
2分钟前
Rondab应助Jason-1024采纳,获得10
2分钟前
高分求助中
【提示信息,请勿应助】关于scihub 10000
The Mother of All Tableaux: Order, Equivalence, and Geometry in the Large-scale Structure of Optimality Theory 3000
Social Research Methods (4th Edition) by Maggie Walter (2019) 2390
A new approach to the extrapolation of accelerated life test data 1000
北师大毕业论文 基于可调谐半导体激光吸收光谱技术泄漏气体检测系统的研究 390
Phylogenetic study of the order Polydesmida (Myriapoda: Diplopoda) 370
Robot-supported joining of reinforcement textiles with one-sided sewing heads 360
热门求助领域 (近24小时)
化学 材料科学 医学 生物 工程类 有机化学 生物化学 物理 内科学 纳米技术 计算机科学 化学工程 复合材料 遗传学 基因 物理化学 催化作用 冶金 细胞生物学 免疫学
热门帖子
关注 科研通微信公众号,转发送积分 4008607
求助须知:如何正确求助?哪些是违规求助? 3548284
关于积分的说明 11298733
捐赠科研通 3282975
什么是DOI,文献DOI怎么找? 1810274
邀请新用户注册赠送积分活动 885976
科研通“疑难数据库(出版商)”最低求助积分说明 811218