A Modular Framework for Multi-Factor Authentication and Key Exchange

Multi-Factor Authentication (MFA), often coupled with Key Exchange (KE), offers very strong protection for secure communication and has been recommended by many major governmental and industrial bodies for use in highly sensitive applications. Over the past few years many companies started to offer various MFA services to their users and this trend is ongoing.

[1]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[2]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[3]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[4]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[5]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[6]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[7]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[8]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[9]  Rafail Ostrovsky,et al.  Forward Secrecy in Password-Only Key Exchange Protocols , 2002, SCN.

[10]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[11]  Sang Kyu Park,et al.  Two Factor Authenticated Key Exchange (TAKE) Protocol in Public Wireless LANs , 2004 .

[12]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[13]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[14]  Craig Gentry,et al.  Password authenticated key exchange using hidden smooth subgroups , 2005, CCS '05.

[15]  Olivier Chevassut,et al.  One-Time Verifier-Based Encrypted Key Exchange , 2005, Public Key Cryptography.

[16]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[17]  David Pointcheval,et al.  Simple Password-Based Encrypted Key Exchange Protocols , 2005, CT-RSA.

[18]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[19]  Serge Vaudenay Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings , 2005, Public Key Cryptography.

[20]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[21]  Steven M. Bellovin,et al.  Encrypted Key Exchange , 2006 .

[22]  Moti Yung,et al.  Fourth-factor authentication: somebody you know , 2006, CCS '06.

[23]  Craig Gentry,et al.  A Method for Making Password-Based Key Exchange Resilient to Server Compromise , 2006, CRYPTO.

[24]  Qiang Tang,et al.  An Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication , 2007, ACISP.

[25]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[26]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[27]  Martín Abadi,et al.  Code-Carrying Authorization , 2008, ESORICS.

[28]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[29]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[30]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[31]  Xiaomin Wang,et al.  An Efficient and Secure Biometric Remote User Authentication Scheme Using Smart Cards , 2008, 2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application.

[32]  Serge Vaudenay Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11-14, 2008. Proceedings , 2008, AFRICACRYPT.

[33]  David Pointcheval,et al.  Multi-factor Authenticated Key Exchange , 2008, ACNS.

[34]  Andreas Dresen An Authentication Protocol with encrypted Biometric Data , 2010 .

[35]  Tibor Jager,et al.  Generic Compilers for Authenticated Key Exchange , 2010, ASIACRYPT.

[36]  Chun-Ta Li,et al.  An efficient biometrics-based remote user authentication scheme using smart cards , 2010, J. Netw. Comput. Appl..

[37]  Douglas Stebila,et al.  Multi-Factor Password-Authenticated Key Exchange , 2010, AISC.

[38]  Kenneth G. Paterson,et al.  One-Time-Password-Authenticated Key Exchange , 2010, ACISP.

[39]  Feng Hao On Robust Key Agreement Based on Public Key Authentication , 2010, Financial Cryptography.

[40]  Ronggong Song Advanced smart card based password authentication protocol , 2010, Comput. Stand. Interfaces.

[41]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[42]  Dongho Won,et al.  Enhancement of two-factor authenticated key exchange protocols in public wireless LANs , 2010, Comput. Electr. Eng..

[43]  Flavio D. Garcia,et al.  Dismantling SecureMemory, CryptoMemory and CryptoRF , 2010, CCS '10.

[44]  Xiong Li,et al.  Cryptanalysis and improvement of a biometrics-based remote user authentication scheme using smart cards , 2011, J. Netw. Comput. Appl..

[45]  John A. Clark,et al.  Cryptanalysis of Song's advanced smart card based password authentication protocol , 2011, ArXiv.

[46]  Feng Hao,et al.  Security Analysis of a Multi-factor Authenticated Key Exchange Protocol , 2012, ACNS.

[47]  Emiliano De Cristofaro,et al.  Private discovery of common social contacts , 2011, International Journal of Information Security.

[48]  David Pointcheval,et al.  Verifier-Based Password-Authenticated Key Exchange: New Models and Constructions , 2013, IACR Cryptol. ePrint Arch..

[49]  Franziskus Kiefer,et al.  Zero-Knowledge Password Policy Checks and Verifier-Based PAKE , 2014, ESORICS.

[50]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.