Multi-Factor Authentication: A Survey

Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers) that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir’s Secret Sharing (SSS) scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.Peer reviewe

Biometric Systems

Because of the accelerating progress in biometrics research and the latest nation-state threats to security, this book's publication is not only timely but also much needed. This volume contains seventeen peer-reviewed chapters reporting the state of the art in biometrics research: security issues, signature verification, fingerprint identification, wrist vascular biometrics, ear detection, face detection and identification (including a new survey of face recognition), person re-identification, electrocardiogram (ECT) recognition, and several multi-modal systems. This book will be a valuable resource for graduate students, engineers, and researchers interested in understanding and investigating this important field of study

Privacy-Preserving Authentication: A Homomorphic Encryption Approach

The importance of privacy for individuals has become increasingly evident in recent years as the amount of personal data being collected, stored and used by both private companies and government institutions has grown exponentially. The potential for this data to be misused or mishandled has led to widespread concern among individuals about the protection of their personal information. In response to these concerns, there has been a rise in the development of privacy-preserving technologies, which aim to protect personal data while still allowing it to be used for legitimate purposes. These technologies are necessary not only to address the concerns of individuals, but also to meet the legal requirements of institutions that handle personal information. Many applications using personal information as a commodity can benefit from privacy-preserving technologies. The research presented in this thesis targets a commonly used Internet application in which privacy-enhancing technologies can play a key role: biometric-based authentication. Authentication is the establishment of one party’s identity to the other. Biometric data, such as faces, fingerprints or iris, are used more and more commonly as a means of providing personal identification and authentication. However, authentication protocols using biometric data face serious privacy concerns, as the data involved is sensitive or personally-identifiable, which makes it necessary for data holders to protect its privacy. The widespread use of this application, and the need to protect user privacy, motivated us to examine how homomorphic encryption, a privacy-preserving technology, can be used and deployed to enhance privacy in such an application. Homomorphic encryption is a form of encryption that allows arbitrary computations to be performed on encrypted data, resulting in an encrypted result that, when decrypted, is the same as if the computation had been performed on the corresponding cleartext data. This means that entire computational processes can be executed on encrypted data without requiring the decryption key, thereby maintaining the privacy of the data involved. This can address both concerns from individuals regarding the protection of their personal and sensitive data, and legal requirements that institutions must meet. Homomorphic encryption can be used in an authentication protocol to allow a server to verify the authenticity of a client’s credentials without having access to the cleartext values of the credentials. In this thesis, we describe and prove secure two novel biometric-based authentication protocols that use homomorphic encryption to preserve the confidentiality of the biometric data both in storage and during use. These protocols ensure the privacy of the biometric information, while still allowing it to be used for authentication purposes. Users of the protocols encrypt their own biometric data and send it to a remote server that performs computations, including the biometric matching, solely on encrypted data. One of the protocols is designed to protect biometric data privacy against a honest-but-curious server and the other against a malicious server. Additionally, in both cases the user is securely authenticated by the server. For both the protocols, implementation and performance results using public homomorphic encryption libraries are presented along with a security and usability assessment, including an evaluation analysis against industry-standard biometric-based authentication schemes. In the most efficient implementation, the active authentication phase takes no more than three seconds to complete

Handbook of Vascular Biometrics

This open access handbook provides the first comprehensive overview of biometrics exploiting the shape of human blood vessels for biometric recognition, i.e. vascular biometrics, including finger vein recognition, hand/palm vein recognition, retina recognition, and sclera recognition. After an introductory chapter summarizing the state of the art in and availability of commercial systems and open datasets/open source software, individual chapters focus on specific aspects of one of the biometric modalities, including questions of usability, security, and privacy. The book features contributions from both academia and major industrial manufacturers

Supporting authorize-then-authenticate for wi-fi access based on an electronic identity infrastructure

Federated electronic identity systems are increasingly used in commercial and public services to let users share their electronic identities (eIDs) across countries and providers. In Europe, the eIDAS Regulation and its implementation-the eIDAS Network-allowing mutual recognition of citizen’s eIDs in various countries, is now in action. We discuss authorization (before authentication), named also authorize-then-authenticate (AtA), in services exploiting the eIDAS Network. In the eIDAS Network, each European country runs a national eIDAS Node, which transfers in other Member State countries, via the eIDAS protocol, some personal attributes, upon successful authentication of a person in his home country. Service Providers in foreign countries typically use these attributes to implement authorization decisions for the requested service. We present a scenario where AtA is required, namely Wi-Fi access, in which the service provider has to implement access control decisions before the person is authenticated through the eIDAS Network with his/her national eID. The Wi-Fi access service is highly required in public and private places (e.g. shops, hotels, a.s.o.), but its use typically involves users’ registration at service providers and is still subject to security attacks. The eIDAS Network supports different authentication assurance levels, thus it might be exploited for a more secure and widely available Wi-Fi access service to the citizens with no prior registration, by exploiting their national eIDs. We propose first a model that discusses AtA in eIDAS-based services, and we consider different possible implementation choices. We describe next the implementation of AtA in an eIDAS-based Wi-Fi access service leveraging the eIDAS Network and a Zeroshell captive portal supporting the eIDAS protocol. We discuss the problems encountered and the deploy-ment issues that may impact on the service acceptance by the users and its exploitation on large scale