Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment

Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment

Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local pas...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on dependable and secure computing 2015-07, Vol.12 (4), p.428-442
Hauptverfasser: Wang, Ding, He, Debiao, Wang, Ping, Chu, Chao-Hsien
Format: Artikel
Sprache:eng
Schlagworte:
Authentication
Authentication protocols
Design
Distributed processing
Privacy
Protocols
Resistance
Security management
Servers
Smart cards
Studies
Systems design
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 442
container_issue 4
container_start_page 428
container_title IEEE transactions on dependable and secure computing
container_volume 12
creator Wang, Ding
He, Debiao
Wang, Ping
Chu, Chao-Hsien
description Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an "ideal" scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.
doi_str_mv 10.1109/TDSC.2014.2355850
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_1696925526</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6894170</ieee_id><sourcerecordid>3745899431</sourcerecordid><originalsourceid>FETCH-LOGICAL-c293t-4f1b7f496ab7e298a4a13661ea278b0a7efdf2eb38da564948512a5a710be85d3</originalsourceid><addsrcrecordid>eNo9kN9LwzAQx4soOKd_gPgS8LkzlyZp41vd3BQGPmw-h7S9YodtZpIi_e9t2fDpjvv-OPhE0T3QBQBVT_vVbrlgFPiCJUJkgl5EM1AcYkohuxx3wUUsVArX0Y33B0oZzxSfRTrvbDe0tvdk_2vjtSmDdSTvwxd2oSlNaGxHmo6sGh9cU_QBK7IbfMDWP5MlumBGcWPNtye5Q_KCg-0qkofp3o4Vt9FVPYp4d57z6HP9ul--xduPzfsy38YlU0mIeQ1FWnMlTZEiU5nhBhIpAQ1Ls4KaFOuqZlgkWWWE5IpnApgRJgVaYCaqZB49nnqPzv706IM-2N5140sNUknFhGBydMHJVTrrvcNaH13TGjdooHriqCeOeuKozxzHzMMp0yDiv1-O9CClyR_fWG89</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1696925526</pqid></control><display><type>article</type><title>Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment</title><source>IEEE Electronic Library (IEL)</source><creator>Wang, Ding ; He, Debiao ; Wang, Ping ; Chu, Chao-Hsien</creator><creatorcontrib>Wang, Ding ; He, Debiao ; Wang, Ping ; Chu, Chao-Hsien</creatorcontrib><description>Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an "ideal" scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2014.2355850</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Authentication ; Authentication protocols ; Design ; Distributed processing ; Privacy ; Protocols ; Resistance ; Security management ; Servers ; Smart cards ; Studies ; Systems design</subject><ispartof>IEEE transactions on dependable and secure computing, 2015-07, Vol.12 (4), p.428-442</ispartof><rights>Copyright IEEE Computer Society Jul-Aug 2015</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c293t-4f1b7f496ab7e298a4a13661ea278b0a7efdf2eb38da564948512a5a710be85d3</citedby><cites>FETCH-LOGICAL-c293t-4f1b7f496ab7e298a4a13661ea278b0a7efdf2eb38da564948512a5a710be85d3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6894170$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6894170$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Wang, Ding</creatorcontrib><creatorcontrib>He, Debiao</creatorcontrib><creatorcontrib>Wang, Ping</creatorcontrib><creatorcontrib>Chu, Chao-Hsien</creatorcontrib><title>Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an "ideal" scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.</description><subject>Authentication</subject><subject>Authentication protocols</subject><subject>Design</subject><subject>Distributed processing</subject><subject>Privacy</subject><subject>Protocols</subject><subject>Resistance</subject><subject>Security management</subject><subject>Servers</subject><subject>Smart cards</subject><subject>Studies</subject><subject>Systems design</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2015</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNo9kN9LwzAQx4soOKd_gPgS8LkzlyZp41vd3BQGPmw-h7S9YodtZpIi_e9t2fDpjvv-OPhE0T3QBQBVT_vVbrlgFPiCJUJkgl5EM1AcYkohuxx3wUUsVArX0Y33B0oZzxSfRTrvbDe0tvdk_2vjtSmDdSTvwxd2oSlNaGxHmo6sGh9cU_QBK7IbfMDWP5MlumBGcWPNtye5Q_KCg-0qkofp3o4Vt9FVPYp4d57z6HP9ul--xduPzfsy38YlU0mIeQ1FWnMlTZEiU5nhBhIpAQ1Ls4KaFOuqZlgkWWWE5IpnApgRJgVaYCaqZB49nnqPzv706IM-2N5140sNUknFhGBydMHJVTrrvcNaH13TGjdooHriqCeOeuKozxzHzMMp0yDiv1-O9CClyR_fWG89</recordid><startdate>201507</startdate><enddate>201507</enddate><creator>Wang, Ding</creator><creator>He, Debiao</creator><creator>Wang, Ping</creator><creator>Chu, Chao-Hsien</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope></search><sort><creationdate>201507</creationdate><title>Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment</title><author>Wang, Ding ; He, Debiao ; Wang, Ping ; Chu, Chao-Hsien</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c293t-4f1b7f496ab7e298a4a13661ea278b0a7efdf2eb38da564948512a5a710be85d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2015</creationdate><topic>Authentication</topic><topic>Authentication protocols</topic><topic>Design</topic><topic>Distributed processing</topic><topic>Privacy</topic><topic>Protocols</topic><topic>Resistance</topic><topic>Security management</topic><topic>Servers</topic><topic>Smart cards</topic><topic>Studies</topic><topic>Systems design</topic><toplevel>online_resources</toplevel><creatorcontrib>Wang, Ding</creatorcontrib><creatorcontrib>He, Debiao</creatorcontrib><creatorcontrib>Wang, Ping</creatorcontrib><creatorcontrib>Chu, Chao-Hsien</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Wang, Ding</au><au>He, Debiao</au><au>Wang, Ping</au><au>Chu, Chao-Hsien</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2015-07</date><risdate>2015</risdate><volume>12</volume><issue>4</issue><spage>428</spage><epage>442</epage><pages>428-442</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an "ideal" scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2014.2355850</doi><tpages>15</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1545-5971
ispartof IEEE transactions on dependable and secure computing, 2015-07, Vol.12 (4), p.428-442
issn 1545-5971
1941-0018
language eng
recordid cdi_proquest_journals_1696925526
source IEEE Electronic Library (IEL)
subjects Authentication
Authentication protocols
Design
Distributed processing
Privacy
Protocols
Resistance
Security management
Servers
Smart cards
Studies
Systems design
title Anonymous Two-Factor Authentication in Distributed Systems: Certain Goals Are Beyond Attainment
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-18T22%3A41%3A54IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Anonymous%20Two-Factor%20Authentication%20in%20Distributed%20Systems:%20Certain%20Goals%20Are%20Beyond%20Attainment&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Wang,%20Ding&rft.date=2015-07&rft.volume=12&rft.issue=4&rft.spage=428&rft.epage=442&rft.pages=428-442&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2014.2355850&rft_dat=%3Cproquest_RIE%3E3745899431%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1696925526&rft_id=info:pmid/&rft_ieee_id=6894170&rfr_iscdi=true