CS406: Information Security

Any MFA framework is a digital system composed of critical components, such as sensors, data storage, processing devices, and communication channels. All of those are typically vulnerable to a variety of attacks at entirely different levels, ranging from replay attempts to adversary attacks. Security is thus a necessary tool to enable and maintain privacy. Therefore, we begin with the attacks executed on the input device itself. Letting only the legitimate controller access and process sensitive personal data exposes the community to the main risks related to MFA security that are listed further.

The first of the key risks is related to data spoofing that would be successfully accepted by the MFA system. Notably, due to biometrics being used by a variety of MFA frameworks, a glaring opportunity for the attacker to analyze both the technology underlying the sensor and the sensor itself results in revealing the most suitable spoofing materials. The main goal of the system and hardware architects is to provide either a secure environment or, in case it is not possible, to consider the related spoofing possibilities in advance. A risk of capturing either physical or electronic patterns and reproducing them within the MFA system should be addressed carefully.

Conventionally, the safeguard to protect against electronic replay attacks requires utilization of a timestamp. Unfortunately, a biometric spoofing attack is fairly simple to execute. Even though biometrics can improve the performance of the MFA system, they can also increase the number of vulnerabilities that can be exploited by an intruder. Further risk is sensitive data theft during the transmission between the sensor and the processing/storage unit. Such theft may primarily occur due to insecure transmission from the input device through extraction and matching blocks to the database, and there is potential for an attack. The required levels of data safety should be guaranteed to resist against this risk type.

Another opportunity to attack the MFA system is by capturing the secret data sample. For knowledge factors, the system would be immediately compromised in case zero-knowledge solutions are not utilized. Specific interest is dedicated to capturing a biometric sample that could not be updated or changed over time. Hence, protection of the biometric data requires a higher level of security during capture, transmission, storage, and processing phases.

The following risk is related to the theft from the data storage. Conventionally, databases are stored in a centralized manner, which offers a single point of failure. At the same time, some of the remote systems contacting the database are not always legitimately authorized to access the personal data stored. High level of isolation is required to protect the data from theft in addition to utilizing irreversible encryption. Subsequent risk is related to location-related attacks. The GPS signal could be vulnerable to position lock (jamming) or to feeding the receiver with false information, so that it computes an erroneous time or location (spoofing). Similar techniques may be applied to cellular- and WLAN-based location services.

Finally, being an information technology system, MFA framework should deliver relatively high levels of "throughput", which reflects the capability of a system to meet the needs of its users in terms of the number of input attempts per time period. Even if the biometrics are considered suitable in every other aspect, but the system can only perform, e.g., one biometrics-based match per hour, whereas it is required to operate at 100 samples per hour, such a solution should not be considered as feasible. The recommendation here is to select appropriate processing hardware for the server/capture side.

The MFA security framework should also support a penetration testing panel to assess its potential weaknesses. Today, the developers are often conducting external audit to evaluate the risks and act based on such evaluation for more careful planning. The MFA system should thus be assessed to deliver a more secure environment.