Multifactor Authentication

Authentication can be accomplished with one factor, two factors, or multiple factors. Which one is the weakest level of authentication and which is the most secure and why? When would a more secure system be required? Be able to explain these multifactor authentication methods: password protection, token presence, voice biometrics, facial recognition, ocular-based methodology, hand geometry, vein recognition, fingerprint scanner, thermal image recognition, and geographical location. What are some challenges of multiple factor authentication when using biometrics? There is a lot of interesting information covered in this article that you do not need to memorize, but that you should be aware of.

4. Enabling Flexible MFA Operation

4.2. Proposed Reversed Methodology

In this work, we consider the MFA system with explicit / factors

$F$ . Each factor

$F_{i}$ has a unique secret

$S_{i}$ obtained with the corresponding procedure (PIN, fingerprint, etc.) from the user. In the worst case, it is related to the biometric data-the probability that it changes over time is low. The corresponding factors and secrets could then be represented as

$\begin{array}{l} F_{1}: S_{1} \\ F_{2}: S_{2} \\ \cdots \\ F_{l}: S_{L} \\ F_{l+1}: T \end{array}$

where

$S_{i}$ is the secret value obtained from the sensor (factor),

$l$ is the number of factors required to reconstruct the secret, and

$F_{l+1}$ is a timestamp collected at time instant

$T$ . It is important to note that providing the actual secrets to the verifier is not an option, especially in case of sensitive biometric data, because a fingerprint is typically an unchangeable factor. Hence, letting even a trusted instance obtain the corresponding data is a questionable step to make. Conversely, compared to the method considered in Section 4.1, the modified algorithm implies that

$S_{i}$ are obtained from the factors (only one polynomial describes the corresponding curve), as it is shown in Figure 5. In other words, the proposed methodology produces the system secret

$S$ based on the collected factor values

$S_{i}$ instead of assigning them in th first place. A system of equations connected to the Lagrange interpolation formula with the factors, their values, and the secret for the system access is

$\left\{\begin{array}{l} S_{1}=\bar{S}+a_{1} F_{1}+a_{2} F_{1}^{2}+\cdots+a_{l-1} F_{1}^{l-1}+a_{l} F_{1}^{l} \\ S_{2}=\bar{S}+a_{1} F_{2}+a_{2} F_{2}^{2}+\cdots+a_{l-1} F_{2}^{l-1}+a_{l} F_{2}^{l} \\ \ldots \\ S_{l}=\bar{S}+a_{1} F_{l}+a_{2} F_{l}^{2}+\cdots+a_{l-1} F_{l}^{l-1}+a_{l} F_{l}^{l} \\ T=\bar{S}+a_{1} T+a_{2} T^{2}+\cdots+a_{l-1} T^{l-1}+a_{l} T^{l} \end{array}\right.$

where

$a_{i}$ are the corresponding generated coefficients,

$f(x)=S+a_{1} x+a_{2} x^{2}+\cdots+a_{l-1} x^{l-1},$ and

$f(0)=S$ . The system in Equation (3) has only one solution for

$S$ and it is well known from the Lagrange interpolation formula.

Lemma 1. One and only one polynomial curve

$f(x)$ of degree

$l-1$ could be described by 1 points on the plane

$\left(x_{1}, y_{1}\right),\left(x_{2}, y_{2}\right), \ldots,\left(x_{l}, y_{l}\right)$

$f_{x}=a_{0}+a_{1} x+\ldots+a_{l-1} x^{l-1},\left\{f\left(x_{i}\right)=y_{i}\right\}_{i=1}^{l}$

Hence, the system secret

$S$ may be recovered based on / collected shares as given by the conventional Lagrange interpolation formula without the need to transfer the original factor secrets

$S_{i}$ to the verifier. Hence, the sensitive person-related data is kept private, as

$S=(-1)^{l} \sum_{i=1}^{l+1} S_{i} \prod_{j=1, j \neq i}^{l+1} \frac{F_{j}}{F_{i}-F_{j}}$

where

$F_{l+1}=T$ The proposed modifications are required to assure the uniqueness of the acquired data, see Figure 6.

Figure 6. Reversed method based on the Lagrange polynomial.

Due to the properties of the Lagrange formulation, there can only be one curve described by the corresponding polynomial (Lemma 1); therefore, each set of $\overline{\left[F_{i}: S_{i}\right]}$ will produce its unique $\bar{S}$ . However, if the biometric data collected by MFA has not been changed over time, the secret will always remain the same, which is an obvious vulnerability of the considered system. On the other hand, a simple addition of the timestamp should always produce a unique curve, as it is shown in Figure 6 for $T, T_{1}$ , and $T_{2}$ .

The proposed solution provides robustness against the case where all $S_{i}$ remain unchanged over time. This is achieved by adding a unique factor of time $T,$ which enables the presence of $F_l$ with the corresponding secret. It is necessary to mention that the considered threshold scheme based on the Lagrange interpolation formula utilizes Rivest-Shamir-Adleman (RSA) mechanism or EIGamal encryption/decryption algorithm for authentication during the final step. In this case, it is proven that we obtain a secure threshold scheme related to secrets $S_{i}$ in.