Skip to main content
SpringerLink
Log in

PUF-Based Mutual Multifactor Entity and Transaction Authentication for Secure Banking

  • Conference paper
Lightweight Cryptography for Security and Privacy (LightSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9542))

Included in the following conference series:

Abstract

In this work we propose a protocol combining a Physical Unclonable Function (PUF) with Password-based Authenticated Key Exchange (PAKE). The resulting protocol provides mutual multifactor authentication between client and server and establishes a session key between the authenticated parties, important features that were not found simultaneously in the literature of PUF-based authentication. The combination can be adapted to support a panic password which allows the client to notify the server in case of emergency. Moreover, a novel protocol for two-factor transaction authentication is proposed. This ensures that only parties authenticated in the current session can realize valid bank transactions.

The authors thank Intel Labs for funding the project “Physical Unclonable Functions for SoC Devices” in which scope this work was conducted.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 34.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 44.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We consider any additional credential as another authentication factor (such as biometric information).

  2. 2.

    This is the only user interaction with the protocol, besides making the transaction request. The other operations are done by software.

References

  1. Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 97, 2026–2030 (2002)

    Article  Google Scholar 

  2. Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 148–160. ACM (2002)

    Google Scholar 

  3. Armknecht, F., Maes, R., Sadeghi, A.-R., Sunar, B., Tuyls, P.: Memory leakage-resilient encryption based on physically unclonable functions. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 685–702. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  4. Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the 44th Annual Design Automation Conference (DAC 2007), pp. 9–14. ACM (2007)

    Google Scholar 

  5. Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 302–319. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Delvaux, J., Gu, D., Peeters, R., Verbauwhede, I.: A Survey on Lightweight Entity Authentication with Strong PUFs. COSIC Internal Report (2015). http://www.cosic.esat.kuleuven.be/publications/article-2497.pdf

  7. Tuyls, P., Škorić, B.: Strong authentication with physical unclonable functions. In: Petković, M., Jonker, W. (eds.) Security, Privacy, and Trust in Modern Data Management Data-Centric Systems and Applications, pp. 133–148. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  8. Busch, H., Katzenbeisser, S., Baecher, P.: PUF-based authentication protocols – revisited. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 296–308. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  9. Frikken, K.B., Blanton, M., Atallah, M.J.: Robust authentication using physically unclonable functions. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 262–277. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Maes, R.: An accurate probabilistic reliability model for silicon PUFs. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 73–89. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  11. Helfmeier, C., Boit, C., Nedospasov, D., Seifert, J.-P.: Cloning physically unclonable functions. In: International Symposium on Hardware-Oriented Security and Trust (HOST 2013), pp. 1–6. IEEE, June 2013

    Google Scholar 

  12. Katzenbeisser, S., Kocabaş, U., Rožić, V., Verbauwhede, I., Sadeghi, A.-R., Wachsmann, C.: PUFs: myth, fact or busted? a security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 283–301. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  13. Holcomb, D.E., Fu, K.: Bitline PUF: building native challenge-response PUF capability into any SRAM. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 510–526. Springer, Heidelberg (2014)

    Google Scholar 

  14. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  15. Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Computer Society Symposium on Research in Securityand Privacy, pp. 72–84. IEEE, May 1992

    Google Scholar 

  16. Jablon, D.P.: Strong password-only authenticated key exchange. ACM SIGCOMM Comput. Commun. Rev. 26, 5–26 (1996)

    Article  Google Scholar 

  17. Bellare, M., Rogaway, P.: The AuthA Protocol for Password-based Authenticated Key Exchange, Technical report, Citeseer (2000)

    Google Scholar 

  18. Boyko, V., MacKenzie, P.D., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  19. Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  20. Bresson, E., Chevassut, O., Pointcheval, D.: Proof of security for password-based key exchange (IEEE P1363 AuthA Protocol and Extensions). ACMCCS 3, 241–250 (2003)

    Google Scholar 

  21. Abdalla, M., Catalano, D., Chevalier, C., Pointcheval, D.: Efficient two-party password-based key exchange protocols in the UC framework. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 335–351. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  22. Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), pp. 241–250. ACM (2003)

    Google Scholar 

  23. Miller, S.P., Neuman, B.C., Schiller, J.I., Saltzer, J.H.: Kerberos Authentication and Authorization System. In: Project Athena Technical Plan, Citeseer (1987)

    Google Scholar 

  24. Steiner, J.G., Neuman, B.C., Schiller, J.I.: Kerberos: an authenticationservice for open network systems. In: USENIX Winter, pp. 191–202 (1988)

    Google Scholar 

  25. Lam, K.-Y., Gollmann, D.: Freshness assurance of authentication protocols. In: Deswarte, Y., Eizenberg, G., Quisquater, J.-J. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 261–271. Springer, Heidelberg (1992)

    Chapter  Google Scholar 

  26. Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  27. Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13, 422–426 (1970)

    Article  MATH  Google Scholar 

  28. Merkle, R.C.: Protocols for public key cryptosystems. In: IEEE Symposium on Security and Privacy, vol. 1109, pp. 122–134 (1980)

    Google Scholar 

  29. Fan, L., Cao, P., Almeida, J., Broder, A.Z.: Summary cache: a scalable wide-area web cache sharing protocol. IEEE/ACM Trans. Network. (TON) 8, 281–293 (2000)

    Article  Google Scholar 

  30. Dworkin, M.J.: SP 800-38D. Recommendation for block cipher modes ofoperation: Galois/Counter Mode (GCM) and GMAC (2007). http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf

  31. Clark, J., Hengartner, U.: Panic passwords: authenticating under duress. In: Proceedings of the 3rd Conference on Hot Topics in Security (HOTSEC2008). USENIX Association, Berkeley, pp. 8:1–8:6 (2008)

    Google Scholar 

  32. Popp, N., Bajaj, S., Hallam-Baker, P.: Hybrid authentication. US Patent App. 10/864,501, January 2005

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Computing, University of Campinas (UNICAMP), Campinas, Brazil

    Amanda C. Davi Resende, Karina Mochetti & Diego F. Aranha

Authors
  1. Amanda C. Davi Resende
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karina Mochetti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Diego F. Aranha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amanda C. Davi Resende .

Editor information

Editors and Affiliations

  1. University of Bremen and DFKI, Bremen, Germany

    Tim Güneysu

  2. Ruhr-Universität Bochum, Bochum, Germany

    Gregor Leander

  3. Ruhr-Universität Bochum, Bochum, Germany

    Amir Moradi

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Resende, A.C.D., Mochetti, K., Aranha, D.F. (2016). PUF-Based Mutual Multifactor Entity and Transaction Authentication for Secure Banking. In: Güneysu, T., Leander, G., Moradi, A. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2015. Lecture Notes in Computer Science(), vol 9542. Springer, Cham. https://doi.org/10.1007/978-3-319-29078-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29078-2_5

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29077-5

  • Online ISBN: 978-3-319-29078-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation