Zobrazit v EDS

A passwordless MFA utilizing biometrics, proximity, and contactless communication.

Uloženo v:
Podrobná bibliografie
Název: A passwordless MFA utilizing biometrics, proximity, and contactless communication.
Autoři: Shukla, Sneha, Varshney, Gaurav, Singh, Shreya, Goel, Swati
Zdroj: Information Security Journal: A Global Perspective; 2025, Vol. 34 Issue 6, p633-654, 22p
Témata: MULTI-factor authentication, BIOMETRIC identification, BLUETOOTH technology, NEAR field communication, COMPUTER access control, PHISHING, SECURITY management
Reviews & Products: ANDROID (Operating system)
Abstrakt: Despite being more secure and strongly promoted, two-factor (2FA) or multi-factor (MFA) schemes either fail to protect against recent phishing threats, such as real-time MITM, controls/relay MITM, malicious browser extension-based phishing attacks, and/or need users to purchase and carry other hardware for additional account protection. Leveraging the unprecedented popularity of NFC and BLE-enabled smartphones, we explore a new horizon for designing an MFA scheme. This paper introduces an advanced authentication method for user verification that utilizes the user's real-time facial biometric identity, which serves as an inherent factor, together with BLE- NFC-enabled mobile devices, which operate as an ownership factor. We have implemented a prototype authentication system on a BLE-NFC-enabled Android device, and initial threat modeling suggests that it is safe against known phishing attacks. The scheme has been compared with other popular schemes using the Bonneau et al. assessment framework in terms of usability, deploy ability, and security. [ABSTRACT FROM AUTHOR]
Copyright of Information Security Journal: A Global Perspective is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Databáze: Complementary Index
Popis
Abstrakt:Despite being more secure and strongly promoted, two-factor (2FA) or multi-factor (MFA) schemes either fail to protect against recent phishing threats, such as real-time MITM, controls/relay MITM, malicious browser extension-based phishing attacks, and/or need users to purchase and carry other hardware for additional account protection. Leveraging the unprecedented popularity of NFC and BLE-enabled smartphones, we explore a new horizon for designing an MFA scheme. This paper introduces an advanced authentication method for user verification that utilizes the user's real-time facial biometric identity, which serves as an inherent factor, together with BLE- NFC-enabled mobile devices, which operate as an ownership factor. We have implemented a prototype authentication system on a BLE-NFC-enabled Android device, and initial threat modeling suggests that it is safe against known phishing attacks. The scheme has been compared with other popular schemes using the Bonneau et al. assessment framework in terms of usability, deploy ability, and security. [ABSTRACT FROM AUTHOR]
ISSN:19393555
DOI:10.1080/19393555.2025.2536033