Litcius/Paper detail

A Provably Secure Two-Factor Authentication Scheme for USB Storage Devices

Muhammad Faizan Ayub, Salman Shamshad, Khalid Mahmood, SK Hafizul Islam, Reza M. Parizi, Kim‐Kwang Raymond Choo

2020IEEE Transactions on Consumer Electronics25 citationsDOI

Abstract

Universal Serial Bus (USB) is widely used, for example to facilitate hot-swapping and plug-and-play. However, USB ports can be exploited by an adversary to extract private or personal data from the connected devices. Hence, a number of organizations and workplaces have prohibited their employees from using USB devices, and there have been efforts to design secure USB storage device schemes to more effectively resist different known security attacks. However, designing such schemes is challenging. For example, in this article we revisit the Wei et al.'s scheme, and demonstrate that it is vulnerable to attacks such as password guessing and user impersonation. We also explain that the scheme does not verify the correctness of user's input in the login phase, which is another design flaw. Then, we present an improved scheme and prove it secure in the random oracle model.

Topics & Concepts

USBComputer scienceScheme (mathematics)PasswordComputer securityCorrectnessAuthentication (law)Random oracleEmbedded systemLoginComputer networkOperating systemComputer hardwareEncryptionPublic-key cryptographySoftwareMathematical analysisProgramming languageMathematicsUser Authentication and Security SystemsAdvanced Authentication Protocols SecurityCryptography and Data Security