DAMFA: Decentralized Anonymous Multi-Factor Authentication
Omid Mir, Michael Roland, René Mayrhofer
Abstract
Token-based authentication is usually applied to enable single-sign-on on the web. In current authentication schemes, users are required to interact with identity providers securely to set up authentication data during a registration phase and receive a token (credential) for future accesses to various services and applications. This type of interaction can make authentication schemes challenging in terms of security and usability. From a security point of view, one of the main threats is the compromisation of identity providers. An adversary who compromises the authentication data (password or biometric) stored with the identity provider can mount an offline dictionary attack. Furthermore, the identity provider might be able to track user activity and control sensitive user data. In terms of usability, users always need a trusted server to be online and available while authenticating to a service provider.