This work focuses on the problem of detection and prevention of stolen and misused secrets (such as private keys) for authentication toward centralized services. We propose a solution for such a problem based on the blockchain-based two-factor authentication scheme SmartOTPs, which we modify for our purposes and utilize in the setting of two and half-factor authentication against a centralized service provider. Our proposed solution consists of four entities that interact together to ensure authentication: (1) the user, (2) the authenticator, (3) the service provider, and (4) the smart contract. Out of two and a half factors of our solution, the first factor stands for the private key, and the second and a half factor stands for one-time passwords (OTPs) and their precursors, where OTPs are obtained from the precursors (a.k.a., pre-images) by cryptographically secure hashing. We describe the protocol for bootstrapping our approach as well as the authentication procedure. We make the security analysis of our solution, where on top of the main attacker model that steals secrets from the client, we analyze man-in-the-middle attacks and malware tampering with the client. In the case of stolen credentials, we show that our solution enables the user to immediately detect the attack occurrence and proceed to re-initialization with fresh credentials.
翻译:这项工作的重点是发现和预防被窃和被滥用的秘密(如私人钥匙),以便认证中央服务。我们根据基于两要素的双要素认证计划SmartOTP提出这一问题的解决办法,我们为我们自己的目的修改这一办法,并在针对中央服务提供者设定两个半要素认证时利用这一办法。我们提议的解决方案由四个实体组成,它们相互作用以确保认证:(1) 用户,(2) 验证人,(3) 服务提供商,(4) 智能合同。在我们解决方案的两个半要素中,第一个要素是私人钥匙,第二和第三要素是一次性密码(OTP)及其前体,即通过加密安全的方式从前体(a.k.a.a.,预图像)获取的密码。我们提出的解决方案由四个实体组成,以确保认证:(1) 用户,(2) 验证人,(3) 服务提供商,(4) 智能合同。我们从两个半要素中,第一个要素是私人钥匙,第二个半要素是一次性密码(OTP)及其前体,即通过加密安全的方式从前体(a.k.a.a.a.预图像)中获得两个半要素的认证。我们描述了我们的方法以及认证程序。我们对解决方案的安全分析我们的解决方案进行了安全分析,在主要攻击者模式上窃取客户的秘密,我们分析中的人对客户进行新的袭击的验证,让我们能够对客户进行重新验证。