TY - GEN
T1 - Revisiting Multi-Factor Authentication Token Cybersecurity
T2 - 2024 International Conference on Computing, Networking and Communications, ICNC 2024
AU - Urien, Pascal
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - Multi-factor authentication (MFA) procedures are widely used by digital systems. There are usually performed by hardware tokens comprising a microcontroller and an USB interface. The security level is increased by computing cryptographic procedures in secure elements such as smartcards. Authenticity of MFA token is a critical topic since hardware or software components may be cloned or modified, for example through supply chain. Due to industrial competition cyber security aspects of MFA token are not generally in the public domain, and therefore somewhat relies on security by obscurity (SbO). In this paper we present an original MFA token built with open hardware (Arduino) and javacard, which realizes a TLS pre-shared-key identity module (TLS-IM). The microcontroller is authenticated by SRAM dynamic PUF features, its software is checked by attestation procedure based on the bijective MAC time stamped algorithm. The javacard application is authenticated by PKI means, and manages a TLS-PSK channel for remote administration.
AB - Multi-factor authentication (MFA) procedures are widely used by digital systems. There are usually performed by hardware tokens comprising a microcontroller and an USB interface. The security level is increased by computing cryptographic procedures in secure elements such as smartcards. Authenticity of MFA token is a critical topic since hardware or software components may be cloned or modified, for example through supply chain. Due to industrial competition cyber security aspects of MFA token are not generally in the public domain, and therefore somewhat relies on security by obscurity (SbO). In this paper we present an original MFA token built with open hardware (Arduino) and javacard, which realizes a TLS pre-shared-key identity module (TLS-IM). The microcontroller is authenticated by SRAM dynamic PUF features, its software is checked by attestation procedure based on the bijective MAC time stamped algorithm. The javacard application is authenticated by PKI means, and manages a TLS-PSK channel for remote administration.
KW - IoSE
KW - Secure Element
KW - Security
KW - TLS
U2 - 10.1109/ICNC59896.2024.10556005
DO - 10.1109/ICNC59896.2024.10556005
M3 - Conference contribution
AN - SCOPUS:85197858902
T3 - 2024 International Conference on Computing, Networking and Communications, ICNC 2024
SP - 33
EP - 38
BT - 2024 International Conference on Computing, Networking and Communications, ICNC 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 19 February 2024 through 22 February 2024
ER -