Table of Links
-
Related Work
-
The Proposed Secret Backup Approaches
-
Security and Reliability Analysis
2 RELATED WORK
As discussed, existing backup authentication methods can be classified into two general approaches, the alternative-authenticator, and the original-authenticator approaches, depending on whether an owner has an alternative path to access the account. We now review related work in the following and compare the associated security properties.
2.1 The Alternative-Authenticator Approach
An alternative-authenticator approach is to register another secret in advance for backup authentication. This approach is common in password-based authentication systems. However, applying this approach to the PKA system will degrade the security gained by the PKA because the alternative secrets used are generally weaker. We review representative methods in the following.
2.1.1 The security-question method
The security-question method probably is the first commonly adopted account recovery scheme. To recover an account access right, the service provider asks the requester for certain pre-registered personal information, such as the first telephone number used, the father's middle name, etc. Although answers to these questions are personal and supposedly unforgettable, this scheme is deemed insecure as the answers are generally easy to guess due to the small answer space. Also, one may easily find the answers on the owner's social media records. Furthermore, asking personal questions intrudes into the user's privacy [31]. Also, since the same answers and questions may be used on different sites, this method is intrinsically defective [36].
2.1.2 The out-of-band method
Besides personal knowledge, out-of-band communication accounts such as personal e-mail or phone accounts can also be used as backup authenticators. The out-of-band method provides higher security than the security-question method because of the requirement for an additional password or proof of physical ownership. For this method, usually, an account owner preregisters an e-mail address or phone number. If the account password is forgotten, the owner may ask the service provider to send a password reset link or verification code to the pre-registered personal e-mail account or the personal phone using SMS (short message service).
This method assumes that the e-mail or SMS communication method is secure. However, in reality, an attacker may hack email servers [36] or eavesdrop on the unencrypted channel to retrieve e-mails. Similarly, one may intercept the verification code sent by SMS [38]. Cases of implanting malware on a client device to recover the owner's E-mail/SMS [31] and the Man-inthe-Middle attack (MitM) to intercept the recovery code [3][37] have been reported. Although the PKA method is as secure as the original authenticator, using this out-of-band method for backup recovery will significantly lower the system's security level.
2.1.3 The backup code method
For this method, the service provider issues a backup code and has the account owner keep the code secret [57]. The owner usually prints out the code to prevent malware attacks. When recovering an account, the owner submits the code for authentication. The printed code is at risk of theft, and MitM (Man-in-the-Middle) attackers may fish the code presented. The security of the approach depends on how well the owner protects the code.
2.1.4 The face recognition method
Some service providers adopt the face recognition method for account login [53][54] and account recovery. For this approach, the service providers store each owner's biometric information online for identification. One prominent issue is that the centrally managed approach is infamous for invading the user's privacy. Another serious challenge is that a person's face may vary due to aging or accident, and the changes may cause a person to fail to access a personal account [49]. Additionally, Xu presented a face spoofing method by constructing a 3D face model using the target's online photo and demonstrated that the face recognition method is vulnerable to spoofing attacks [60].
2.1.5 The social authentication method
Brainard et al. [21] proposed a social authentication method to help users recover their accounts when losing one of two factors in a two-factor authentication system. Unlike the other recovery methods that require the account owner to provide proof of identity, which is vulnerable to being stolen, as discussed before, the owner's identity can be confirmed by the one he trusts (trustee) simply by a phone call.
In case of losing the account token, the social authentication method has the account owner request the service provider issue a unique recovery code to a pre-registered trustee. The account owner then calls the trustee by phone. The trustee releases the recovery code to the owner if the caller is confirmed to be the owner. The owner then forwards the recovery code and a second-factor code to the service provider to recover the account. This trustee-owner phone-call authentication process is more challenging for hackers to steal or spoof than other methods.
However, since a second-factor code is required, this method does not apply to most systems that are single-factor systems. In this case, the trustee may easily impersonate the owner and access the account using the received recovery code to replace the single authentication factor.
To apply to the password-based single-factor systems, Schechter et al. proposed a multi-trustee social authentication method deployed on Windows Live ID [23]. The method avoids relying on a single trustee by requiring multiple special recovery codes for account recovery. Unfortunately, this method has a loophole as the service providers, for usability reasons, typically provide the list of trustees to the account owner as a reminder for whom to contact for recovery. The issue is that whoever knows the list may organize the trustees for collusive attacks. Additionally, real-world experiments showed that 45% of the trustees could be cheated by someone close to the account owner, even having received specific verification instructions from the service providers [23]. This fact implies that phone calls or face-to-face meetings are not reliable for validation.
Facebook has proposed another social-authentication-based account recovery method called trusted contact [22], adding some defense mechanisms against unreliable trustees. First, the system requires the person who requests account recovery types in a trustee's name to show the complete trustees list. This requirement reduces the probability of revealing the list of trustees to attackers. However, an attacker may try the name of someone close to the target owner and break into the account [39]. Therefore, the system also sets a 24-hour waiting period before granting the account access right to the one that gathers enough recovery codes. If someone logs in to the account with the old password during this period, the account recovery is deemed fake and denied. However, this defense mechanism highly depends on how often an owner logs in to the account. Furthermore, in case the owner does forget the password and cannot log into the account, then, obviously, the collusion of trustees will prevail.
Authors:
(1) Wei-Hsin Chang, Deepmentor Inc. ([email protected]);
(2) Ren-Song Tsay, Computer Science Department, National TsingHua University, Hsinchu, Taiwan ([email protected]).
This paper is