Understanding Failures in Security Proofs of Multi-Factor Authentication for Mobile Devices

Multi-factor authentication is a promising way to enhance the security of password-based authenticated key exchange (PAKE) schemes. It is widely deployed in various daily applications for mobile devices (e.g., e-Bank, smart home, and cloud services) to provide the first line of defense for system security. However, despite intensive research, how to design a secure and efficient multi-factor authentication scheme is still a challenging problem. Hundreds of new schemes have been successfully proposed, and many are even equipped with a formal security proof. However, most of them have been shortly found to be insecure and cannot achieve the claimed security goals. Now a paradox arises: How can a multi-factor scheme that was "formally proven secure" later be found insecure? To answer this seemingly contradicting question, this paper takes a substantial first step towards systematically exploring the security proof failures in multi-factor authentication schemes for mobile devices. We first investigate the root causes of the "provable security" failure in vulnerable multi-factor authentication schemes under the random oracle model, and classify them into eight different types in terms of the five steps of conducting a formal security proof. Then, we elaborate on each type of these eight proof failures by examining three typical vulnerable protocols, and suggest corresponding countermeasures. Finally, we conduct a large-scale comparative measurement of 70 representative multi-factor authentication schemes under our extended evaluation criteria. The schemes we select range from 2009 to 2022, and the comparison results suggest that understanding failures in formal security proofs is helpful to design more secure multi-factor authentication protocols for mobile devices.