An Alternative to Multi-Factor Authentication with a Triple-Identity Authentication Scheme (2407.19459v4)

Abstract: The existing authentication system has two entry points (i.e., username and password fields) to interact with the outside, but neither of them has a gatekeeper, making the system vulnerable to cyberattacks. In order to ensure the authentication security, the system sets a third entry point and use an external MFA service to guard it. The crux of the problem is that the system has no internal mechanism to guard its own entry points as no identifiers can be defined for the username and password without using any personal information. To solve this problem, we open the hash algorithm of a dual-password login-authentication system to three login credentials. Therefore, the intermediate elements of the algorithm can be used to define an identifier to verify the user identity at each entry point of the system. As a result of the above setup, a triple-identity authentication is established, the key of which is that the readily available user's login name and password are randomly converted into a matrix of meaningless hash elements which are concealed, incommunicable, inaccessible, and independent of personal information. So the identifiers defined using such elements can be used by the system to verify the identities of the user at all the entry points of the system, thereby ensuring the authentication security without relying on MFA services.

• The paper proposes a triple-identity authentication scheme using dual passwords and internal identifiers to offer a secure alternative to traditional multi-factor authentication (MFA) services.
• This scheme utilizes components like a quasi-matrix password converter and personalized username converters to create unique, internally managed identifiers for users, passwords, and usernames.
• Integrating device-specific identifiers like IMEI/IMSI further enhances security, potentially reducing reliance on external, network-exposed MFA factors vulnerable to interception.

A Critical Examination of a Triple-Identity Authentication Scheme

The paper introduces a novel approach to user authentication by proposing a triple-identity authentication scheme. This authentication mechanism leverages a dual-password login-authentication system to enhance user security without relying on third-party multi-factor authentication (MFA) services. This scheme addresses fundamental issues in traditional authentication, where only one of the login credentials, usually the hash value derived from the password, is associated with the user identity. The proposed solution fosters robust security by associating identities with usernames and passwords separately.

In the conventional MFA systems, an additional security factor is transmitted via a network or generated through an authenticator application, exposing the process to potential interception and malware risks. Conversely, the triple-identity scheme is designed to create and manage unique identifiers internally within the system. These identifiers are meant to be concealed, incommunicable, and independent of personal information, thereby mitigating online attack vectors.

Key Components of the Triple-Identity Scheme

1. Quasi-Matrix Password Converter: The dual-password login-authentication system incorporates a quasi-matrix password converter. It transforms the user-entered login password into an authentication password through a hashing mechanism. The crucial feature of this converter is its capacity to define identifiers for usernames and login passwords independently. The intermediate hash elements generated in this process serve as unique identifiers, fostering secure authentication at each login point in the system.
2. Username and Login Password Association: The paper details the creation of personalized username converters using hash algorithms. These converters facilitate the definition of unique identifiers for usernames by selecting certain hash elements. Similarly, a login password entered by the user is associated with system-selected hash elements to define its identity. The significant aspect is that these operations are carried out without the identifier's exposure on the network, significantly reducing the possibility of interception by adversaries.
3. Integration with Device-Specific Identifiers: During the registration phase, device-specific identifiers such as IMEI and IMSI numbers are coupled with these system-generated identifiers. This integration ensures that the authentication credentials are strongly linked to the legitimate user's device, providing an additional layer of security.

Implications and Future Directions

The introduction of triple-identity authentication can be instrumental in diminishing reliance on external MFA services. The proposed system's ability to inherently create and manage authentication factors internally can potentially lead to a more secure environment where typical MFA-associated vulnerabilities are reduced.

The practical implications extend to potentially redefining how online services approach identity verification, introducing a method that emphasizes internal robustness without the need for additional network-based factors. Theoretically, this approach prompts further exploration into how systems can effectively and securely manage multiple identifiers without user involvement.

Future work may focus on evaluating the scheme's scalability and integration with existing systems, which involves testing its performance under varying loads and potential compatibility issues with legacy systems. Moreover, examining the triple-identity scheme's resilience against advanced persistent threats and large-scale attacks could be pivotal in assessing its broader applicability across different domains.

Conclusion

The paper presents a sophisticated and internally managed authentication system that leverages a dual-password framework. By redefining traditional authentication parameters and minimizing the reliance on third-party services, the proposed triple-identity scheme offers a unique contribution to user authentication security. As digital interactions expand, the demand for systems that balance convenience with robust security will likely escalate, positioning this research as a foundational step toward meeting those needs.