A Provably Secure Two-Factor Authentication Scheme for USB Storage Devices

Authors

Muhammad Faizan Ayub, COMSATS University Islamabad
Salman Shamshad, COMSATS University Islamabad
Khalid Mahmood, COMSATS University Islamabad
S. K.Hafizul Islam, Indian Institute of Information Technology Kalyani
Reza M. Parizi, Kennesaw State University
Kim Kwang Raymond Choo, The University of Texas at San Antonio

Department

Software Engineering and Game Development

Document Type

Article

Publication Date

11-1-2020

Abstract

© 1975-2011 IEEE. Universal Serial Bus (USB) is widely used, for example to facilitate hot-swapping and plug-and-play. However, USB ports can be exploited by an adversary to extract private or personal data from the connected devices. Hence, a number of organizations and workplaces have prohibited their employees from using USB devices, and there have been efforts to design secure USB storage device schemes to more effectively resist different known security attacks. However, designing such schemes is challenging. For example, in this article we revisit the Wei et al.'s scheme, and demonstrate that it is vulnerable to attacks such as password guessing and user impersonation. We also explain that the scheme does not verify the correctness of user's input in the login phase, which is another design flaw. Then, we present an improved scheme and prove it secure in the random oracle model.

Journal Title

IEEE Transactions on Consumer Electronics

Journal ISSN

00983063

Volume

66

Issue

4

First Page

396

Last Page

405

Digital Object Identifier (DOI)

10.1109/TCE.2020.3035566