Implementing Two-party Multi-Factor Security on Embedded Platforms
Abstract
There are several applications in modern society that require two parties or systems to trust each other before exchanging sensitive information or allowing access (such as a smart locks and keys or a private email account). However, current systems are insecure, due to the use of static credentials and/or deterministic updates to credentials. To address these limitations, a new protocol called Dynamic Multi-Factor Security (DMFS) was developed for authenticating two-party systems. To accommodate a variety of applications, this protocol was designed with considerations for embedded platforms. In this thesis, the DMFS protocol was implemented on a low-power embedded system using a Raspberry Pi Zero W based platform. To validate the performance of DMFS under real-life scenarios, network failures were simulated by dropping and distorting packets. The performance of DMFS was quantified thoroughly, by measuring the protocol success rate as well as how many packets were generated in each step of the protocol. To test if the Hardware Random Number Generator (HWRNG) on the Raspberry Pi Zero W is secure enough to be used for DMFS, the randomness properties of its output were validated using a statistical test suite. Also, the DMFS protocol failure rate and protocol speed were quantified for varying timeouts, to see how timeouts in the protocol affect performance. Lastly, the power and energy consumption of DMFS was measured, to demonstrate the low-power and low-energy nature of the implementation.
Citation
Lansford, Joellen S (2021). Implementing Two-party Multi-Factor Security on Embedded Platforms. Master's thesis, Texas A&M University. Available electronically from https : / /hdl .handle .net /1969 .1 /195825.