Abstract or Summary:
Despite over two decades of continuous efforts, how to design a secure and efficient two-factor authentication scheme remains an open issue. Hundreds of new schemes have wave upon wave been proposed, yet most of them are shortly found unable to achieve some important security goals (e.g., truly two-factor security) and desirable properties (e.g., user anonymity), falling into the unsatisfactory “break-fix-break-fix” cycle. In this vicious cycle, protocol designers often advocate the superiorities of their improved scheme, but do not illustrate (or unconsciously overlooking) the aspects on which their scheme performs poorly.

In this paper, we first use a series of “improved schemes” over Xu et al.’s 2009 scheme as case studies to highlight that, if there are no improved measurements, more “improved schemes” generally would not mean more advancements. To figure out why the measurement of existing schemes is invariably insufficient, we further investigate into the state-of-the-art evaluation criteria set (i.e., Madhusudhan-Mittal’s set). Besides reporting its ambiguities and redundancies, we propose viable fixes and refinements. To the best of our knowledge, we for the first time demonstrate that there are at least seven different attacking scenarios that may lead to the failure of a scheme in achieving truly two-factor security. Finally, we conduct a large-scale comparative evaluation of 34 representative two-factor schemes, and our results outline the request for better measurement when assessing new schemes.