A. Zero Trust

The term “zero trust” was conceived by John Kindervag while at Forrester Research [31]. The report “No More Chewy Centers: The Zero Trust Model of Information Security” [32] centered on recognizing the weakness of current security models and how the “trust but verify” approach cannot be adequate to avoid modern threats as most attacks come from positions of trust. According to Forrester, the three key fundamental principles of the zero trust model are “all sources must be verified and secured”, “access control”, and “inspect and log all network traffic.”

An architecture standard for zero trust has been proposed by the National Institute of Standards and Technology (NIST) [33]. Considering the recommendations of Forrester, NIST emphasizes the critical role of identity and credential management in the zero trust architecture. This approach is centered on the principle that trust is never assumed and must be continually validated. The framework proposed by NIST highlights that rigorous authentication and authorization are central to the zero trust model. Through continuous validation of identity and security status, the zero trust architecture seeks to minimize unauthorized access risks and enhance overall network security, reflecting a shift from traditional perimeter-based security models to a more dynamic, identity-centric approach.

B. Blockchain

Blockchain technology reinforces the fundamental tenets of zero trust by offering a secure, transparent, and tamper-proof authentication mechanism. In a blockchain network, trust is distributed across all participating nodes through cryptographic algorithms and consensus mechanisms [34].

The integrity and consistency of data within a blockchain network are maintained through consensus mechanisms like Proof of Work (PoW), Proof of Stake (PoS), and Proof of Authority (PoA), ensuring unanimity among nodes [35], [36]. The Quorum Byzantine Fault Tolerance (QBFT) consensus is an example, where validators vote on the validity of a proposed block, with a supermajority (typically 2/3) required for block addition [37]. QBFT operates as an enhancement of the Practical Byzantine Fault Tolerance (PBFT) mechanism. In a QBFT system, up to f nodes can be faulty, as shown in (1), where n signifies the total number of validator nodes present. To achieve consensus on a transaction or specific state, approval is mandated from at least h validator nodes, as shown in (2). $$\begin{align*} f=& \frac {n-1}{3} \tag {1}\\ h=& \frac {2n}{3} + 1 \tag {2}\end{align*}$$ View Source\begin{align*} f=& \frac {n-1}{3} \tag {1}\\ h=& \frac {2n}{3} + 1 \tag {2}\end{align*}

Each transaction added to the blockchain is verified and recorded across multiple nodes, ensuring transparency and immutability. This decentralized architecture eliminates the need for a central authority and minimizes the risk of a single point of failure or malicious manipulation.

Furthermore, the cryptographic techniques employed in blockchain ensure that data integrity is maintained, enhancing security and mitigating the risk of unauthorized access or tampering. Participants in the blockchain network utilize cryptographic key pairs for secure transactions, where a private key $(PrK)$ signs transactions and a corresponding public key $(PuK)$ verifies ownership and integrity [38]. Addresses $(PuAdd)$ generated from public keys allow for the association of identity attributes in a manner that is both verifiable and resistant to fraud. This attribute makes blockchain addresses particularly useful in authentication systems for verifying the uniqueness and authenticity of an individual.

Smart contracts automate agreements within blockchain networks, executed in environments like the Ethereum Virtual Machine (EVM), showcasing the flexibility of blockchain applications [39]. Also, decentralized applications (dApps) can be built upon smart contracts to drive transparency and reduce tamper risks in operations, including authentication processes. Yet, the reliance on centralized components for certain operations in the dApps, as shown in Fig. 1, can introduce single point vulnerabilities [40].

FIGURE 1.

Architecture of a blockchain-based authentication system showing the authentication server with dApp logic and its potential as a single point of failure.

Show All

Non-fungible tokens (NFTs) extend blockchain’s application to digital ownership and identity authentication. NFTs (ERC-721), or specifically designed soul-bound tokens (ERC-5484), can represent unique, non-transferable identities, further securing authentication processes [41], [42].

These features make the blockchain versatile, with applications ranging from financial transactions to supply chain management [43]. In the context of authentication, the trust-enabling attributes of the blockchain align with the principles of zero trust, where trust is continuously verified by the operation of the blockchain, thus enhancing the overall security posture.

C. Asymmetric Encryption and Digital Signatures

Digital Signature Algorithms (DSA) and asymmetric encryption are foundational for secure communications between parties. Blockchain platforms like Ethereum operate on ECC and the ECDSA. In Ethereum, the blockchain keys generated and used within its framework are suited for implementing secure communication channels outside the blockchain operations. These keys facilitate encrypted messaging and authenticated transactions, allowing for a cohesive cryptographic approach without integrating disparate systems.

Ethereum’s utilization of the secp256k1 curve in ECC is a notable aspect of its security infrastructure [44]. The secp256k1 curve provides a 256-bit level of cryptographic robustness, making it difficult to compromise the keys generated and ensuring the integrity and security of communications and transactions [45].

D. Zero Knowledge Proofs

ZKPs are cryptographic methods designed to maintain privacy and confidentiality. They enable one party to prove the truth of a statement to another party without revealing any specific information about the statement itself. The core aim of ZKPs is to allow for a verification process where the verifier gains confidence in the truth of a claim without acquiring any additional knowledge, thus keeping sensitive information concealed while still facilitating necessary validations [46], [47].

The zk-SNARKs are a specific type of ZKP. They streamline the interaction between the prover and the verifier. Unlike traditional ZKPs, which may require several interactions or challenges, zk-SNARKs allow the proof to be established non-interactively in a single step [48]. The prover can create a proof and send it to the verifier, who can verify it without further communication. The ‘succinct’ aspect of zk-SNARKs refers to their efficiency; the proofs are small in size and quick to verify. This makes zk-SNARKs particularly useful in blockchain applications where efficiency and scalability are essential. The basic flow involves using a specific computational circuit representing the model of what must be proven. The circuit is used to create a set of keys: a proving key pk for the prover and a verifying key vk for the verifier. The prover generates a “proof” to demonstrate their knowledge of a statement, and the verifier verifies this “proof” without gaining any information about it other than its accuracy. The simplified process is shown in Algorithm 1.

E. Software-Based Random Number Generators

Software-based random number generators (RNGs) are algorithms used to produce sequences of numbers that approximate the properties of random numbers. Typically, these are employed in applications requiring unpredictability, such as creating an OTP. A vital component of an RNG is the ‘seed,’ the initial starting point or input value used by the algorithm to generate the random sequence. The seed determines the sequence of numbers generated by the RNG; the same seed will always produce the same sequence. RNGs calculate new numbers based on this seed, often using complex mathematical operations to ensure the randomness of the output.

However, the security of software-based RNGs can be compromised if the seed value is known or predictable, as noted in [49]. If an attacker gains control of the system and can determine the seed, they can replicate the number sequence of the RNG, potentially exposing sensitive data. This vulnerability underscores the importance of using unpredictable and well-protected seed values alongside robust algorithms in RNGs, particularly for security-critical applications. A novel approach to further enhance security involves distributing the random number creation process [50]. Doing so reduces the dependency on a single point (the seed), bolstering the resilience of the RNG against attacks.

F. Identity Registration

The identity registration step in blockchain-based authentication systems must be distinct from the authentication process. This separation is essential to ensure the privacy preservation of user details. The registration of identities is ideally handled by a dedicated entity, often tied to a specific organization, as it may involve adherence to particular business rules or collecting specific user details.

To effectively integrate identity registration with blockchain technology, user identities are recorded on the blockchain by associating them with a unique PuAdd. This can be achieved by employing hashing techniques to obscure user details, ensuring that the privacy of the user is maintained while also considering the uniqueness of each hash when it is mapped to a PuAdd. This approach guarantees that each identity is distinct and securely represented on the blockchain. The detailed steps are shown in the Fig. 2 sequence diagram, which depicts a process for securely registering the information of a user on a blockchain, utilizing asynchronous encryption, signature, and hashing techniques. The step-by-step explanation of the depicted process is as follows:

1. The Registration Server RS provides its Public Key $(PuK_{RS})$ to the User.

2. The User prepares their personal information, encapsulated in a tuple $I=(P,C)$ , where P refers to personal details and C refers to contact information.

3. The User encrypts the personal information tuple I using the Public Key of the $RS~(PuK_{RS})$ to get the encrypted information EI.

4. The User signs the encrypted information EI using their Private Key $(PrK)$ to produce the signed encrypted information SEI.

5. The User submits the encrypted information EI and the signed encrypted information SEI to the RS.

6. The RS verifies the signature on SEI to ensure its validity and extracts the User’s Public Key $(PuK_{u})$ from the signature.

7. The RS decrypts EI using its Private Key $(PrK_{RS})$ to retrieve the original personal information tuple I.

8. The RS verifies the personal information I. (e.g., if it belongs to the organization) **This step is governed by the organization’s rules for handling user information and is not detailed in this research**.

   • If the verification is invalid, the flow goes to step 12.

9. The RS hashes the personal information I using a hash function of 256 bits to get H.

10. The RS computes the PuAdd from the $PuK_{u}$ .

11. The RS stores H on the blockchain, mapping it to the PuAdd.

12. The RS confirms the successful registration to the User.

13. If the verification carried out in step 8 is invalid, the RS sends an “Invalid request” message to the User and ends the flow.

FIGURE 2.

Identity registration process with privacy preservation of user details in the blockchain.

Show All

The authentication process operates independently of the registration. It solely focuses on the hashed blockchain-based identities associated with their public addresses. This approach ensures transparency and respects user privacy.

G. Glossary

Table 1 lists the abbreviations commonly used in the paper and their descriptions.

TABLE 1 List of Abbreviations

A. Distributed Authentication Mechanism (DAM)

The DAM is designed to spread the authentication process across multiple nodes. It draws inspiration from the inherently distributed nature of the blockchain, specifically, a blockchain utilizing the QBFT consensus mechanism. In a typical blockchain environment, nodes are spread across various geographical locations. The QBFT consensus mechanism ensures that most nodes (validators) in the network agree upon a particular state or transaction before it is added to the blockchain. Even if a few nodes act maliciously or provide incorrect information, the system can still function correctly if the majority consensus is maintained.

Expanding upon the QBFT foundation, this research extends the role of validator nodes beyond merely maintaining the blockchain. In this system, validators also take on the responsibility of executing the logic required for authentication within a zero-trust framework. Each validator node adopts an “Authenticator” role A in the DAM framework. Alongside their inherent responsibilities in the QBFT consensus, these validator nodes also form the core of the authentication mechanism. When a user seeks authentication, these Authenticator nodes (acting as validators) work together to execute the MFA process, adhering to the QBFT mechanism to handle faulty nodes.

The research addresses a common weakness in many blockchain-based authentication systems: the risk of a single point of failure. The traditional setup, as depicted in 1, typically relies on a centralized authentication system to manage crucial authentication tasks. If this system faces issues or gets compromised, it can disrupt all authentication requests. On the other hand, the method presented in this work spreads out the authentication tasks across the blockchain, as seen in Fig. 4. Instead of relying on one central point, the system uses multiple validator nodes for authentication.

FIGURE 4.

Distribution of authentication functionality across nodes in a blockchain.

Show All

The DAM receives MFA authentication requests, which a single authenticator A serves amongst the total $A_{N}$ in the system. The authentication process requires a pre-registration step in which user details are hashed and securely stored in the blockchain. The DAM does not manage the registration process. Instead, it is externally handled, for instance, by institutions or organizations wishing to adopt a blockchain-based MFA authentication system as part of their system.

B. MFA Process

The authenticator A plays a pivotal role in managing MFA requests initiated by users. Its key responsibilities are to cross-check user information against records stored within the blockchain, to compute the OTP secret, which is vital for verifying user authentication requests, and to provide an authentication token after the MFA is completed. The MFA mechanism is targeted to blockchain-based authentication systems, so it is assumed that every entity interacting in the process has proper PrK and PuK alongside PuAdd.

C. Zero Knowledge Proof

Ensuring the confidentiality and integrity of the OTP during the verification phase is crucial. The core challenge lies in enabling a user to prove the knowledge of the OTP to the DAM without exposing the OTP itself. Since the user has demonstrated the ability to decrypt the OTP, thanks to possessing the corresponding private key of the asymmetric encryption process, the next step is to communicate this knowledge to the DAM securely. In the OTP generation stage, the hash of the OTP was associated with a unique map, OTPMap, linking it to a specific user through their public address, $PuAdd_{u}$ . This association ensures that a particular OTP is designated for a specific user alone. The blockchain must conduct the ZKP verification to uphold this association and prevent misuse. By doing so, the blockchain, through a transaction, validates that the correct user is undertaking the verification, thereby maintaining the integrity and confidentiality of the MFA process. This way, the user can demonstrate the possession and knowledge of the OTP without revealing it, and the DAM can securely confirm the authenticity of the user.

The specific variant of ZKP adopted in this work is zkSNARK. This variant facilitates the user to prove the possession and knowledge of the OTP without disclosing it, while the DAM is enabled to affirm the authenticity of the user securely. Creating a ZKP using zkSNARKs to prove the knowledge of an OTP without revealing it is described as follows:

1. Circuit creation (preliminary step):

   • A superuser (administrator of the system or deployer) creates a circuit that will be used to generate and verify proofs. This circuit is designed to validate the knowledge of a hash preimage, in this case, the preimage of the OTP. The logic of the circuit can expressed as (7), where x is the preimage (OTP), h is the hash of the OTP, and C is the circuit function. The circuit verifies that hashing x results in h. $$\begin{equation*} C(x, h)= \left ({{ \text {H256}(x) - h }}\right ) = 0 \tag {7}\end{equation*}$$ View Source\begin{equation*} C(x, h)= \left ({{ \text {H256}(x) - h }}\right ) = 0 \tag {7}\end{equation*}

   • The superuser generates a proving key pk and a verification key vk for the circuit. The pk and the circuit are securely transmitted to the user. Both of these keys are public and can be shared by any means. The pk is used to interact with the circuit and create a proof. The vk is used to verify the proof generated. These keys are generated only once, unless the logic of the circuit changes.

2. Witness Computation:

   • The user computes the witness w on the circuit using their OTP and the proving key pk:

     $w = \text {ComputeWitness}({pk}, {OTP})$ .

3. Proof Generation:

   • The user generates a proof $\pi$ using the proving key pk, the witness w, and the circuit C:

     $\pi = \text {GenerateProof}(pk, w, C)$ .

4. Proof Submission:

   • The user submits the proof $\pi$ to the blockchain by interacting with the smart contract designed to verify the proof.

5. Proof Verification:

   • The smart contract on the blockchain verifies the proof $\pi$ using the verification key vk and the hash of the OTP h stored in the OTPMap associated with the user’s public address $PuAdd_{u}$ . This is expressed as, $\text {IsValid} = \text {VerifyProof}(\text {vk}, \pi , h^{\prime })$ . The verification key is embedded in the smart contract.

   • The Verify function checks whether the proof $\pi$ is valid given the verification key vk. If the proof is valid, it returns True, indicating that the user has successfully proven the knowledge of the OTP without revealing it. If the proof is not valid, it returns False, indicating that the proof is incorrect, and the verification fails.

In the scenario of the MFA system discussed in this work, the circuit is used as a secure and privacy-preserving verification of the OTP. The core objective is to allow a user to prove the knowledge of the OTP without disclosing the actual value to anyone, including the verifying party. This is crucial for maintaining the confidentiality and integrity of the authentication process.

The specific circuit C is designed to achieve this goal by verifying the knowledge of a hash preimage x (the OTP) against a known hash value h. The circuit leverages the properties of cryptographic hash functions, which are deterministic yet non-reversible, to ensure that the user can prove the knowledge of the OTP without revealing it. The zkSNARK framework then enables the creation and verification of proof that asserts the truthfulness of this claim in a zero-knowledge manner without revealing any additional information other than the validity of the claim itself.

The uniqueness of proof verification is guaranteed by the blockchain transaction, which ties the verification to the specific public address $PuAdd_{u}$ of the receiver of the OTP. Only the designated user can correctly verify the proof, as the hash is tied to their specific public address, verified by the blockchain transaction. The verification is described in Algorithm 4.

D. MFA in a Zero Trust Environment

The user can utilize $Auth_{t}$ to access a ZTN system as long as the token remains valid. During this period, an MFA process is not required. This verification is managed through the possession of the token, which is associated with the $PuAdd_{u}$ and is consequently linked to the blockchain keys that correspond to that address. The ZTN system must implement a mechanism to verify the existence of authentication tokens continuously. However, the detailed mechanism is beyond the scope of this research, as the work primarily focuses on the MFA process. A simple description is shown in Fig. 5, described as follows.

1. Connection request:

   • The user initiates a connection request to the ZTN. This request is signed using the blockchain keys associated with the identifier of the user $S(PrK_{u}, UserID)$ , which is represented as public address $PuAdd_{u}$ , establishing a proof of ownership for the system.

2. Authentication token verification:

   • Upon receiving the connection request, the ZTN queries the blockchain to verify the existence and validity of an authentication token $Auth_{t}$ associated with the public address of the user $PuAdd_{u}$ :

     $Auth_{t} = Fetch_{t}(PuAdd_{u})$ .

3. Verify validity of the token:

   • The validity of $Auth_{t}$ is checked against the current block height to ensure it has not expired:

     $\text {IsValid} = (currentBN \leq (Auth_{t}.\exp ))$ .

   • If no $Auth_{t}$ exists for the $PuAdd_{u}$ , the process ends.

4. Connection authorization:

   • If the user has a valid $\text {Auth}_{t}$ , the connection to the ZTN is authorized.

5. Denied connection:

   • If the $Auth_{t}$ is expired, the connection request is denied, and the user must execute the MFA process to obtain a new $Auth_{t}$ .

6. Invalid request:

   • In case of a non-existent $Auth_{t}$ , the user must execute the MFA process.

FIGURE 5.

ZTN connection and authentication process with blockchain verification.

Show All

A. ZKP Using ZoKrates

The core of the zkSNARKs implementation is the creation of a cryptographic circuit that validates the knowledge of a hash preimage for the OTP. The circuit representation in DSL is shown in Fig. 6, which mimics the purpose of 7.

FIGURE 6.

Representation of zkSNARKs circuits in a domain-specific language for ZoKrates.

Show All

The import line specifies a package capable of processing 512 bits of input data and hashing it into a 256-bit output. The imported module is aliased as sha256packed to conveniently reference it within the circuit. The logic of the code and its comparison 7 is described as follows:

1. Hashing operation

   • In (7) the function $H256(x)$ denotes the SHA-256 hash operation on the input x.

   • In Fig. 6, the line field[2] h = sha256packed([0, 0, 0, OTP]); performs the SHA-256 hash operation on the concatenated inputs 0,0,0, OTP, which are four fields of 128-bits padded values that are concatenated (this is how ZoKrates operates) akin to the representation of x in the equation. The output is two fields of 128-bits (The 256-bit hash).

2. Hash comparison

   • In (7), the subtraction operation H256(x) - h represents the difference between the computed hash and the expected hash h.

   • In Fig. 6, the lines assert(h[0] == H1); and assert(h[1] == H2); check that each part of the computed hash h matches the corresponding part of the expected hash H.

3. Zero equality check

   • In (7), the expression $(\mathrm {H256}(x)-h)=0$ checks that the difference between the computed hash and the expected hash is zero, indicating a match.

   • In Fig. 6, the assertions ensure the same zero difference through direct equality checks rather than a subtraction operation.

In both the equation and the code, the core objective is to verify that a certain hash pre-image is known without revealing it. This is denoted by the function parameter, marked as a private field, which means these are the private inputs to the circuit that the prover knows but does not reveal. The parameters $H1$ and $H2$ are public inputs to the circuit, and the public 256-bit hash value of the OTP is divided into two fields of 128 bits.

Once the circuit is compiled, ZoKrates generates the pk and vk. The pk and the compiled circuit are embedded in the user’s client software, and the vk is embedded in a smart contract for verifying ZKPs. Although ZoKrates can generate a contract that verifies ZKPs without executing blockchain transactions, the security requirements of the MFA process require the traceability of the origin of the proof. The ZKP verification process is executed as a transaction via the verifyTx function. This function is public, allowing users to trigger it. Its primary purpose is to confirm the identity of the user, attempting to verify proof. Additionally, it checks the expiration of the OTP using a require statement (require(block.number ¡= expiration, “OTP has expired”)) before proceeding with the verification.

The ZKP verification contract utilizes an interface IOTPContract to interact with another smart contract dedicated to OTP mapping. It uses an instance of this interface, otpContract, to interact with the OTP smart contract. The primary function, verifyTx, retrieves the OTP hash and its expiration time from the OTP smart contract using this interface.

The ZKP contract emits an event, VerificationCompleted, to notify the DAM of the outcome of the ZKP verification. The event is triggered with either emit VerificationCompleted (true, msg.sender); or emit VerificationCompleted (false, msg.sender);, depending on the verification result.

B. Smart Contracts

The smart contracts contain the ZKP verification logic, OTP mapping, and authentication token generation. Additionally, a user registration smart contract is included. Although it is not part of the MFA process, it is essential for fulfilling the requirements of identity hash mapping. The basic structure of the four smart contracts is shown in Table 3. In the proposed MFA mechanism for this work, smart contracts play a crucial role in managing the authentication process. These contracts are programmed using the Solidity language [54], a statically typed programming language designed to develop smart contracts that run on the EVM.

TABLE 3 Smart Contracts Overview

The User Registration, OTP Mapping, and Authentication token smart contracts incorporate a security mechanism through a function modifier, isOwner. This modifier enforces a check ensuring that only the authorized entity, which matches the one stored in the contract, can execute certain transactions or invoke specific methods. This mechanism ensures unauthorized entities cannot interfere or tamper with the data and the logic encapsulated in these contracts.

Initially, a specially designated entity known as the ‘superuser’ is tasked with deploying smart contracts onto the Ethereum blockchain. During this deployment phase, the contract owner field is set to the Ethereum account of the superuser by a constructor in the smart contract, which executes initialization tasks during contract deployment. The smart contract deployment is a blockchain transaction that can be executed utilizing the Remix Ethereum IDE [55]. The msg.sender receives the value of the entity executing the transaction. This setup ensures that only the superuser can interact with these contracts, providing a secure setup phase.

However, the ownership does not remain with the superuser. Post-deployment, the superuser transfers the ownership to the respective entities that manage and interact with these contracts. Specifically:

• The ownership of the User Registration contract is transferred to an entity acting as the registration server, which takes over the responsibility of managing user registrations.

• The DAM, represented by collective authenticators, is assigned the ownership of the Authentication token and the OTP Mapping contracts.

This change in ownership is a one-time setup step, after which the respective entities assume control over their designated smart contracts, managing the logic and data of user registrations, OTPs, and authentication tokens as per the designed MFA mechanism. This structured ownership transfer and the isOwner modifier enforce a strong access control policy, ensuring that only authorized entities can interact with the smart contracts, thus enhancing the security and integrity of the entire MFA mechanism.

The Authentication token smart contract overrides the standard ‘transferFrom’ and ‘safeTransferFrom’ functions to prevent the transfer of tokens. This design choice ensures that tokens can only be controlled by authorized entities, thus preserving the integrity of the MFA process. The smart contract builds upon the ‘ERC721’ and ‘ERC721Enumerable’ classes from the OpenZeppelin library, known for providing compliant implementations of ERC-721 NFTs. By overriding the transfer functions, the contract upholds the fundamental security principle of controlled token transfer, which is vital to meet the requirements of the MFA process.

C. DAM Implementation

The DAM leverages Web3 libraries to facilitate interaction with the Ethereum blockchain, facilitating multi-factor authentication by verifying user credentials, managing OTPs, handling authentication tokens, and managing identity and transaction signing. ECC libraries handle cryptographic operations, ensuring data confidentiality and integrity. During the first deployment of the DAM, the authenticators generate and locally store their accounts’ encrypted PrKs. Cryptography relies on ECC libraries for encryption, decryption, and message signing.

The DAM supports multithreading (natively through Flask) for parallel request handling, especially in distributed OTP generation and aggregation. Each authenticator generates a partial OTP using a random integer between 1 and 10 billion, later aggregated into the final OTP.

The implementation handles peer node connections through a URL array, facilitating intercommunication during OTP generation and aggregation, e.g., node_urls[“A1:port”, “A2:port”…]. The authenticators contain a simple SMTP implementation for sending the encrypted OTP back to the users (The SMTP server implementation is not secure; it uses a disposable GMAIL address to achieve the functionality proposed in this work).

A blockchain event listener receives verification results from the ZKP smart contract, triggering the creation and transfer of the authentication token. The DAM adopts a modular design, encapsulating functionalities like cryptographic operations, blockchain interactions, and request handling in separate modules, as shown in Table 4.

TABLE 4 Overview of DAM Functionality (Per Authenticator)

A. Experimental Setup

An experimental setup was conducted on a dedicated Linux server boasting an Intel Xeon Gold 6130 CPU and 256 GB of RAM. Hyperledger Besu nodes were configured and run as individual processes, each having distinct domain names and ports ranging from node1 on port 9545 to node5 on port 9549. Parallelly, the DAM was deployed on the same server on different ports, from node1 on port 5001 to node5 on port 5005.

A user/client application to engage in the MFA and ZKP verification processes was setup using Python on a separate machine with an Intel Core i5-7400 and 16GB of RAM connected within the same network as the DAM, as shown in Fig. 7. The user/client embeds Web3 libraries and ZoKrates functionality for creating a ZKP. The domain names for nodes were mapped to the IP address of the Linux server, facilitating a uniform IP scheme across the nodes.

FIGURE 7.

Deployment map of the experimental testbed.

Show All

Upon initiating the DAM, Ethereum accounts were successfully created for each authenticator as follows:

• $A_{1}$ : ‘0xd5a68bB8c76c05722Df562166ec0a1326Eb7dB66’

• $A_{2}$ : ‘0x94b74af81845F86ddf14F889F9F0d2543a419943’

• $A_{3}$ : ‘0xa2A28BcD89C5950A5926E6c19f2F43A0109a3ed2’

• $A_{4}$ : ‘0xc656Cf666B7788185d2c4CA5A64aa08369AA57a7’

• $A_{5}$ : ‘0x7CbBeedc618272298c5C6A0863abD9E671BAABf7’

A superuser was designated to handle the smart contracts’ deployment (User Registration, ZKP verification, Authentication token, and OTP mapping). Post-deployment, the ownership of the Authentication token and OTP Generation contracts was transferred to the respective five DAM authenticators’ addresses. The superuser also executes the registration steps as shown in Fig. 2 (acting as the Registration Server), registering a user on the network with the following credentials:

• $PuAdd_{u}$ : ‘0xd6A0530324cAa949A79B4816B8b8BC8CdbFa362c’

• $H256(I)$ : ‘28b8e7bfc7ea2c17fd2333333da8373176ea898d78b122b2feed6fc14f2ab223’

B. Security Analysis

With the initial setup completed, the registered user can now initiate the request for authentication to the DAM. Upon this initiation, a security analysis is conducted under various conditions to measure the effectiveness of the MFA measures against an array of potential threats. The attack scenarios recreated for this analysis comprise network sniffing, man-in-the-middle attacks, and attempts to disrupt the operations of the system. The resulting insights primarily focus on the capability of the system to prevent unauthorized access, uphold data integrity, and evaluate the effectiveness of the deployed encryption methodologies.

The security properties of the system are shown using probabilistic success metrics representing an attacker’s potential to compromise different aspects of the system. The defined metrics are shown in Table 5.

TABLE 5 Probabilities in DAM Security Analysis

The cumulative probability of a successful attack, denoted as $P_{A}$ , is specified in (8) where $P_{i}$ is related to impersonation attacks and $P_{j}$ to the knowledge of the secret used for MFA. These probabilities, associated with potential security breaches, are expected to be notably low due to the robust security measures incorporated within the proposed framework, driving the overall probability of a successful attack to $P_{A}\rightarrow 0$ . In (8), terms represented as sums indicate individual events that could compromise the system if they occur, such as impersonation involving the knowledge of the PrK of the user. Conversely, terms multiplied together imply that specific conditions, like an attacker obtaining the OTP value, will not independently affect the overall reliability of the MFA process. $$\begin{equation*} P_{A} = \left ({{ \sum _{i \in \{ia, iu, p, t\}} P_{i} }}\right ) + \left ({{ \prod _{j \in \{de, g, u\}} P_{j} }}\right ) \tag {8}\end{equation*}$$ View Source\begin{equation*} P_{A} = \left ({{ \sum _{i \in \{ia, iu, p, t\}} P_{i} }}\right ) + \left ({{ \prod _{j \in \{de, g, u\}} P_{j} }}\right ) \tag {8}\end{equation*}

The impact of (8) on the overall security of the system is explained through a threat model for the proposed blockchain-based MFA system. This model is crucial for systematically identifying and analyzing potential threats that could compromise the system’s security and privacy. Additionally, it explains the capabilities of potential attackers and the impact of various attack vectors.

The threat model considers the following actors:

• External Attackers$(A_{ext})$ : Individuals or groups outside the organization attempting to gain unauthorized access or disrupt the MFA system.

• Insider Threats$(A_{ins})$ : Individuals within the organization who might inadvertently cause security breaches.

The threat model defines the potential actions of these threat actors against the blockchain-based MFA system. Let S be the set of system states, where each state $s \in S$ represents a unique step in the MFA. Let A be the set of actions that can be performed by an attacker, where $A = A_{ext} \cup A_{ins}$ , representing the union of actions available to external attackers and insider threats.

The potential impact of an attack can be represented by a transition function $T~: ~S \times A \rightarrow S$ , which maps a system state and an attacker action to a new system state. An attack is successful if there exists an action $a \in A$ such that $T(s, a)= s^{\prime }$ leads to a compromised system state $s^{\prime }$ .

2) Insider Threats $\textit {(}A_{Ins}\textit {)}$

• Actions$\textit {(}A_{ins}\textit {)}$ : Inadvertent disclosure of sensitive information and potential collusion with external attackers (The insider can attempt to execute the same actions as the external attackers).

• Mitigation Strategy: Employ access control mechanisms to prevent unauthorized actions by insiders. Define $T(s, a_{ins})$ such that it continuously verifies the credentials $(C)$ to prevent transition to a compromised state: $T(s, a_{ins}) \rightarrow s$ if $C(a_{ins}) = \text {True}$ .

The analysis of state transitions for impersonation, OTP compromise, authentication token exploitation, and DoS attacks is presented as follows:

Impersonation attempt: The blockchain serves as a fundamental countermeasure against impersonation attacks, primarily through the employment of smart contracts during the initial setup phase. The verification process against a blockchain-mapped identity ensures that only authenticated users or authenticators can interact with the system, leveraging the ‘onlyOwner’ modifier in smart contracts. This mechanism effectively safeguards against unauthorized attempts to mimic legitimate users or authenticators. Suppose an impersonator attempts to imitate a user or an authenticator. In that case, the blockchain will reject any requests since the verifications are tied to public addresses derived from the signed interactions, as shown in Fig. 8.

FIGURE 8.

Prevention of impersonation attacks by using the blockchain.

Show All

Attack vector$(A_{imp})$ : An impersonation attempt by an adversary ($A_{ext}$ or $A_{ins}$ ) is represented by the action $A_{imp}$ , where the adversary tries to assume the identity of a legitimate user or authenticator within the system.

State$(s)$ to compromised state$(s')$ transition: The blockchain’s integrity checks, tied to public addresses derived from signed interactions, prevent the transition $T(s, A_{imp}) \rightarrow s^{\prime }$ , ensuring the system remains in a secure state $(s)$ .

The only event in which an attacker can successfully impersonate a user or an authenticator is when the PrK of the Ethereum accounts are compromised. However, these private keys are stored locally and encrypted, so the attacker must also crack the encryption of the private keys. $$\begin{equation*} R_{imp} = 1 - \left ({{\frac {1}{N^{L}}}}\right ) \tag {9}\end{equation*}$$ View Source\begin{equation*} R_{imp} = 1 - \left ({{\frac {1}{N^{L}}}}\right ) \tag {9}\end{equation*}

The resilience of the encryption is represented in (9), Where $R_{imp}$ denotes the resistance against impersonation attacks, N is the number of possible characters of a password used for encryption, and L is the password’s length used for private key $(PrK)$ encryption. The design of the system requires that an attacker compromise the private keys $(PrK)$ of Ethereum accounts, which are locally stored and encrypted. The cryptographic strength, represented by $R_{imp}$ , ensures a negligible probability of successful impersonation, further augmented by the non-transmission of sensitive user details to authenticators.

OTP Compromise: Potential risk scenarios include the unintentional sharing of decrypted OTPs or device compromise through malware. The system employs ZKP verifier smart contracts, accessible publicly but requiring a transaction signed with the user’s private key for verification.

Attack vector$(A_{otp})$ : The compromise or unauthorized acquisition of the OTP by an adversary is denoted by $A_{otp}$ .

Verification and resistance mechanism: The verification process mandates a matching public address in the OTP map on the blockchain, ensuring that only the initiating user can validate the OTP’s knowledge. This mechanism effectively nullifies $A_{otp}$ by requiring proof that third parties cannot furnish, as shown in Fig. 9.

FIGURE 9.

Prevention of third-party use of the OTP for ZKP by employing the blockchain.

Show All

Authentication token exploitation: The authentication token is modeled as a non-transferable NFT, with an expiration determined by the blockchain’s block count, ensuring its validity and singular ownership.

Attack vector$(A_{token})$ : The unauthorized use or theft of the authentication token is represented by $A_{token}$ .

Security principle and token integrity: The inherent design of the NFT and its implementation ensures uniqueness and ownership, rendering $A_{token}$ infeasible without compromising the user’s private keys.

DoS Attack Resilience: The system’s resilience to DoS attacks is directly proportional to the network’s node distribution, enhancing its mitigation capability against such attacks.

Consensus Model$(QBFT)$ : The QBFT approach highlights the system’s fault tolerance, as detailed in equations (1) and (2). This consensus model resists faults because it can continue to operate correctly even if some nodes fail or act dishonestly. The system can maintain its integrity and continue functioning by adhering to the QBFT conditions, even in the face of network floods characteristic of DoS attacks.

C. Security Comparison

Table 6 compares the system’s security features proposed in this work with three related works considering using ZKP. The comparison is structured to provide a clear understanding of how each system measures resilience against various cyber threats. The features examined include resilience to DoS attacks, OTP guessing, OTP stealing, OTP misuse by third parties, third-party OTP knowledge proving, and authentication token resilience.

TABLE 6 Security Comparison With Research From Similar Studies

The study in [29] keeps user privacy intact by not storing personal details on the blockchain but using public addresses for identification purposes. However, handling passwords that function similarly to this work’s OTP presents a critical weakness. In their setup, the smart contract processes the password into a hash, which, unfortunately, makes it susceptible to frontrunning attacks [57]. Frontrunning is an issue that arises when transactions are lined up and waiting for confirmation. In this period, an attacker with access to the blockchain node that receives the transactions can see the inputs of all the smart contract functions. This problem worsens if the blockchain has a long block period, like the 15-second duration in public Ethereum blockchains. In such cases, an attacker could steal the password and send a similar transaction with a higher gas price to confirm it faster than the waiting transactions.

Moreover, the implementation of ZKP in Ahmad et al.’s work leans on an external server/database that falls outside the trusted setup in the blockchain. The server can become the target for DoS attacks, reducing the reliability of the ZKP process. The dependency on external systems for critical functions like ZKP verification may introduce vulnerabilities and potential points of failure, detracting from the overall security and reliability of the system.

The works in [30], [56] demonstrate more robust MFA process mechanisms. Nevertheless, some notable dependencies and potential single points of failure in these systems could affect their resilience and security stance. In the case of [56], the authentication process significantly depends on the availability of the platform server and certificate authorities situated outside of the blockchain’s distributed framework. This dependency could potentially introduce risks associated with server downtimes or compromises and the trustworthiness and security of external certificate authorities.

Similarly, the system depicted in [30] has a notable dependency where a single server manages the intra-domain authentication. This arrangement could create a single point of failure. In scenarios where the server faces downtimes or is compromised, the entire intra-domain authentication process could be disrupted, consequently affecting the security and functionality of the system.

D. Performance Evaluation

The performance evaluation of the proposed MFA system is carried out by measuring the time taken to complete the operations in the authentication flow. The testing process is divided into two phases to provide a clear analysis of the system’s performance during the operation of the MFA process. The performance evaluation excludes users’ time to access their email, focusing solely on the operations within the MFA flow. 1000 MFA requests were recorded to generate the results.

1) Phase 1. User Request for MFA

In the first phase, the focus is on measuring the time interval from when a user initiates a request for MFA to the DAM to the point where the OTP is generated and dispatched via email. This phase encapsulates the system’s performance metrics in processing the MFA request and generating the OTP, which is crucial for a prompt user authentication experience. The results of the tests for each iteration are shown in Fig. 10.

FIGURE 10.

Execution times during phase 1 over 1000 iterations.

Show All

2) Phase 2. ZKP of the OTP

The second phase starts once the user receives the encrypted OTP via email. It encapsulates when a user starts proving the knowledge of the OTP using ZKP to the point where an Authentication token is generated and mapped to the address of the user. The results of the tests for each iteration are shown in Fig. 11.

FIGURE 11.

Execution times during phase 2 over 1000 iterations.

Show All

3) Comparative Results

The accumulated values of the execution times are shown in Fig. 12, where the mean and standard deviation for both phases are presented. It is clear from the data that phase 2 takes longer to complete compared to phase 1. Additionally, the standard deviation values for phase 2 show a higher variation in execution times during this phase.

FIGURE 12.

Accumulated execution times per phase: Mean and standard deviation.

Show All

The longer and more variable execution times in phase 2 can be attributed to the two blockchain transactions carried out in sequence during this phase - one for ZKP verification and another for Authentication token Creation. Given the configured block period of 2 seconds on the blockchain, each transaction can take up to 2 seconds to be completed. The time taken for these transactions may vary slightly depending on the exact timing within the block period. Since these operations are carried out one after the other, their times add together, leading to a greater variation in total execution time for phase 2.

On the other hand, phase 1 involves only a single blockchain transaction, which does not have a subsequent dependent step. This transaction is executed without waiting for confirmation as the subsequent steps (user manually opening their email to retrieve the encrypted OTP) occur outside this flow. Therefore, phase 1 exhibits a shorter and more consistent execution time as the blockchain transaction execution times do not affect the flow, reflected in the lower standard deviation value.

The overall time taken to complete the MFA process in this study is obtained by adding the mean values of execution times from both phases, resulting in an approximate total of 3.2 seconds. A comparative table is presented in Table 7 to illustrate the performance of our proposed work. This table presents the time it takes to complete an MFA process considering blockchain-based approaches. The comparison includes the works presented in [23], [27], [30], as discussed in Section II.

TABLE 7 Comparison of MFA Completion Times

The time taken to complete the authentication process in [23] is 15 seconds. The authors attribute this to implementing MFA using a PoW consensus approach for the blockchain used in their proof of concept. In [27], the performance results for a private blockchain show a total of 10.98 seconds for the execution time of all the steps required for the MFA approach. Lastly, [30] reports that the overall performance of operations, including cross-domain authentication and mutual verification, adds up to 4.02 seconds. This performance analysis shows that our study reduces the time required for a privacy-focused MFA approach.

The results presented in Table 7 demonstrate the efficiency of blockchain-based MFA in achieving acceptable processing times, suggesting its promising application in practical scenarios. It is important to note that the time disclosed in this work could increase when considering the manual steps taken by the users to check their email and input the decrypted OTP. Nonetheless, according to [58], the average time recorded for successful real-world MFA attempts is about 19.75 seconds, with authentication times extending to 75 seconds and going as low as 6 seconds. This range highlights the efficiency of the proposed research in achieving acceptable MFA processing times. The comparison is presented in Fig. 13.

FIGURE 13.

Comparative analysis of the MFA process completion time.

Show All

Adding to the analysis of execution times are transaction costs, which correlate with the amount of gas utilized for each transaction within the MFA process. Table 8 details three critical transactions: the OTP mapping, the ZKP verification, and the Authentication token mint, which encompasses creation and transfer. It is clear from the table that the transaction associated with the NFT incurs the highest cost, primarily due to the combined actions of creation and transfer within a single transaction. Furthermore, the metadata suggests that the gas amount could vary. For the ZKP transaction, the gas cost is lower since it only triggers an event with the verification result; the actual verification operation is not written to the blockchain. The OTP mapping transaction’s gas reflects the storage of the OTP hash and the public address of the user, balancing cost with the necessity of securely associating OTPs with user identities.

TABLE 8 Gas Costs for Operations