Franco, ClaudiaArjona, RosarioBaturone Castillo, María Iluminada2025-11-122025-11-122025-08-10Franco, C., Arjona, R. y Baturone Castillo, M.I. (2025). A Cloud-Based Multifactor Authentication Scheme Using Post-Quantum Cryptography and Trusted Execution Environments. En F. Skopik, V. Naessens, B.d. Sutter (Ed.), Lecture Notes in Computer Science (pp. 217-234). Springer Nature.978-3-032-00641-7978-3-032-00642-40302-97431611-3349https://hdl.handle.net/11441/178897Since online transactions increase every day (banking, health services, etc.), authenticating the users in the cloud with a high level of assurance is a big concern. We propose a multifactor authentication scheme using post-quantum cryptography and trusted execution environments (TEEs). Three authentication factors are considered: what the user has (a device storing a secret), what the user knows (a password) and who the user is (with face biometrics). CRYSTALS-Kyber post-quantum public-key encryption is executed in an enclave of a TEE to encrypt a combination of the three factors mentioned. Instead of using the closed TEE solutions available in some personal devices, we propose an open solution that implements each personal enclave (linked to each personal device) in a biometric server. Instead of using a local authentication to unlock a personal device, we propose the use of another server (an authentication server), with another enclave, to authenticate each user in the cloud. The sensitive information concerning biometrics is always protected in a post-quantum manner, not only because it is obtained and encrypted inside an enclave on a biometric server but also because it is communicated, stored, and processed at the authentication server without being decrypted, thanks to the homomorphic property of Kyber. Our proposal is scalable for many users and secure against malicious adversaries. Experimental results using Intel SGX1 enclaves disabling hyper-threading and a facial recognition system show that the time to perform the crypto-biometric operations (excluding the feature extraction) is 1.55 ms and the accuracy considering only the biometric factor is 99.2% with an EER of 1.18%, which are competitive results compared to the state-of-the-art.application/pdf19 p.engMultifactor authenticationHomomorphic encryptionPost-quantum cryptographyTrusted execution environments (TEEs)Biometricsinfo:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/embargoedAccesshttps://doi.org/10.1007/978-3-032-00642-4_13