3D-Auth Turns 3D-Printed Personalized Objects Into Lockable Two-Factor Authentication Dongles
Printed in a combination of conductive and non-conductive PLA, the objects need to be "unlocked" then pressed against a touchscreen device.
A team from TU Darmstadt and Keio University Japan have developed a neat twist on the concept of two-factor authentication, using 3D-printed objects personalized to their owners.
Two-factor authentication (2FA) is commonly used alongside usernames and passwords to increase security: After submitting initial login credentials, which are categorised as "something you know," the user is asked for "something you have" to further prove their identity β typically a dedicated hardware dongle or an app running on a smartphone. If the user's login details are compromised, an attacker shouldn't be able to log in without that second authentication factor.
"Two-factor authentication is a widely recommended security mechanism and already offered for different services. However, known methods and physical realizations exhibit considerable usability and customization issues," the researchers claim in the paper's abstract. "In this paper, we propose 3D-Auth, a new concept of two-factor authentication.
"3D-Auth is based on customizable 3D-printed items that combine two authentication factors in one object. The object bottom contains a uniform grid of conductive dots that are connected to a unique embedded structure inside the item. Based on the interaction with the item, different dots turn into touch-points and form an authentication pattern. This pattern can be recognised by a capacitive touchscreen."
In a 3D-Auth implementation, the user logs in as normal and is then asked for their personalized 3D-printed object. The object is turned so that the dot pattern is facing downwards, then pressed against the touchscreen of the device β triggering recognition of the unique pattern and confirmation of the owner's authorization.
Each 3D-Auth object is printed from two materials: One is conductive, for recognition by the touchscreen; the other is insulative. In the case of the prototype objects these were Proto-Pasta conductive PLA and standard PLA respectively, printed on a Prusa MK3 with MMU 2.0. The team printed three five different prototype variants, including a "combination lock" featuring three movable layers which would arrange the conductive elements into the required pattern only when correctly rotated and a "water tank" which would authenticate only when the correct amount of water was added.
"Through a user study with 25 participants," the researchers conclude, "we demonstrated the usability and memorability of the 3D-Auth items. As a next step, more sophisticated items that combine several interactions should be designed and investigated in terms of usability and security."
The team's paper is available under open-access terms from co-author Martin Schmitz's website.