{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T12:18:47Z","timestamp":1761740327949,"version":"build-2065373602"},"reference-count":45,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T00:00:00Z","timestamp":1761523200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Castle Shield Holdings, LLC."}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Secure authentication in smart device ecosystems remains a critical challenge, particularly due to the irrevocability of compromised biometric templates in server-based systems. This paper presents a post-quantum secure multi-factor authentication protocol that combines templateless 2D and 3D facial biometrics, liveness detection, and Physical Unclonable Functions (PUFs) to achieve robust identity assurance. The protocol exhibits zero-knowledge properties, preventing adversaries from identifying whether authentication failure is due to the biometric, password, PUF, or liveness factor. The proposed protocol utilizes advanced facial landmark detection via dlib or mediapipe, capturing multi-angle facial data and mapping it. By applying a double-masking technique and measuring distances between randomized points, stabilized facial landmarks are selected through multiple images captured during enrollment to ensure template stability. The protocol creates high-entropy cryptographic keys, securely erasing all raw biometric data and sensitive keys immediately after processing. All key cryptographic operations and challenge-response exchanges employ post-quantum algorithms, providing resistance to both classical and quantum adversaries. To further enhance reliability, advanced error-correction methods mitigate noise in biometric and PUF responses, resulting in minimal FAR and FRR that meets industrial standards and resilience against spoofing. Our experimental results demonstrate this protocol\u2019s suitability for smart devices and IoT deployments requiring high-assurance, scalable, and quantum-resistant authentication.<\/jats:p>","DOI":"10.3390\/cryptography9040068","type":"journal-article","created":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T05:48:46Z","timestamp":1761716926000},"page":"68","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Enhancing Multi-Factor Authentication with Templateless 2D\/3D Biometrics and PUF Integration for Securing Smart Devices"],"prefix":"10.3390","volume":"9","author":[{"given":"Saloni","family":"Jain","sequence":"first","affiliation":[{"name":"School of Informatics, Computing and Cyber Systems, Northern Arizona University, Flagstaff, AZ 86001, USA"}]},{"given":"Amisha","family":"Bagri","sequence":"additional","affiliation":[{"name":"School of Informatics, Computing and Cyber Systems, Northern Arizona University, Flagstaff, AZ 86001, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0853-2877","authenticated-orcid":false,"given":"Maxime","family":"Cambou","sequence":"additional","affiliation":[{"name":"School of Computer Science and Advanced Technology, EPITA, 94270 Le Kremlin-Bic\u00eatre, France"}]},{"given":"Dina","family":"Ghanai Miandoab","sequence":"additional","affiliation":[{"name":"School of Informatics, Computing and Cyber Systems, Northern Arizona University, Flagstaff, AZ 86001, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9272-6527","authenticated-orcid":false,"given":"Bertrand","family":"Cambou","sequence":"additional","affiliation":[{"name":"School of Informatics, Computing and Cyber Systems, Northern Arizona University, Flagstaff, AZ 86001, USA"}]}],"member":"1968","published-online":{"date-parts":[[2025,10,27]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"Chen, S., Pande, A., and Mohapatra, P. (2014, January 16\u201319). Sensor-assisted facial recognition: An enhanced biometric authentication system for smartphones. Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services, Bretton Woods, NH, USA.","key":"ref_1","DOI":"10.1145\/2594368.2594373"},{"doi-asserted-by":"crossref","unstructured":"Dabbah, M., Woo, W., and Dlay, S. (2007, January 1\u20135). Secure authentication for face recognition. Proceedings of the 2007 IEEE Symposium on Computational Intelligence in Image and Signal Processing, Honolulu, HI, USA.","key":"ref_2","DOI":"10.1109\/CIISP.2007.369304"},{"doi-asserted-by":"crossref","unstructured":"Al-Assam, H., Sellahewa, H., and Jassim, S. (2010, January 8\u201311). On security of multi-factor biometric authentication. Proceedings of the 2010 International Conference for Internet Technology and Secured Transactions, London, UK.","key":"ref_3","DOI":"10.20533\/ijisr.2042.4639.2011.0002"},{"doi-asserted-by":"crossref","unstructured":"Banerjee, I., Mookherjee, S., Saha, S., Ganguli, S., Kundu, S., and Chakravarti, D. (2019, January 18\u201320). Advanced atm system using iris scanner. Proceedings of the 2019 International Conference on Opto-Electronics and Applied Optics (Optronix), Kolkata, India.","key":"ref_4","DOI":"10.1109\/OPTRONIX.2019.8862388"},{"unstructured":"Nath, D., Ray, S., and Ghosh, S.K. (2011, January 9\u201312). Fingerprint recognition system: Design & analysis. Proceedings of the International Conference on Scientific Paradigm Shift in Information Technology & Management, SPSITM, Kolkata, India.","key":"ref_5"},{"doi-asserted-by":"crossref","unstructured":"Ometov, A., Bezzateev, S., M\u00e4kitalo, N., Andreev, S., Mikkonen, T., and Koucheryavy, Y. (2018). Multi-factor authentication: A survey. Cryptography, 2.","key":"ref_6","DOI":"10.3390\/cryptography2010001"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"2023","DOI":"10.1007\/s00371-020-01960-z","article-title":"A framework for facial age progression and regression using exemplar face templates","volume":"37","author":"Elmahmudi","year":"2021","journal-title":"Vis. Comput."},{"key":"ref_8","first-page":"55","article-title":"Multi-factor authentication using a smart card and fingerprint (case study: Parking gate)","volume":"4","author":"Insan","year":"2019","journal-title":"Indones. J. Comput. Indo-JC"},{"unstructured":"Karimian, N., Guo, Z., Tehranipoor, F., Woodard, D., Tehranipoor, M., and Forte, D. (2018). Secure and reliable biometric access control for resource-constrained systems and IoT. arXiv.","key":"ref_9"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1109\/MSP.2015.2434151","article-title":"Cancelable biometrics: A review","volume":"32","author":"Patel","year":"2015","journal-title":"IEEE Signal Process. Mag."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"5413","DOI":"10.1109\/TIFS.2021.3128826","article-title":"A complete user authentication and key agreement scheme using cancelable biometrics and PUF in multi-server environment","volume":"16","author":"Zhang","year":"2021","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"doi-asserted-by":"crossref","unstructured":"Mansour, A., Sadik, M., and Sabir, E. (2015, January 17\u201320). Multi-factor authentication based on multimodal biometrics (MFA-MB) for Cloud Computing. Proceedings of the 2015 IEEE\/ACS 12th International Conference of Computer Systems and Applications (AICCSA), Marrakech, Morocco.","key":"ref_12","DOI":"10.1109\/AICCSA.2015.7507257"},{"unstructured":"Lipps, C., Herbst, J., and Schotten, H.D. (2021, January 25\u201326). How to Dance Your Passwords: A Biometric MFA-Scheme for Identification and Authentication of Individuals in IIoT Environments. Proceedings of the ICCWS 2021 16th International Conference on Cyber Warfare and Security, Cookeville, TN, USA.","key":"ref_13"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"525","DOI":"10.3233\/AIC-220247","article-title":"Multimodal biometric authentication: A review","volume":"37","author":"Pahuja","year":"2024","journal-title":"AI Commun."},{"doi-asserted-by":"crossref","unstructured":"Pramana, M.D., Lestyea, A., and Amiruddin, A. (2020, January 19\u201320). Development of a Secure Access Control System Based on Two-Factor Authentication Using Face Recognition and OTP SMS-Token. Proceedings of the 2020 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS), Jakarta, Indonesia.","key":"ref_15","DOI":"10.1109\/ICIMCIS51567.2020.9354328"},{"doi-asserted-by":"crossref","unstructured":"Ibrokhimov, S., Hui, K.L., Al-Absi, A.A., and Sain, M. (2019, January 17\u201320). Multi-factor authentication in cyber physical system: A state of art survey. Proceedings of the 2019 21st international conference on advanced communication technology (ICACT), PyeongChang, Republic of Korea.","key":"ref_16","DOI":"10.23919\/ICACT.2019.8701960"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"374","DOI":"10.1109\/TBIOM.2024.3391759","article-title":"Template inversion attack using synthetic face images against real face recognition systems","volume":"6","author":"Shahreza","year":"2024","journal-title":"IEEE Trans. Biom. Behav. Identity Sci."},{"doi-asserted-by":"crossref","unstructured":"Cambou, B., Philabaum, C., Hoffstein, J., and Herlihy, M. (2023). Methods to encrypt and authenticate digital files in distributed networks and zero-trust environments. Axioms, 12.","key":"ref_18","DOI":"10.3390\/axioms12060531"},{"unstructured":"Dkhil, M.B., Wali, A., and Alimi, A.M. (2018). Towards a new system for drowsiness detection based on eye blinking and head posture estimation. arXiv.","key":"ref_19"},{"doi-asserted-by":"crossref","unstructured":"Ghanai Miandoab, D., Garrett, M.L., Alam, M., Jain, S., Assiri, S., and Cambou, B. (2025). Secure Cryptographic Key Encapsulation and Recovery Scheme in Noisy Network Conditions. Appl. Sci., 15.","key":"ref_20","DOI":"10.3390\/app15052732"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"41435","DOI":"10.1007\/s11042-023-14770-x","article-title":"68 landmarks are efficient for 3D face alignment: What about more? 3D face alignment method applied to face recognition","volume":"82","author":"Jabberi","year":"2023","journal-title":"Multimed. Tools Appl."},{"key":"ref_22","first-page":"561","article-title":"A comprehensive study on multifactor authentication schemes","volume":"Volume 2","author":"Abhishek","year":"2013","journal-title":"Proceedings of the Advances in Computing and Information Technology: Proceedings of the Second International Conference on Advances in Computing and Information Technology (ACITY)"},{"doi-asserted-by":"crossref","unstructured":"Suleski, T., Ahmed, M., Yang, W., and Wang, E. (2023). A review of multi-factor authentication in the Internet of Healthcare Things. Digit. Health, 9.","key":"ref_23","DOI":"10.1177\/20552076231177144"},{"doi-asserted-by":"crossref","unstructured":"Otta, S.P., Panda, S., Gupta, M., and Hota, C. (2023). A systematic survey of multi-factor authentication for cloud infrastructure. Future Internet, 15.","key":"ref_24","DOI":"10.3390\/fi15040146"},{"doi-asserted-by":"crossref","unstructured":"Carrillo-Torres, D., P\u00e9rez-D\u00edaz, J.A., Cantoral-Ceballos, J.A., and Vargas-Rosales, C. (2023). A novel multi-factor authentication algorithm based on image recognition and user established relations. Appl. Sci., 13.","key":"ref_25","DOI":"10.3390\/app13031374"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1109\/MNET.2019.1800240","article-title":"Challenges of multi-factor authentication for securing advanced IoT applications","volume":"33","author":"Ometov","year":"2019","journal-title":"IEEE Netw."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"51","DOI":"10.22215\/timreview\/716","article-title":"Multifactor authentication: Its time has come","volume":"3","author":"Reno","year":"2013","journal-title":"Technol. Innov. Manag. Rev."},{"doi-asserted-by":"crossref","unstructured":"Jain, S., Korenda, A.R., Cambou, B., and Lucero, C. (2024, January 2\u20134). Secure Content Protection Schemes for Industrial IoT with SRAM PUF-Based One-Time Use Cryptographic Keys. Proceedings of the Science and Information Conference, London, UK.","key":"ref_28","DOI":"10.1007\/978-3-031-62277-9_31"},{"doi-asserted-by":"crossref","unstructured":"Urien, P. (2024, January 19\u201322). Revisiting Multi-Factor Authentication Token Cybersecurity: A TLS Identity Module Use Case. Proceedings of the 2024 International Conference on Computing, Networking and Communications (ICNC), Big Island, HI, USA.","key":"ref_29","DOI":"10.1109\/ICNC59896.2024.10556005"},{"doi-asserted-by":"crossref","unstructured":"Gupta, C., and Varshney, G. Securing Web Access: PUF-Driven Two-Factor Authentication for Enhanced Protection. Proceedings of the International Conference on Computer Safety, Reliability, and Security, Florence, Italy, 17\u201320 September 2024.","key":"ref_30","DOI":"10.1007\/978-3-031-68738-9_6"},{"doi-asserted-by":"crossref","unstructured":"Jain, S., Korenda, A.R., Bagri, A., Cambou, B., and Lucero, C.D. (2024, January 14\u201315). Strengthening industrial IoT security with integrated puf token. Proceedings of the Future Technologies Conference, London, UK.","key":"ref_31","DOI":"10.1007\/978-3-031-73128-0_8"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"226","DOI":"10.1007\/978-3-031-73128-0_15","article-title":"A Novel Approach to Optimize Response-Based Cryptography for Secure","volume":"Volume 1157","author":"Jain","year":"2024","journal-title":"Proceedings of the Future Technologies Conference (FTC) 2024, Volume 4"},{"unstructured":"Jain, S. (2024). Secure and Reliable Zero-Knowledge Proof Cryptographic Systems for Real-World Applications. [Ph.D. Thesis, Northern Arizona University].","key":"ref_33"},{"key":"ref_34","first-page":"1","article-title":"CRYSTALS-Kyber algorithm specifications and supporting documentation","volume":"2","author":"Avanzi","year":"2019","journal-title":"NIST PQC Round"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"238","DOI":"10.46586\/tches.v2018.i1.238-268","article-title":"Crystals-dilithium: A lattice-based digital signature scheme","volume":"2018","author":"Ducas","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"doi-asserted-by":"crossref","unstructured":"Datcu, O., Macovei, C., and Hobincu, R. (2020). Chaos based cryptographic pseudo-random number generator template with dynamic state change. Appl. Sci., 10.","key":"ref_36","DOI":"10.3390\/app10020451"},{"doi-asserted-by":"crossref","unstructured":"Zhang, K., Yang, M., Yuan, Z., Zhang, Y., and Liu, W. (2025). Optimized Quantum-Resistant Cryptosystem: Integrating Kyber-KEM with Hardware TRNG on Zynq Platform. Electronics, 14.","key":"ref_37","DOI":"10.3390\/electronics14132591"},{"key":"ref_38","first-page":"46","article-title":"FEI face database","volume":"11","author":"Thomaz","year":"2012","journal-title":"FEI Face Database Available"},{"unstructured":"Ganmati, A., Afdel, K., and Koutti, L. (2025). Deep Learning-Based Multi-Factor Authentication: A Survey of Biometric and Smart Card Integration Approaches. arXiv.","key":"ref_39"},{"unstructured":"Ballard, L., Kamara, S., and Reiter, M.K. (August, January 28). The Practical Subtleties of Biometric Key Generation. Proceedings of the USENIX Security Symposium, San Jose, CA, USA.","key":"ref_40"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"23625","DOI":"10.1007\/s11042-020-10246-4","article-title":"Security of facial biometric authentication for attendance system","volume":"80","author":"Wati","year":"2021","journal-title":"Multimed. Tools Appl."},{"doi-asserted-by":"crossref","unstructured":"Chen, B., and Chandran, V. (2007, January 3\u20135). Biometric based cryptographic key generation from faces. Proceedings of the 9th Biennial Conference of the Australian Pattern Recognition Society on Digital Image Computing Techniques and Applications (DICTA 2007), Glenelg, SA, Australia.","key":"ref_42","DOI":"10.1109\/DICTA.2007.4426824"},{"doi-asserted-by":"crossref","unstructured":"Rathgeb, C., Merkle, J., Scholz, J., Tams, B., and Nesterowicz, V. (2022). Deep face fuzzy vault: Implementation and performance. Comput. Secur., 113.","key":"ref_43","DOI":"10.1016\/j.cose.2021.102539"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"23196","DOI":"10.1109\/JIOT.2024.3374229","article-title":"Enhanced biometric template protection schemes for securing face recognition in IoT environment","volume":"11","author":"Sardar","year":"2024","journal-title":"IEEE Internet Things J."},{"unstructured":"Boddeti, V.N. (2018, January 22\u201325). Secure face matching using fully homomorphic encryption. Proceedings of the 2018 IEEE 9th International Conference on Biometrics Theory, Applications and Systems (BTAS), Redondo Beach, CA, USA.","key":"ref_45"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/4\/68\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T06:33:42Z","timestamp":1761719622000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/4\/68"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,27]]},"references-count":45,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["cryptography9040068"],"URL":"https:\/\/doi.org\/10.3390\/cryptography9040068","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2025,10,27]]}}}