OneTouch: Effortless 2FA Scheme to Secure Fingerprint Authentication with Wearable OTP Token

The security of fingerprint authentication is increasingly at risk from various attacks. Two-factor authentication (2FA) is a widely adopted approach to mitigate unauthorized access caused by compromised credentials. However, existing 2FA methods are not well-suited for direct use with fingerprint authentication devices, as they often require distinct and additional user interactions that disrupt established user habits, or they depend on specialized I/O interfaces that are not available on these devices. In this paper, we propose a novel 2FA scheme termed OneTouch, which maintains the simplicity of conventional fingerprint authentication - merely touching the scanner with a finger - while integrating a secondary challenge-response OTP (One-Time Password) authentication scheme using a wearable OTP token. This is accomplished by transforming the fingerprint scanner from a device designed for imaging fingerprints to an I/O device capable of capturing temporal voltage variations of the contact object. Consequently, OneTouch is capable of establishing touch-based communication channels between the scanner and the wearable token for OTP protocol exchange. By directly wiring the OTP token to the authentication device through human body, OneTouch minimizes the risk of interception by adversaries, thereby reducing the attack surface. We provide an extensive discussion of the security risks and evaluate the effectiveness of the touch-based channel for OTP credential exchange.