Coercion resistance in authentication responsibility shifting

Abstract

To meet the demand of scalability and usability, many real-world authentication systems have adopted the idea of responsibility shifting, explicitly or implicitly, where a user's responsibility of authentication is shifted to another entity, usually in case of failure of the primary authentication method. One example of responsibility shifting is in the fourth-factor authentication [1] whereby a user gets the crucial authentication assistance from a helper who takes over the responsibility. In the fourth-factor authentication system [1], subverting/coercing the helper (trustee) allows the adversary to log in without capturing the password of the user.