International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Multi-Factor Password-Authenticated Key Exchange

Authors:
Douglas Stebila
Poornaprajna Udupi
Sheueling Chang
Download:
URL: http://eprint.iacr.org/2008/214
Search ePrint
Search Google
Abstract: We consider a new form of authenticated key exchange which we call multi-factor password-authenticated key exchange, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a long-term password and a one-time response, allowing the client and server to be mutually assured of each other's identity without directly disclosing private information to the other party. Multi-factor authentication can provide an enhanced level of assurance in higher security scenarios such as online banking, virtual private network access, and physical access because a multi-factor protocol is designed to remain secure even if all but one of the factors has been compromised. We introduce the first formal security model for multi-factor password-authenticated key exchange protocols, propose an efficient and secure protocol called MFPAK, and provide a formal argument to show that our protocol is secure in this model. Our security model is an extension of the Bellare-Pointcheval-Rogaway security model for password-authenticated key exchange and the formal analysis proceeds in the random oracle model.
BibTeX
@misc{eprint-2008-17891,
  title={Multi-Factor Password-Authenticated Key Exchange},
  booktitle={IACR Eprint archive},
  keywords={cryptographic protocols /},
  url={http://eprint.iacr.org/2008/214},
  note={ douglas@stebila.ca 14013 received 13 May 2008},
  author={Douglas Stebila and Poornaprajna Udupi and Sheueling Chang},
  year=2008
}