Abstract
A great deal of authenticated key exchange (AKE) protocols have been proposed in recent years. Most of them were based on 1-factor authentication. In order to increase the security for AKE protocols, various authentication means can be used together. In fact, the existing multi-factor AKE protocols provide an authenticated key exchange only between a client and a server. This paper presents a new multi-factor AKE protocol in the three-party settings (3MFAKE), in which the authentication means combine a password, a secure device, and biometric authentications. We also prove the security of the protocol in the random oracle model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Pointcheval, D., Zimmer, S.: Multi-Factor Authenticated Key Exchange. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 277–295. Springer, Heidelberg (2008)
Bresson, E., Chevassut, O., Pointcheval, D.: Security proofs for an efficient password-based key exchange. In: Proc. of the 10th ACM Conference on Computer and Communicate Security, pp. 241–250 (2003)
Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404–421. Springer, Heidelberg (2005)
Abdalla, M., Bresson, E., Chevassut, O., Moller, B., Pointcheval, D.: Provably secure password-based authentication in TLS. In: Proc. 2006 ACM Symposium on Information, Computer and Communications Security, pp. 35–45. ACM Press, New York (2006)
Abdalla, M., Chevassut, O., Pointcheval, D.: One-time verifier-based encrypted key exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)
Bhargav-Spantzel, A., Squicciarini, A.C., Modi, S., Young, M., Bertino, E., Elliot, S.J.: Privacy preserving multi-factor authentication with biometrics. In: Juels, A. (ed.) Proceedings of ACM DIM 2006 Workshop, pp. 63–72. ACM Press, New York (2006)
Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Communications of the Association for Computing Machinery 21(12), 993–999 (1978)
Abdalla, M., Fouque, P., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Sun, H.M., Chen, B.C., Hwang, T.: Secure key agreement protocols for three-party against guessing attacks. The Journal of Systems and Software 75, 63–68 (2005)
Choo, K.K.R., Boyd, C., Hitchcock, Y.: The importance of proofs of security for key establishment protocols: formal analysis of Jan-Chen, Yang-Shen-Shieh, Kim-Huh-Hwang-Lee, Lin-Sun-Hwang, and Yeh-Sun protocols. Computer Communications 29(15), 2788–2797 (2006)
Lu, R., Cao, Z.: Simple three-party key exchange protocol. Computers and Security 26, 94–97 (2007)
Nam, J., Lee, Y., Kim, S., Won, D.: Security weakness in a three-party pairing-based protocol for password authenticated key exchange. Information Sciences 177(6), 1364–1375 (2007)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bellare, M., Rogaway, P.: Provably secure session key distribution-the three party case. In: Proc. of the 28th Annual ACM Symposium on Theory of Computing, pp. 57–66 (1996)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, Y., Wei, F., Ma, C. (2011). Multi-Factor Authenticated Key Exchange Protocol in the Three-Party Setting. In: Lai, X., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2010. Lecture Notes in Computer Science, vol 6584. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21518-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-21518-6_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21517-9
Online ISBN: 978-3-642-21518-6
eBook Packages: Computer ScienceComputer Science (R0)