EFFICIENT MULTI-FACTOR AUTHENTICATED KEYEXCHANGE SCHEME FOR MOBILE COMMUNICATIONS

 

ABSTRACT

Authenticated key exchange (AKE) is one of the most important applications in applied cryptography, where a user interactswith a server to set up a session key where pre-registered information (aka. authentication factor), such as a password or biometrics, ofthe user is stored. While single-factor AKE is widely used in practice, higher security concerns call for multi-factor AKE (MFAKE)schemes, e.g. combining both passwords and biometrics simultaneously. However, in some casually designed schemes, security iseven weakened in the sense that leakage of one authentication factor will defeat the whole MFAKE protocol. Furthermore, an inevitableby-product arise that the usability of the protocol often drop greatly. To summarize, the existing multi-factor protocols did not provideenough security and efficiency simultaneously. In this paper, we make one step ahead by proposing a very efficient MFAKE protocol.We define the security model and give the according security analysis. We also implement our protocol on a smartphone and a cloudserver. The theoretic comparisons and the experimental results show that our scheme achieves both security and usability.

EXISTING SYSTEM:

Single-factor authenticated key exchange dominated the re-search of authenticated key exchange (AKE) protocols for along time. A different factors, password was preferred.Bellovin and Merritt presented the first password-only authenticatedkey exchange protocol, aka. encrypted keyexchange (EKE), in which the client shares a plaintext passwordwith the server, and exchanges encrypted informationto derive a shared session key. And this work has beenstudied extensively.The limited human memory and the increasing attacker a-bility have made PAKEs less secure than expected, therefore,the protocol designers chose to add other authenticationfactors to improve security.

PROPOSED SYSTEM:

the main contribution of this paper is to propose a multi-factor authenticated key exchange scheme that solves allabove-mentioned issues for the first time.We give a formal security model, which is built onprevious work. The proposed scheme is provably secureunder the Decisional Diffie-Hellman (DDH) assumptionin this model. Compared with the existing schemes, theproposed scheme achieves good balances between efficiencyand security.We consider practical applications, and suggest to selectseveral authentication factors, such as passwords, biometrics(e.g. fingerprint) and hardware with reasonable securestorage and computation ability (e.g. smartphone). Toremark, modern smartphones are usually equipped withmulti-core CPUs, many sensors, and high-speed networkconnection. E.g., a smartphone of about 150 USD can providequite impressive performance on computation, communicationand even fingerprint identification functionality.Hence it is reasonable to assume that a user with onesmartphone at hand, based on which the proposed schemewill provide high usability.We also implement the proposed scheme on a widelyavailablesmartphone. The results are quite encouraging,which imply that the scheme is highly efficient and rightsuitable for real-world applications.

CONCLUSION

In this paper, we presented a security model for multi-factorauthenticated key exchange protocols that allows a significantamount of information leakage for the adversary. Weformally proved the security and robustness of our schemein the model, in the sense that as long as one authenticationfactor remains unknown, the adversary cannot have anyinformation regarding the agreed session key, and cannotimpersonate a client or a server. We also implemented thescheme with practical parameters on a smartphone, and theresults have showed that our scheme is highly efficient.

REFERENCES

[1] M. Slain, “Announcing Our Worst Passwords of 2015,”https://www.teamsid.com/worst-passwords-2015/, 2015.

[2] [Online]. Available: https://pages.nist.gov/800-63-3/sp800-63b.html#out-of-band

[3] S. Bellovin and M. Merritt, “Encrypted Key Exchange: PasswordBasedProtocols Secure Against Dictionary Attacks,” in IEEE S&P,1992, pp. 72–44.

[4] O. Goldreich and Y. Lindell, “Session-key generation using humanpasswords only,” in CRYPTO, 2001, pp. 408–432.

[5] S. M. Bellovin and M. Merritt, “Augmented Encrypted Key Exchange:A PasswordBased Protocol Secure Against DictionaryAttacks and Password File Compromise,” in ACM CCS, 1993, pp.244–250.

[6] V. Boyko, P. MacKenzie, and S. Patel, “Provably Secure PasswordAuthenticatedKey Exchange Using Diffie-Hellman,” in EUROCRYPT,2000, pp. 156–171.

[7] M. Bellare, D. Piontcheval, and P. Rogaway, “Authenticated KeyExchange Secure Against Dictionary Attacks,” in EUROCRYPT,ser. Lecture Notes in Computer Science, vol. 1087, 2000, pp. 139–155.

[8] R. Gennaro and Y. Lindell, “A Framework for Password-basedAuthenticated Key Exchange,” ACM Transactions on Informationand System Security, vol. 2, no. 9, pp. 181–234, 2006.

[9] A. Groce and J. Katz, “A New Framework for Efficient PasswordBasedAuthenticated Key Exchange,” in ACM CCS, 2010, pp. 516–525.

[10] Y. M. Park and S. K. Park, “Two Factor Authenticated Key Exchange(TAKE) Protocol in Public Wireless LANs,” in IEICE Transon Communications, vol. E87-B, no. 5, 2004, pp. 1382–1385.