Multi-Factor Password-Authenticated Key Exchange
Abstract
We consider a new form of authenticated key exchange which we call multi-factor password-authenticated key exchange, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a long-term password and a one-time response, allowing the client and server to be mutually assured of each other’s identity without directly disclosing private information to the other party.
Multi-factor authentication can provide an enhanced level of assurance in higher-security scenarios such as online banking, virtual private network access, and physical access because a multi-factor protocol is designed to remain secure even if all but one of the factors has been compromised.
We introduce a security model for multi-factor password-authenticated key exchange protocols, propose an efficient and secure protocol called MFPAK, and provide a security argument to show that our protocol is secure in this model. Our security model is an extension of the Bellare-Pointcheval-Rogaway security model for password-authenticated key exchange and accommodates an arbitrary number of symmetric and asymmetric authentication factors.
Keywords: multi-factor authentication, passwords, key exchange, cryptographic protocols
Reference
Douglas Stebila, Poornaprajna Udupi, and Sheueling Chang. Multi-factor password-authenticated key exchange. In Australasian Information Security Conference (ACSW-AISC) 2010, CRPIT, volume 105, pages 56--66. January, 2010. © Australian Computer SocietyDownload
- Publisher’s website: http://crpit.com/Vol105.html
- Author’s website: PDF (full version), BibTeX
- Eprint: http://eprint.iacr.org/2008/214
Presentations
- 2010/01/20: “Multi-factor password-authenticated key exchange.” Presented at the Australasian Information Security Conference 2010. (PDF slides)
