Paper 2008/214
Multi-Factor Password-Authenticated Key Exchange
Douglas Stebila, Poornaprajna Udupi, and Sheueling Chang
Abstract
We consider a new form of authenticated key exchange which we call multi-factor password-authenticated key exchange, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a long-term password and a one-time response, allowing the client and server to be mutually assured of each other's identity without directly disclosing private information to the other party. Multi-factor authentication can provide an enhanced level of assurance in higher security scenarios such as online banking, virtual private network access, and physical access because a multi-factor protocol is designed to remain secure even if all but one of the factors has been compromised. We introduce the first formal security model for multi-factor password-authenticated key exchange protocols, propose an efficient and secure protocol called MFPAK, and provide a formal argument to show that our protocol is secure in this model. Our security model is an extension of the Bellare-Pointcheval-Rogaway security model for password-authenticated key exchange and the formal analysis proceeds in the random oracle model.
Note: Full version.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Australian Information Security Conference (AISC) 2010. CRPIT volume 105, pages 56--66. Australian Computer Society.
- Contact author(s)
- douglas @ stebila ca
- History
- 2010-08-25: revised
- 2008-05-23: received
- See all versions
- Short URL
- https://ia.cr/2008/214
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2008/214,
author = {Douglas Stebila and Poornaprajna Udupi and Sheueling Chang},
title = {Multi-Factor Password-Authenticated Key Exchange},
howpublished = {Cryptology {ePrint} Archive, Paper 2008/214},
year = {2008},
url = {https://eprint.iacr.org/2008/214}
}
