| With the development of network, the Internet frauds like the phishing attract more and more attention in the community. Multi factor-based authenticated key exchange (multi-factor AKE) protocols enable two or more parties holding various authentication factors to agree on a session key over a public network in secure and authenticated manner, so it can resist the phishing and achieve the end to end secure communication. Therefore, how to design multi-factor AKE protocols and prove their security is the hot spot in the field of AKE research, which not only is a work of great realistic significance, but also has wide application prospects. We mainly design novel and secure multi-factor AKE protocols, which are competitive with the existing protocols in terms of security and efficiency. The achievements in the paper are as follows:Firstly, we consider key exchange between client and server. We propose a novel two party two-factor AKE protocol based on one-time passwords and a smart card, and we also give a formal proof for security of the protocol in the ideal model. When both the password and the secret key are leaked, our protocol is still secure. Furthermore, the novel protocol enhance two security functions as follows: (1) When the information of the one-time passwords card is leaked, the security of our protocol is equal to two-factor protocols; (2) When the smart card is lost, and at the same time the adversary gets one password, our protocol is still secure in the next communication.Secondly, we present a new two-factor AKE protocol using RSA based on the study of the existing two-factor AKE protocols, which can be resistant to e-residue attack, replacement attack and phishing attack, and we also give a formal proof for security of the protocol in the ideal model. The novel protocol overcomes the lack of storing large of passwords by two parties, so it reduces the burden on the server. In the end of one session, the communicating parties produce a new password simultaneity which will be used in the next session. Because our protocol is based on RSA, the RSA public/private keys are selected by clients rather than distributed by a certificate authentication center so that the process of the on-line authentication is no longer needed. The efficient is improved.Finally, it is worthwhile to consider how to establish a secure channel between two clients with the help of a trust server. At present, the multi-factor AKE protocols only work between a server and a client. We design a new multi-factor AKE protocol in the three-party settings, in which the authentication factors combines a password, a secure device, and biometric authentications. The protocol can not only resist the insider attack and the phishing attack, but also makes the different types of authentication factors to achieve their own security goal independently. It means that even if two authentication factors are corrupted, the new session key still remain semantic secure. In our scheme, the security is stronger than other protcols in the three-party settings. Furthermore, we prove the semantic security and key privacy in the random oracle model. |
PDF Full Text Request