A Provably-Secure Two-Factor Authenticated Key Exchange Protocol with Stronger Anonymity

  • Xiaoyan Yang
  • Han JiangEmail author
  • Mengbo Hou
  • Zhihua Zheng
  • Qiuliang Xu
  • Kim-Kwang Raymond Choo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11058)


Authentication is an effective mechanism for determining whether a user is unauthorized to access to the device and/or online account. In addition, users may also be concerned about preserving their online privacy (e.g. identity, and individual preferences). Conventional anonymous two-factor authenticated key exchange (AKE) protocols only guarantee user anonymity against an external adversary, although user identity may be easily learned by a malicious insider (e.g. server), and the latter may also trace the user’s activities and analyze the user’s individual preferences for illicit financial gains. To address this problem, we propose a novel anonymous two-factor AKE protocol, which achieves stronger anonymity in the sense that no useful information about the user’s identity is revealed to either an adversary or the server. We then give a formal security proof of the protocol in the random oracle model.


Anonymous authentication Authenticated key exchange Two-factor authentication 


  1. 1.
    Lindell, Y.: Anonymous authentication. J. Priv. Confidentiality 2, 4 (2007)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). Scholar
  3. 3.
    Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997). Scholar
  4. 4.
    Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). Scholar
  5. 5.
    LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007). Scholar
  6. 6.
    Choo, K.-K.R.: Secure key establishment. Springer Science & Business Media, Boston (2008). Scholar
  7. 7.
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 72–84. IEEE (1992)Google Scholar
  8. 8.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). Scholar
  9. 9.
    Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). Scholar
  10. 10.
    Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). Scholar
  11. 11.
    Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 293–310. Springer, Heidelberg (2011). Scholar
  12. 12.
    Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013). Scholar
  13. 13.
    Yang, W.-H., Shieh, S.-P.: Password authentication schemes with smart cards. Comput. Secur. 18, 727–733 (1999)CrossRefGoogle Scholar
  14. 14.
    Juang, W.-S.: Efficient password authenticated key agreement using smart cards. Comput. Secur. 23, 167–173 (2004)CrossRefGoogle Scholar
  15. 15.
    Yang, G., Wong, D.S., Wang, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74, 1160–1172 (2008)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Wei, F., Zhang, R., Ma, C.: Two factor authenticated key exchange protocol for wireless sensor networks: formal model and secure construction. In: Sun, X., Liu, A., Chao, H.-C., Bertino, E. (eds.) ICCCS 2016. LNCS, vol. 10039, pp. 377–388. Springer, Cham (2016). Scholar
  17. 17.
    Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50, 629–631 (2004)CrossRefGoogle Scholar
  18. 18.
    Liu, C., Ma, C.-G.: An efficient and provable secure PAKE scheme with robust anonymity. In: Liu, B., Ma, M., Chang, J. (eds.) ICICA 2012. LNCS, vol. 7473, pp. 722–729. Springer, Heidelberg (2012). Scholar
  19. 19.
    Madhusudhan, R., Mittal, R.: Dynamic ID-based remote user password authentication schemes using smart cards: a review. J. Network Comput. Appl. 35, 1235–1248 (2012)CrossRefGoogle Scholar
  20. 20.
    Wang, D., He, D., Wang, P., Chu, C.-H.: Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12, 428–442 (2015)CrossRefGoogle Scholar
  21. 21.
    Xie, Q., Wong, D.S., Wang, G., Tan, X., Chen, K., Fang, L.: Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans. Inf. Forensics Secur. 12, 1382–1392 (2017)CrossRefGoogle Scholar
  22. 22.
    Viet, D.Q., Yamamura, A., Tanaka, H.: Anonymous password-based authenticated key exchange. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 244–257. Springer, Heidelberg (2005). Scholar
  23. 23.
    Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 448–457. Society for Industrial and Applied Mathematics, Washington, D.C. (2001)Google Scholar
  24. 24.
    Chien, H.-Y., Chen, C.-H.: A remote authentication scheme preserving user anonymity. In: 19th International Conference on Advanced Information Networking and Applications. AINA 2005, pp. 245–248. IEEE (2005)Google Scholar
  25. 25.
    Fan, C.-I., Chan, Y.-C., Zhang, Z.-K.: Robust remote authentication scheme with smart cards. Comput. Secur. 24, 619–628 (2005)CrossRefGoogle Scholar
  26. 26.
    Liao, I.-E., Lee, C.-C., Hwang, M.-S.: Security enhancement for a dynamic ID-based remote user authentication scheme. In: International Conference on Next Generation Web Services Practices. NWeSP 2005, p. 4. IEEE (2005)Google Scholar
  27. 27.
    Juang, W.-S., Chen, S.-T., Liaw, H.-T.: Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Industr. Electron. 55, 2551–2556 (2008)CrossRefGoogle Scholar
  28. 28.
    Li, X., Qiu, W., Zheng, D., Chen, K., Li, J.: Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Industr. Electron. 57, 793–800 (2010)CrossRefGoogle Scholar
  29. 29.
    Khan, M.K., Kim, S.-K., Alghathbar, K.: Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Comput. Commun. 34, 305–309 (2011)CrossRefGoogle Scholar
  30. 30.
    Wang, D., Wang, N., Wang, P., Qing, S.: Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci. 321, 162–178 (2015)CrossRefGoogle Scholar
  31. 31.
    Li, X., Zhang, Y.: A simple and robust anonymous two-factor authenticated key exchange protocol. Secur. Commun. Netw. 6, 711–722 (2013)CrossRefGoogle Scholar
  32. 32.
    Sun, D.-Z., Huai, J.-P., Sun, J.-Z., Li, J.-X., Zhang, J.-W., Feng, Z.-Y.: Improvements of Juang’s password-authenticated key agreement scheme using smart cards. IEEE Trans. Industr. Electron. 56, 2284–2291 (2009)CrossRefGoogle Scholar
  33. 33.
    Yang, J., Zhang, Z.: A new anonymous password-based authenticated key exchange protocol. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 200–212. Springer, Heidelberg (2008). Scholar
  34. 34.
    Yang, X., Jiang, H., Xu, Q., Hou, M., Wei, X., Zhao, M., Choo, K.-K.R.: A provably-secure and efficient verifier-based anonymous password-authenticated key exchange protocol. In: Trustcom/BigDataSE/ISPA 2016 IEEE, pp. 670–677. IEEE (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Xiaoyan Yang
    • 1
  • Han Jiang
    • 1
    Email author
  • Mengbo Hou
    • 1
  • Zhihua Zheng
    • 2
  • Qiuliang Xu
    • 1
  • Kim-Kwang Raymond Choo
    • 3
  1. 1.School of SoftwareShandong UniversityJinanChina
  2. 2.College of Information Science and EngineeringShandong Normal UniversityJinanChina
  3. 3.Department of Information Systems and Cyber SecurityUniversity of Texas at San AntonioSan AntonioUSA

Personalised recommendations