Abstract
Authentication is an effective mechanism for determining whether a user is unauthorized to access to the device and/or online account. In addition, users may also be concerned about preserving their online privacy (e.g. identity, and individual preferences). Conventional anonymous two-factor authenticated key exchange (AKE) protocols only guarantee user anonymity against an external adversary, although user identity may be easily learned by a malicious insider (e.g. server), and the latter may also trace the user’s activities and analyze the user’s individual preferences for illicit financial gains. To address this problem, we propose a novel anonymous two-factor AKE protocol, which achieves stronger anonymity in the sense that no useful information about the user’s identity is revealed to either an adversary or the server. We then give a formal security proof of the protocol in the random oracle model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lindell, Y.: Anonymous authentication. J. Priv. Confidentiality 2, 4 (2007)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0024447
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_28
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75670-5_1
Choo, K.-K.R.: Secure key establishment. Springer Science & Business Media, Boston (2008). https://doi.org/10.1007/978-0-387-87969-7
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 72–84. IEEE (1992)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_11
Katz, J., Ostrovsky, R., Yung, M.: Efficient password-authenticated key exchange using human-memorable passwords. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 475–494. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_29
Gennaro, R., Lindell, Y.: A framework for password-based authenticated key exchange. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 524–543. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_33
Katz, J., Vaikuntanathan, V.: Round-optimal password-based authenticated key exchange. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 293–310. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_18
Benhamouda, F., Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: New techniques for SPHFs and efficient one-round PAKE protocols. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 449–475. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_25
Yang, W.-H., Shieh, S.-P.: Password authentication schemes with smart cards. Comput. Secur. 18, 727–733 (1999)
Juang, W.-S.: Efficient password authenticated key agreement using smart cards. Comput. Secur. 23, 167–173 (2004)
Yang, G., Wong, D.S., Wang, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords. J. Comput. Syst. Sci. 74, 1160–1172 (2008)
Wei, F., Zhang, R., Ma, C.: Two factor authenticated key exchange protocol for wireless sensor networks: formal model and secure construction. In: Sun, X., Liu, A., Chao, H.-C., Bertino, E. (eds.) ICCCS 2016. LNCS, vol. 10039, pp. 377–388. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48671-0_34
Das, M.L., Saxena, A., Gulati, V.P.: A dynamic ID-based remote user authentication scheme. IEEE Trans. Consum. Electron. 50, 629–631 (2004)
Liu, C., Ma, C.-G.: An efficient and provable secure PAKE scheme with robust anonymity. In: Liu, B., Ma, M., Chang, J. (eds.) ICICA 2012. LNCS, vol. 7473, pp. 722–729. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34062-8_94
Madhusudhan, R., Mittal, R.: Dynamic ID-based remote user password authentication schemes using smart cards: a review. J. Network Comput. Appl. 35, 1235–1248 (2012)
Wang, D., He, D., Wang, P., Chu, C.-H.: Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans. Dependable Secure Comput. 12, 428–442 (2015)
Xie, Q., Wong, D.S., Wang, G., Tan, X., Chen, K., Fang, L.: Provably secure dynamic id-based anonymous two-factor authenticated key exchange protocol with extended security model. IEEE Trans. Inf. Forensics Secur. 12, 1382–1392 (2017)
Viet, D.Q., Yamamura, A., Tanaka, H.: Anonymous password-based authenticated key exchange. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 244–257. Springer, Heidelberg (2005). https://doi.org/10.1007/11596219_20
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 448–457. Society for Industrial and Applied Mathematics, Washington, D.C. (2001)
Chien, H.-Y., Chen, C.-H.: A remote authentication scheme preserving user anonymity. In: 19th International Conference on Advanced Information Networking and Applications. AINA 2005, pp. 245–248. IEEE (2005)
Fan, C.-I., Chan, Y.-C., Zhang, Z.-K.: Robust remote authentication scheme with smart cards. Comput. Secur. 24, 619–628 (2005)
Liao, I.-E., Lee, C.-C., Hwang, M.-S.: Security enhancement for a dynamic ID-based remote user authentication scheme. In: International Conference on Next Generation Web Services Practices. NWeSP 2005, p. 4. IEEE (2005)
Juang, W.-S., Chen, S.-T., Liaw, H.-T.: Robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Industr. Electron. 55, 2551–2556 (2008)
Li, X., Qiu, W., Zheng, D., Chen, K., Li, J.: Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards. IEEE Trans. Industr. Electron. 57, 793–800 (2010)
Khan, M.K., Kim, S.-K., Alghathbar, K.: Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’. Comput. Commun. 34, 305–309 (2011)
Wang, D., Wang, N., Wang, P., Qing, S.: Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity. Inf. Sci. 321, 162–178 (2015)
Li, X., Zhang, Y.: A simple and robust anonymous two-factor authenticated key exchange protocol. Secur. Commun. Netw. 6, 711–722 (2013)
Sun, D.-Z., Huai, J.-P., Sun, J.-Z., Li, J.-X., Zhang, J.-W., Feng, Z.-Y.: Improvements of Juang’s password-authenticated key agreement scheme using smart cards. IEEE Trans. Industr. Electron. 56, 2284–2291 (2009)
Yang, J., Zhang, Z.: A new anonymous password-based authenticated key exchange protocol. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 200–212. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89754-5_16
Yang, X., Jiang, H., Xu, Q., Hou, M., Wei, X., Zhao, M., Choo, K.-K.R.: A provably-secure and efficient verifier-based anonymous password-authenticated key exchange protocol. In: Trustcom/BigDataSE/ISPA 2016 IEEE, pp. 670–677. IEEE (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Yang, X., Jiang, H., Hou, M., Zheng, Z., Xu, Q., Choo, KK.R. (2018). A Provably-Secure Two-Factor Authenticated Key Exchange Protocol with Stronger Anonymity. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-02744-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02743-8
Online ISBN: 978-3-030-02744-5
eBook Packages: Computer ScienceComputer Science (R0)