Multi-Factor Authenticated Key Exchange Scheme for Mobile Communications using Applied Cryptography

Azhagarasan. T, P. A. College of Engineering and Tech, Pollachi, India; Jeeva. V ,P. A. College of Engineering and Tech, Pollachi, India; Nareen Kumar. S ,P. A. College of Engineering and Tech, Pollachi, India; Anand N ,P. A. College of Engineering and Tech, Pollachi, India

AKE, MFAKE Protocol,Cryptography

Authenticated key exchange is one of the most important applications in applied cryptography, the user interacts with a server to set up a session key to pre-registered information, authentication factor, like password or biometrics of the user is stored. Single-factor AKE is widely used in practice. Higher security concerns call for MFAKE schemes, e.g. combining passwords, biometrics and device simultaneously. Casually designed schemes, security is even weakened in the sense that leakage of one authentication factor will defeat the whole MFAKE protocol. An inevitable by-product arises that the usability of the protocol often drops greatly. To summarize, the existing multi-factor protocols did not provide enough security and efficiency simultaneously. It proposes a very efficient MFAKE protocol. It defines the security model and gives the according to security analysis. It also implements our proposed method as textual, graphical, biometric and device password to access the user accounts. The theoretic comparisons and the experimental results show that this scheme achieves both security and usability operating conditions is demonstrated through simulation results using MATLAB/Simulink followed by an experimental validation.
    [1] Arakala, A. and Jeffers, J. and Horadam, K. “Fuzzy Extractors for Minutiae-Based Fingerprint Authentication,” in ICB, ser. Lecture Notes in Computer Science, vol. 4642, 2007, pp. 760–769. [2] Bellare,v and Piontcheval,D. and Rogaway,P. “Authenticated Key Exchange Secure Against Dictionary Attacks,” in EUROCRYPT,ser. Lecture Notes in Computer Science, vol. 1087, 2000, pp. 139–155. [3] Bellovin,S. and Merritt,M. “Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks,” in IEEE S&P, 1992, pp. 72–44. [4] Bellovin,S. M. and Merritt,M. “Augmented Encrypted Key Exchange: A Password based protocol secure against dictionaryattacks and Password File Compromise,” in ACM CCS, 1993, pp.244–250. [5] Boyko,V. and MacKenzie,P. and Patel,S. “Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman,” in EUROCRYPT, 2000, pp. 156–171. [6] Gennaro,R. and Lindell,Y. “A Framework for Password-based Authenticated Key Exchange,” ACM Transactions on Informationand System Security, vol. 2, no. 9, pp. 181–234, 2006. [7] Goldreich,O. and Lindell,Y. “Session-key generation using human passwords only,” in CRYPTO, 2001, pp. 408–432. [8] Groce,A. and Katz,J. “A New Framework for Efficient Password-Based Authenticated Key Exchange,” in ACM CCS, 2010, pp. 516–525. [9] He, D. and Kumar, N. and Lee, J.-H. and Sherratt, R. S. “Enhanced Three-Factor Security Protocol for Consumer USB Mass Storage Devices,” IEEE Transactions on Consumer Electronics, vol. 60, no. 1, pp.30–37, 2014. [10] Huang, X. and Xiang,Y. and Bertino, E. and Zhou, J. and Xu,L.“Robust Multi-Factor Authentication for Fragile Communications,” IEEETransactions on Dependable and Secure Computing, vol. 6, no. 11, pp.568–581, 2014. [11] Juang,W. and Wu,J. “Two Efficient Two-Factor Authenticated Key Exchange Protocols in Public Wireless LANs,” Computers &Electrical Engineering, vol. 35, no. 1, pp. 33–40, 2009. [12] Lee,C. C. and Chen,C. T. and Wu,P. H. and Chen, T. Y. “Three-Factor Control Protocol Based on Elliptic Curve Cryptosystem for UniversalSerial Bus Mass Storage Devices,” IET, vol. 7, no. 1, pp. 48–55,2013. [13] Park,Y. M. and Park,S. K. “Two Factor Authenticated Key Exchange (TAKE) Protocol in Public Wireless LANs,” in IEICE Transon Communications, vol. E87-B, no. 5, 2004, pp. 1382–1385. [14] Pointcheval,D. and Zimmer,S. “Multi-Factor Authenticated Key Exchange,” in ANCS, ser. Lecture Notes in Computer Science, vol.5037, 2008, pp. 277–295. [15] Slain,M. “Announcing Our Worst Passwords of2015,”https://www.teamsid.com/worst-passwords-2015/, 2015. [16] Wang,X. and Zhang,W. and Zhang,J. and Khan,M K. “Cryptanalysis and Improvement on Two Efficient Remote User Authentication Scheme Using Smart Cards,” Computer Standards & Interfaces,vol. 29, no. 5, pp. 507–512, 2007.
Paper ID: GRDCF007012
Published in: Conference : National Conference on Emerging Trends in Electrical, Electronics and Computer Engineering (ETEEC - 2018)
Page(s): 62 - 66