Title: A two-factor authenticated key exchange protocol based on RSA with dynamic passwords

Authors: Fushan Wei; Jianfeng Ma; Chuangui Ma; Xinghua Li

Addresses: School of Computer Science and Technology, Xidian University, Xian, China ' School of Computer Science and Technology, Xidian University, Xian, China ' State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China ' School of Computer Science and Technology, Xidian University, Xian, China

Abstract: In order to reduce the damage of phishing and spyware attacks for password-based systems, this paper presents a novel two-factor authenticated key exchange protocol based on smart cards and dynamic one-time passwords. The main advantages of the proposed protocol can be summarised as follows: 1) the dynamic password is updated automatically in every communication session; 2) the user only needs to remember one password, so does the server. The proposed protocol can resist e-residue attacks and replacement attacks. We also prove the security of the protocol under the RSA assumption in the random oracle model.

Keywords: two-factor authentication; one-time passwords; authenticated key exchange; automatic updates; RSA; dynamic passwords; phishing attacks; spyware attacks; smart cards; e-residue attacks; replacement attacks; security; random oracle model.

DOI: 10.1504/IJES.2015.072366

International Journal of Embedded Systems, 2015 Vol.7 No.3/4, pp.257 - 265

Received: 12 Jul 2014
Accepted: 24 Sep 2014

Published online: 11 Oct 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article