Title: A two-factor authenticated key exchange protocol based on RSA with dynamic passwords
Authors: Fushan Wei; Jianfeng Ma; Chuangui Ma; Xinghua Li
Addresses: School of Computer Science and Technology, Xidian University, Xian, China ' School of Computer Science and Technology, Xidian University, Xian, China ' State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China ' School of Computer Science and Technology, Xidian University, Xian, China
Abstract: In order to reduce the damage of phishing and spyware attacks for password-based systems, this paper presents a novel two-factor authenticated key exchange protocol based on smart cards and dynamic one-time passwords. The main advantages of the proposed protocol can be summarised as follows: 1) the dynamic password is updated automatically in every communication session; 2) the user only needs to remember one password, so does the server. The proposed protocol can resist e-residue attacks and replacement attacks. We also prove the security of the protocol under the RSA assumption in the random oracle model.
Keywords: two-factor authentication; one-time passwords; authenticated key exchange; automatic updates; RSA; dynamic passwords; phishing attacks; spyware attacks; smart cards; e-residue attacks; replacement attacks; security; random oracle model.
International Journal of Embedded Systems, 2015 Vol.7 No.3/4, pp.257 - 265
Received: 12 Jul 2014
Accepted: 24 Sep 2014
Published online: 11 Oct 2015 *