Security Analysis of a Multi-factor Authenticated Key Exchange Protocol

Hao, Feng; Clarke, Dylan

doi:10.1007/978-3-642-31284-7_1

Cited by 14 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For the elliptic curve, a similar check is needed to ensure the received element is a valid public key over the elliptic curve. The importance of this checkknown as the public key validationin key exchange protocols has been highlighted by Menezes and Ustagolu [24] in 2006 and also by a recent attack reported in 2012 [25].…”

Section: Preventing Small Subgroup Attacks On the Dragonfly Protocolmentioning

confidence: 99%

Cryptanalysis of the Dragonfly key exchange protocol

Clarke¹,

Hao²

2014

IET Information Security

Self Cite

View full text Add to dashboard Cite

Dragonfly is a password authenticated key exchange protocol that has been submitted to the Internet Engineering Task Force as a candidate standard for general internet use. We analyzed the security of this protocol and devised an attack that is capable of extracting both the session key and password from an honest party. This attack was then implemented and experiments were performed to determine the time-scale required to successfully complete the attack.

show abstract

Section: Preventing Small Subgroup Attacks On the Dragonfly Protocolmentioning

confidence: 99%

Cryptanalysis of the Dragonfly key exchange protocol

Clarke¹,

Hao²

2014

IET Information Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…It uses an ElGamal public key encryption [27] for securing biometric information. However, in 2012, it has been found to be insecure by Hao and Clarke [28]. The insecurity of PZ is that an attacker, who steals a password, is able to deduce biometric information.…”

Section: Introductionmentioning

confidence: 99%

A Generic Multifactor Authenticated Key Exchange with Physical Unclonable Function

Byun

2019

Security and Communication Networks

View full text Add to dashboard Cite

We study how to generally construct a PUF-based multifactor authenticated key exchange (MAKE) protocol from any secure password-based authenticated key exchange protocol. We newly consider a new setting in which a user holding a PUF-embedded device desires to perform an authenticate key exchange through multifactor authentication factors (password, biometrics, secret). Our construction is the first PUF-based general MAKE construction. By applying a PUF in a device, our MAKE construction is still secure even if all authentication factors are totally compromised. Our construction is the first PUF-based generic MAKE protocol requiring additional three communication flows without any public key based primitives such as signature.

show abstract

“…There are some authentication algorithms, which are proposed to be used in mobile devices. To improve the security of mobile device's users, some researchers recommended adding second factor of authentication [31][32][33][34][35][36]. In the following part, different kinds of these kinds of algorithms are introduced to get some ideas to use these authentication methods in mobile cloud computing is discussed.…”

Section: Introductionmentioning

confidence: 99%

Feasibility of Implementing Multi-factor Authentication Schemes in Mobile Cloud Computing

Alizadeh

Hassan

Khodadadi

2014

2014 5th International Conference on Intelligent Systems, Modelling and Simulation

View full text Add to dashboard Cite

Mobile cloud computing is a new computing technology, which provides on-demand resources. Nowadays, this computing paradigm is becoming one the most interesting technology for IT enterprises. The idea of computing and offloading data in cloud computing is utilized to overcome the inherent challenges in mobile computing. This is carried out by utilizing other resource providers besides the mobile device to host the delivery of mobile applications. However, this technology introduces some opportunities as new computing concept, several challenges, including security and privacy are raised from the adoption of this IT paradigm. Authentication plays an important role to mitigate security and privacy issue in the mobile cloud computing. Even some authentication algorithms are proposed for mobile cloud computing, but most of these algorithms designed for traditional computing models, and are not using cloud capabilities. In mobile cloud computing, we access to pooled computation resources and applying more complicated authentication schemes is possible. Using different authentication factors, which is called multifactor authentication algorithms, has been proposed for various areas. In this paper, feasibility of implementation of different kinds of multi-factor authentication protocols are discussed. Furthermore, the security and privacy of these algorithms are analyzed. Finally, some future directions are recommended.

show abstract

Security Analysis of a Multi-factor Authenticated Key Exchange Protocol

Cited by 14 publications

References 20 publications

Cryptanalysis of the Dragonfly key exchange protocol

Cryptanalysis of the Dragonfly key exchange protocol

A Generic Multifactor Authenticated Key Exchange with Physical Unclonable Function

Feasibility of Implementing Multi-factor Authentication Schemes in Mobile Cloud Computing

Contact Info

Product

Resources

About