Open Access Open Access  Restricted Access Subscription Access

MAKA: Provably Secure Multi-factor Authenticated Key Agreement Protocol

Xiaoxue Liu,
Yanping Li,
Juan Qu,
Qi Jiang,

Abstract


Remote authentication is important to protect a networked server against malicious remote logins in complex systems, it is also the most efficient method to determine the identity of a remote user. Recently, Li et al. proposed an enhanced smart card based remote user password authentication scheme, referred to as LNKL scheme. In this paper, we first analyze LNKL scheme and show their scheme is vulnerable to key compromise impersonation attack and smart card impersonated attack. Besides, LNKL scheme does not provide user’s anonymity and privacy protection. LNKL scheme still has some design flaws such as non-repairability. Furthermore, LNKL scheme adopts two-factor authentication (password and smart-card), which are easily compromised. Based on LNKL scheme and
biometrics- based multi-factor authentication, an improved multi-factor authentication (short for MAKA) is proposed in this paper, which not only keeps the merits of LNKL scheme, but also achieves more security features. In addition, the MAKA protocol can be formally proved securely against passive and active attacks under the computational Diffie-Hellman problem assumption in the random oracle model. As a result, it is more well-suited for mobile application scenarios where resource is constrained and security is concerned.


Citation Format:
Xiaoxue Liu, Yanping Li, Juan Qu, Qi Jiang, "MAKA: Provably Secure Multi-factor Authenticated Key Agreement Protocol," Journal of Internet Technology, vol. 19, no. 3 , pp. 669-677, May. 2018.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.





Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Library and Information Center, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd. Shoufeng, Hualien 97401, Taiwan, R.O.C.
Tel: +886-3-931-7017  E-mail: jit.editorial@gmail.com