IJRCS – Volume 4 Issue 3 Paper 5


Author’s Name : M K Nandhini | Karthikeyan

Volume 04 Issue 03  Year 2017  ISSN No:  2349-3828  Page no:  18-20



Authenticated key exchange (AKE) is one of the most important applications in applied cryptography, where a user interacts with a server to set up a session key where pre-registered information (aka. authentication factor), such as a password or secret authentication, of the user is stored. While single-factor AKE is widely used in practice, higher security concerns call for multi-factor AKE (MFAKE) schemes, e.g. combining both passwords and device simultaneously. However, in some casually designed schemes, security is even weakened in the sense that leakage of one authentication factor will defeat the whole MFAKE protocol. Furthermore, an inevitable by-product arise that the usability of the protocol often drop greatly. To summarize, the existing multi-factor protocols did not provide enough security and efficiency simultaneously. Here, we make one step ahead by proposing a very efficient MFAKE protocol. We define the security model and give the according security analysis. We also implement our proposed method as textual, graphical and device password to access the user accounts. The theoretic comparisons and the experimental results show that our scheme achieves both security and usability.


  1. M. Slain, “Announcing Our Worst Passwords of 2015,” https://www.teamsid.com/worst-passwords-2015/, 2015.
  2. [Online]. Available: https://pages.nist.gov/800- 63-3/sp800-63b.html#out-of-band
  3. S. Bellovin and M. Merritt, “Encrypted Key Exchange: Password- Based Protocols Secure Against Dictionary Attacks,” in IEEE S&P,1992, pp. 72–44.
  4. O. Goldreich and Y. Lindell, “Session-key generation using human passwords only,” in CRYPTO, 2001, pp. 408–432.
  5. S. M. Bellovin and M. Merritt, “Augmented Encrypted Key Exchange: A Password Based Protocol Secure Against Dictionary Attacks and Password File Compromise,” in ACM CCS, 1993, pp