MAKA: Provably Secure Multi-factor Authenticated Key Agreement Protocol

Remote authentication is important to protect a networked server against malicious remote logins in complex systems, it is also the most efficient method to determine the identity of a remote user. Recently, Li et al. proposed an enhanced smart card based remote user password authentication scheme, referred to as LNKL scheme. In this paper, we first analyze LNKL scheme and show their scheme is vulnerable to key compromise impersonation attack and smart card impersonated attack. Besides, LNKL scheme does not provide user's anonymity and privacy protection. LNKL scheme still has some design flaws such as non-repairability. Furthermore, LNKL scheme adopts two-factor authentication (password and smart-card), which are easily compromised. Based on LNKL scheme and biometrics- based multi-factor authentication, an improved multi-factor authentication (short for MAKA) is proposed in this paper, which not only keeps the merits of LNKL scheme, but also achieves more security features. In addition, the MAKA protocol can be formally proved securely against passive and active attacks under the computational Diffie-Hellman problem assumption in the random oracle model. As a result, it is more well-suited for mobile application scenarios where resource is constrained and security is concerned.