A two-factor authenticated key exchange protocol based on RSA with dynamic passwords

Abstract

In order to reduce the damage of phishing and spyware attacks for password-based systems, this paper presents a novel two-factor authenticated key exchange protocol based on smart cards and dynamic one-time passwords. The main advantages of the proposed protocol can be summarised as follows: 1) the dynamic password is updated automatically in every communication session; 2) the user only needs to remember one password, so does the server. The proposed protocol can resist e-residue attacks and replacement attacks. We also prove the security of the protocol under the RSA assumption in the random oracle model.