A user friendly password authenticated key agreement for multi server environment

  • Authors:

  • Mohammed Misbahuddin;P. Premchand;A. Govardhan

  • Affiliations:

  • Centre for Development of Advanced Computing (C-DAC), E-City, Bangalore, India;Osmania University, Hyderabad, India;JN Tech. Univ., Hyderabad, India

  • Venue:
  • Proceedings of the International Conference on Advances in Computing, Communication and Control
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

Two Factor authentication mechanisms are considered to be secure for authenticating a user in Internet based environment. As the number of services provided online is day by day increasing, users intending to use various online services are also increasing. With each service requiring the user to register separately, the overhead of remembering many ID/password pairs has lead to the problem of memorability. To address this, researchers have proposed mechanisms for multi-server environment where in the user needs to register with a single registration centre using one ID/password pair and thereby access all the services registered through that server. But, as these mechanisms employ textual passwords, they suffer from many inherent drawbacks. In this paper we propose a two factor password authenticated key agreement mechanism using graphical password where in the user needs to recognize his secret image presented to him as challenge. The protocol is designed such that there is no need of maintaining a password table at server for verification. In addition, the protocol provides secure low computation mutual authentication and session key agreement. The proposed protocol is computationally efficient and is expected to be secure against ID theft, Insider attack, Replay attack, Shoulder surfing attack, Reconnaissance attack, Server spoofing attack and guessing attack.