This paper proposes a three-party authenticated key exchange protocol using two-factor including a password and a token. The proposed protocol allows two users to establish a session key through a trusted server with whom they both share a human-memorable password and a token. Over the past years, many three-party authenticated key exchange protocols have been proposed. However, many proposed protocols use smart cards with tamper-resistance property as tokens. It is not practical by using smart cards because of the high cost and the infrastructure requirements. Therefore, the proposed paper only uses a common storage device such as a USB memory stick. We believe the proposed protocol is suitable for practical scenarios.
Applied Mechanics and Materials 182-183, pp.2075-2079