Abstract
Two-factor authenticated key exchange (TFAKE) protocols are critical tools for ensuring identity authentication and secure data transmission for cloud computing. Until now, numerous TFAKE protocols based on smart cards and passwords are proposed under this circumstance. Unfortunately, most of them are found insecure against various attacks. Researchers focus on cryptanalysis of these protocols and then fixing the loopholes. Little attention has been paid to design rationales and formal security models of these protocols. In this paper, we summarize the security requirements and put forward a formal security model for TFAKE protocols for cloud computing. We then present an efficient TFAKE protocol without using expensive asymmetric cryptology mechanisms to achieve high efficiency. Our protocol can be proven secure in the random oracle model and achieves user anonymity. Compared with other TFAKE protocols, our protocol is more efficient and enjoys provable security.
Get full access to this article
View all access options for this article.