Multifactor authenticated key renewal

Abstract

Establishing secure channels is one of the most important and fundamental trust issues in information security. It is of high important not only for servers and users computers but also for global connectivity among any kind of network devices. Most existing technologies for establishing secure channels are based on asymmetric cryptography which requires heavy computations, large memory and complicated supporting mechanism such as PKI. In this paper, we consider the setting of authentication with small devices possibly held by humans and possibly embedded in a semi secure environment. We propose a authenticated key renewal protocol which uses only symmetric cryptography. The protocol takes into account other factors important for embedded and human held network devices: It covers multi-factor authentication to take advantage of secrets possessed by the secure device as well as the memorable password of the device owner. The protocol can, further, allow partial leakage of stored secret from a secure device. The protocol's considerations are a good demonstration of designing "trusted procedure" in the highly constrained environment of mobile and embedded small devices which is expected to be prevalent in the coming years. © 2012 Springer-Verlag.