Skip to Main Content
Authenticated key exchange (AKE) protocols are designed to allow mutual authentication and generation of a cryptographically-secure session key. We revisit the conventional AKE protocols employed in IEEE 802.1x for wireless security considering the following situation: (1) a user has some insecure devices with built-in memory capacity; (2) the counterpart server is not perfectly secure; (3) neither PKI (public key infrastructure) nor TRM (tamper-resistant module) is available. In addition, the paper introduces a new kind of AKE protocol, which is secure against an active attacker in the above-mentioned situation, in order to enhance the overall security level and usability of passwords. For authenticity, the user's password is combined with an additional secret stored on insecure mobile devices. Nevertheless, the user remembers only one relatively short password while maintaining its connections with a variety of different servers.