Vladimir Kolesnikov
Bell Labs

Password Mistyping in Two-Factor-Authenticated Key Exchange

We study the problem of Key Exchange (KE), where authentication is
two-factor and based on both electronically stored (long keys) and
human-supplied credentials (passwords or biometrics).  In contrast with
the former, the latter credential has low entropy and may be
occasionally (in general, {\em adversarily}) mistyped. Our main
contribution is the first formal treatment of  mistyping in this

Ensuring security in presence of mistyping adds subtleties to already
complicated KE protocols.  We discuss vulnerabilities (including
mistyping-related) of previous KE definitions and constructions.

We concentrate on the practical two-factor authenticated KE setting
where servers exchange keys with  clients, who use short passwords
(memorized) and long cryptographic keys (stored on a card).  Our work is
thus a natural extension of  Halevi-Krawczyk and Kolesnikov-Rackoff.  We
discuss the challenges that arise due to mistyping.  We propose the
first KE definitions in this setting, and formally discuss their
guarantees.  We present efficient KE protocols and prove their security.