A password-based authenticated group key exchange protocol assists group participants who possess low-entropy, human-memorable passwords in establishing a secure communication channel. In this type of scheme, the server needs to store the users' verifiers in a database. Therefore, it is susceptible to stolen-verifier attacks. In this paper, we propose a new authenticated group key protocol that eliminates the need of verifier database at the server side. Our protocol is based on a two-factor authentication that employs both smart card and password.

• 出版日期2015-5-25