Multi-Server Password-Authenticated Key Exchange for Provable Security

Password authentication has been around for long time. In the contemporary digital world, password plays very important role. However, there are many issues with password based authentication mechanisms. Different kinds of attacks like dictionary attack are to be considered in order to have high level of security. In this context, it is recommended to have strong passwords that cannot be subjected to such attacks. Moreover, it is important to implement limitation to number of attempts. Many researchers contributed towards password authentication and secure key exchange. However, it is an open problem that can be optimized. In this paper, we proposed a methodology to build a protocol that makes use of two or more servers in order to store shares of passwords. These servers provide cooperation for secure password-authenticated key exchange for provable security. We built a prototype application to demonstrate the proof of the concept. The results revealed that the proposed system is able to show the utility of the protocol.