The 2018 International Symposium on Information Theory and Its Applications (ISITA2018)
Secure Hybrid Authentication Protocols against Malicious Key Generation Center
In this paper, we revisit the simplified PWIBSAKE (Sim-PWIBS) protocol  constructed from password authentication and identity-based signature. First, we show that the Sim-PWIBS protocol is insecure meaning that a malicious KGC (Key Generation Center) can find out session keys and all clients’ passwords by impersonating the server. Then, we propose two secure simplified PWIBS-AKE (called, PAKEwIBS1 and PAKEwIBS2) protocols that prevents such malicious KGC’s passive/active attacks. Also, we show that there is a trade-off between the PAKEwIBS1 and PAKEwIBS2 protocols in terms of computation costs of client and communication costs.