Secure Hybrid Authentication Protocols against Malicious Key Generation Center

SeongHan Shin

Summary

The 2018 International Symposium on Information Theory and Its Applications　(ISITA2018)

2018

Session Number:Mo-PM-2-2

Session:

Number:Mo-PM-2-2.2

Secure Hybrid Authentication Protocols against Malicious Key Generation Center

SeongHan Shin,

pp.213-217

Publication Date:2018/10/18

Online ISSN:2188-5079

DOI:10.34385/proc.55.Mo-PM-2-2.2

PDF download

Summary:

In this paper, we revisit the simplified PWIBSAKE (Sim-PWIBS) protocol [7] constructed from password authentication and identity-based signature. First, we show that the Sim-PWIBS protocol is insecure meaning that a malicious KGC (Key Generation Center) can find out session keys and all clients’ passwords by impersonating the server. Then, we propose two secure simplified PWIBS-AKE (called, PAKEwIBS1 and PAKEwIBS2) protocols that prevents such malicious KGC’s passive/active attacks. Also, we show that there is a trade-off between the PAKEwIBS1 and PAKEwIBS2 protocols in terms of computation costs of client and communication costs.