Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

Untraceable Authenticated Key Agreement Scheme for Multi-server Environment

다중서버를 위한 비-추적성을 제공하는 인증된 키 동의 기법

  • Choi, Hae-Won (Department of Aerospace & Industrial Computing Security, Kyungwoon University) ;
  • Kim, Sangjin (Department of Aerospace & Industrial Computing Security, Kyungwoon University) ;
  • Ryoo, Myungchun (Department of Aerospace & Industrial Computing Security, Kyungwoon University)
  • 최해원 (경운대학교 항공산업보안학과) ;
  • 김상진 (경운대학교 항공산업보안학과) ;
  • 류명춘 (경운대학교 항공산업보안학과)
  • Received : 2017.09.02
  • Accepted : 2017.10.20
  • Published : 2017.10.28
Download PDF
⟨ Previous Next ⟩

Abstract

Authenticated key agreement in multi-server environments is one of very important security issues because only authorized user needs to access their data and services. To support this issue, numerous schemes have been proposed over recent years. Recently, Shin showed the security weaknesses in the previous scheme and proposed an improved scheme called SIAKAS to solve them. Unfortunately, this paper shows that SIAKAS is still weak against application server impersonation attack and could be traceable to attackers. To solve the problems in SIAKAS, we propose an untraceable authenticated key agreement scheme, denoted by UAKAS. UAKAS efficiently solves security and privacy issues in SIAKAS and the related schemes and could reduce the operation overhead at least 12% compared to them.

다중서버 환경에서 인가된 사용자만이 서버의 데이터와 서비스들을 이용할 수 있어야 함으로 인증된 키 동의는 보안 이슈들 중에서 가장 중요한 문제 중 하나이다. 이러한 보안 이슈를 지원하기 위해서 다양한 기법들이 최근 몇 년간 제안되었다. 특히, 최근에 Shin은 기존 기법의 보안 문제점을 도출하고 이를 해결할 수 있는 개선된 기법인 SIAKAS를 제안하였다. 본 논문에서는 SIAKAS가 여전히 응용서버 가장 공격에 취약하고 추적성을 제공하는 문제가 있음을 보이고, 이러한 문제들을 해결할 수 있는 비추적성을 제공하는 인증된 키 동의 기법인 UAKAS를 제안한다. UAKAS는 SIAKAS 및 관련된 기법들의 보안 및 프라이버시 문제를 해결하고 이들에 비해서 최소 12%의 연산 오버헤드를 줄일 수 있는 장점이 있다.

Keywords

References

  1. B.-S. Shim, D.-G. Yoo, "Trends and Activation Plans for Next-generation Wireless Broadband Industry," Journal of Digital Convergence, Vol. 13, No. 12, pp. 13-21, 2015. https://doi.org/10.14400/JDC.2015.13.12.13
  2. Y.-T. Song, "The Effect of Web-based Communication to Internet Users of Information Characteristics : Focus on Internalization and Conformity," Journal of Digital Convergence, Vol. 14, No. 7, pp. 117-126, 2016. https://doi.org/10.14400/JDC.2016.14.7.117
  3. S. Yoo, K. Choi, "Consumer protection in e-commerce: the Safety Transaction Service in Korea," Journal of Digital Convergence, Vol. 11, No. 11, pp. 29-36, 2013. https://doi.org/10.14400/JDPM.2013.11.11.29
  4. S.-B. Kim, "Improvement of IPTV Policy under the Smart Environment," Journal of Digital Convergence, Vol. 11, No. 10, pp. 141-152, 2013. https://doi.org/10.14400/JDPM.2013.11.10.141
  5. J.-M. Kim, H.-J. Kouh, "Security Analysis of Information Flow using SAT," Journal of Digital Convergence, Vol. 14, No. 6, pp. 253-261, 2016. https://doi.org/10.14400/JDC.2016.14.6.253
  6. D. Y. Kim, "Trend and Improvement for Privacy Protection of Future Internet," Journal of Digital Convergence, Vol. 14, No. 6, pp. 405-413, 2016. https://doi.org/10.14400/JDC.2016.14.6.405
  7. H.-W. Choi, M.-C. Ryoo, C.-S. Lee, H. Kim, "Secure Data Gathering Protocol over Wireless Sensor Network," The Journal of Digital Policy & Management, Vol. 11, No. 12, pp. 367-380, 2013.
  8. L. Lamport, "Password authentication with insecure communication," ACM Communication, Vol. 24, No. 11, pp. 770-772, 1981. https://doi.org/10.1145/358790.358797
  9. W. S. Juang, "Efficient multi-server password authenticated key agreement using smart cards," IEEE Trans. on Consumer Electronics, Vol. 50, No. 1, pp. 251-255, 2004. https://doi.org/10.1109/TCE.2004.1277870
  10. D. Mishra, A. K. Das, S. A. Mukhopadhyay, "A secure user anonymity-preserving biometric based multi-server authenticated key agreement scheme using smart cards," Expert Systems with Applications, Vol. 41, No. 18, pp. 8129-8143, 2014. https://doi.org/10.1016/j.eswa.2014.07.004
  11. K.-C. Shin, "Analysis and security improvements to Mishra et al.'s authentication," Journal of Security Engineering, Vol. 13, No. 4, pp. 261-278, 2016. https://doi.org/10.14257/jse.2016.08.01
  12. H. Kim, "Remote User Authentication Scheme with Key Agreement Providing Forward Secrecy," Journal of Security Engineering, Vol. 12, No. 1, pp. 1-12, 2015. https://doi.org/10.14257/jse.2015.02.01
  13. W.S.Choi, D.H.Won, "Security Enhanced User Authentication Scheme with Key Agreement based on Fuzzy Extraction Technology ," Journal of Internet Computing and Services, Vol. 17, No. 3, pp. 1-10, 2017. https://doi.org/10.7472/JKSII.2016.17.3.01
  14. Younsung Choi, Donghoon Lee, Jiye Kim, Jaewook Jung, Junghyun Nam and Dongho Won, "Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography." Sensors, Vol. 14, No. 6, 2014.
  15. Jongho Moon, Younsung Choi, jaewook Jung, Dongho Won, "An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards." PloS one,Vol 10, No. 12 , 2015.