• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.101-108
• /
• 2007

We follow the promising recent results of deploying the public key cryptography in sensor networks. Recent results have shown that the public key algorithms are computationally feasible on the typical sensor nodes. However, once the public key cryptography is brought to the sensor network, security services such like key authentication will be critically required. In this paper we investigate the public key authentication problem in the sensor network and provide several authentication protocols. Our protocols are mainly based on the non-solvable overhearing in the wireless environment and a distributed voting mechanism. To show the value of our protocols, we provide an extensive analysis of the used resources and the resulting security level. As well, we compare our work with other existing works. For further benefit of our protocols, we list several additional applications in the sensor network where our protocols provide a sufficient authentication under the constrained resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.103-113
• /
• 2008

Reducing handoff latency is essential in providing seamless multimedia service in Wireless LAN based on the IEEE 802.11 standard. Reducing authentication delay is critical in reducing handoff latency. To this end, several authentication protocols for fBst handoff have been proposed. Mishra et al. used proactive key distribution to improve the authentication delay incurred in the current standard and Park et al. proposed a new authentication protocol based on Blom's key pre-distribution scheme. In this paper, we propose an enhanced authentication protocol based on Bresson et al.'s group key protocol. If a mobile node has previously access the network, our proposed protocol only requires simple hash operations in providing mutual authentication between a mobile node and access points. Our protocol is more efficient than Park et al.'s and Mishra et al.'s technique can be used in our protocol to further enhance our protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.73-82
• /
• 2009

This paper proposes an efficient and secure user authentication and key agreement scheme instead of the HTTP digest and TLS between the SIP UA and server. Although a number of security schemes for authentication and key exchange in SIP network are proposed, they still suffer from heavy computation overhead on the UA's side. The proposed scheme uses the HTIP Digest authentication and employs the Diffie-Hellman algorithm to protect user password against dictionary attacks. For a resource-constrained SIP UA, the proposed scheme delegates cryptographically computational operations like an exponentiation operation to the SIP server so that it is more efficient than the existing schemes in terms of energy consumption on the UA. Furthermore, it allows the proposed scheme to be easily applied to the deployed SIP networks since it does not require major modification to the signaling path associated with current SIP standard.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.439-446
• /
• 2004

In the Internet, user authentication is the most important service in secure communications. Although password-based mechanism is the most widely used method of the user authentication in the network, people are used to choose easy-to-remember passwords, and thus suffers from some Innate weaknesses. Therefore, using a memorable password it vulnerable to the dictionary attacks. The techniques used to prevent dictionary attacks bring about a heavy computational workload. In this paper, we describe a recent solution, the Optimal Strong-Password Authentication (OSPA) protocol, and that it is vulnerable to the stolen-verifier attack and an impersonation attack. Then, we propose an Improved Optimal Strong-Password Authentication (I-OSPA) protocol, which is secure against stolen-verifier attack and impersonation attack. Also, since the cryptographic operations are computed by the processor in the smart card, the proposed I-OSPA needs relatively low computational workload and communicational workload for user.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1597-1605
• /
• 2015

Password authenticated key exchange (PAKE) is a protocol that a client stores its password to a server, authenticates itself using its password and shares a session key with the server. In multi-server PAKE, a client splits its password and stores them to several servers separately. Unless all the servers are compromised, client's password will not be disclosed in the multi-server setting. In attribute-based encryption (ABE), a sender encrypts a message M using a set of attributes and then a receiver decrypts it using the same set of attributes. In this paper, we introduce multi-server PAKE protocol that utilizes a set of attributes of ABE as a client's password. In the protocol, the client and servers do not need to create additional public/private key pairs because the password is used as a set of public keys. Also, the client and the servers exchange only one round-trip message per server. The protocol is secure against dictionary attacks. We prove our system is secure in a proposed threat model. Finally we show feasibility through evaluating the execution time of the protocol.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.8
• /
• pp.1843-1848
• /
• 2010

The Key exchange protocols are very crucial tools to provide the secure communication in the broadband satellite access network. They should be required to satisfy various requirements such as security, Key confirmation, and Key freshness. In this paper, we propose Two authenticated key exchange protocols Two Pass EKE-E(Encrypted Key Exchange-Efficient) and Two Pass EKE-S(Encrypted Key Exchange-Secure) are introduced. A basic idea of the protocols is that a password can be represented by modular addition N, and the number of possible modular addition N representing the password is $2^N$ The Two Pass EKE-E is secure against the attacks including main-in-the-middle attack and off-line dictionary attack, and the performance is excellent so as beyond to comparison with other authenticated key exchange protocols. The Two Pass EKE-S is a slight modification of the Two Pass EKE-E. The Two Pass EKE-S provides computational in feasibility for learning the password without having performed off line dictionary attack while preserving the performance of the Two Pass EKE-E.

• Journal of KIISE:Software and Applications
• /
• v.31 no.9
• /
• pp.1218-1225
• /
• 2004

S/KEY system was proposed to guard against intruder's password replay attack. But S/KEY system has vulnerability that if an attacker derive passphrase from his dictionary file, he can acquire one-time password required for user authentication. In this paper, we propose a correct S/KEY system mixed with EKE to solve the problem. Also, we specify a new S/KEY system with Casper and CSP, verify its secrecy and authentication requirements using FDR model checking tool.

• Journal of Korea Multimedia Society
• /
• v.8 no.4
• /
• pp.525-535
• /
• 2005

A password-based authenticated tripartite key exchange protocol based on A. Joux's protocol was proposed. By using encryption scheme with shared password, we can resolve man-in-the-middle attack and lack of authentication problems. We also suggested a scheme to avoid the offline dictionary attack to which symmetric encryption schemes are vulnerable. The proposed protocol does not require a trusted party which is required in certificate or identity based authentication schemes. Therefore in a ad hoc network which is difficult to install network infrastructure, the proposed protocol would be very useful. The proposed protocol is more efficient in computation aspect than any existing password-based authenticated tripartite key exchange protocols. When it is used as a base line protocol of tree based group key exchange protocol, the computational weak points of the proposed protocol are compensated.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.421-430
• /
• 2010

Now a days, as a communications network is being broadband, IPTV(Internet Protocol Television) service which provides various two-way TV service is increasing. But as the data which is transmitted between IPTV set-top box and smart card is almost transmitted to set-top box, the illegal user who gets legal authority by approaching to the context of contents illegally using McComac Hack Attack is not prevented perfectly. In this paper, set-top box access security model is proposed which is for the protection from McComac Hack Attack that tries to get permission for access of IPTV service illegally making data line which is connected from smart card to set-top box by using same kind of other set-top box which illegal user uses. The proposed model reports the result of test which tests the user who wants to get permission illegally by registration the information of a condition of smart card which is usable in set-top box in certification server so that it prevents illegal user. Specially, the proposed model strengthen the security about set-top box by adapting public key which is used for establishing neighbor link and inter-certification process though secret value and random number which is created by Pseudo random function.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1475-1487
• /
• 2018

To verify remitter's identity when the remitter transfers money to a recipient using an electronic financial service provided by the financial institution, the remitter inputs the information; such as the withdrawal account number, the withdrawal amount, the password pre-registered with the financial company, or the information from authenticating medium that is previously distributed by the financial institution. However, the 1-Way transaction between the financial institution and the remitter is exposed to a great risk of accidents such as an anomaly remittance or a voice phishing fraud. Therefore, in this study, we propose a 2-WAY trade verification model for electronic financial transaction that can be mutually agreed by allowing the recipient to share the transaction information with the remitter and the financial company. We have improved the traditional electronic financial transaction's method by replacing it to 2-WAY trade method, and it is used for various purposes; such as preventing an error within the remittance or voice phishing fraud, enhancing loan transaction and contract transaction, etc. Through these variety of applications, we are expecting to reduce the inconveniences while improving the convenience of financial transaction and vitalizing the P2P transaction of financial institution.