• Journal of Korea Multimedia Society
• /
• v.11 no.8
• /
• pp.1101-1110
• /
• 2008

Nespot provides a convenient wireless internet connection service. The existing IEEE 802.1X EAP-MD5 authentication mechanism can be achieved based on ID/password information for a wireless connection. The Nespot system offers an advanced accounting and authorization procedure for providing wireless user authentication mechanism. However, many problems were found on the existing Nespot EAP-MD5 mechanism such as a ill value exposure, a leakage of personal information on wireless authentication procedure and a weakness on Nespot mutual authentication mechanism. Therefore, we analyzed the limitation of the existing IEEE 802.1X EAP-MD5 certification system, and suggested a one-time session key based authentication mechanism. And then we offered a simplified encryption function on the Nespot certification process for providing secure mutual authentication process.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.17-30
• /
• 2008

In the paper, we consider password-based authenticated key exchange with different passwords, where the users do not share a password between themselves, but only with the server. The users make a session key using their different passwords with the help of the server. We propose an efficient password-based authenticated key exchange protocol with different passwords which achieves forward secrecy without random oracles. In fact this amount of computation and the number of rounds are comparable to the most efficient password-based authenticated key exchange protocol in the random oracle model. The protocol requires a client only to memorize a human-memorable password, and all other information necessary to run the protocol is made public.

• Annual Conference of KIPS
• /
• 2008.05a
• /
• pp.1167-1170
• /
• 2008

Ad-Hoc 네트워크는 임의 디바이스들이 무선 통신을 통해서 임의 네트워크 망을 구성하여 통신 서비스를 제공받는 것을 말한다. 특히 유비쿼터스 환경에서의 언제 어디서나 통신을 하기 위해서는 이동성과 자유로운 네트워크의 조인 및 탈퇴가 이루어져야 한다. 또한 통신에서 제 3자의 위장이나 정보의 도청 그리고 안전성을 제공하기 위해서 암호화 통신이 필수적으로 요구된다. 특히 Ad-Hoc 네트워크의 디바이스간의 라우팅 구성이 유동적이라서 구성하는 디바이스간의 인증 및 키 생성과정이 필요하며, 라우팅에 대한 보안 기술의 연구는 국내/외에서 진행되어져 왔다. 본 논문에서는 기존의 안전한 라우팅 방안에 대하여 알아보고 디바이스 인증 및 키 설립을 제공하는 방식에 대하여 제안한다. 본 방식은 세션키를 설립을 위해서 키 생성 및 아이디를 기반으로 한 인증 방안을 이용한다. 그로 인해 인증서를 이용하거나 디바이스간의 인증 정보 및 상호 공유된 비밀 정보가 필요하지 않는 장점을 가지고 있다. 이와 같은 방식을 이용하므로 임의 네트워크에 조인하더라도 보안 기술을 제공할 수 있는 방안이다. 본 연구를 이용하므로 유비쿼터스 환경에서의 안전한 서비스를 제공할 수 있는 기술로 활용할 수 있다.

• The Journal of the Korea Contents Association
• /
• v.5 no.3
• /
• pp.9-17
• /
• 2005

Recently, there are rapid development of information and communication technology and rapid growing of e-business users. We propose a method for security problem on the internet environment which changes from wire internet to wireless internet or wire/ wireless internet. Wireless e-business adopts credit card WPP protocol and AIP protocol proposed by ASPeCT. WAP, one of the protocol used by WPP has weakness of leaking out information from WG which connected wire and wireless communication. Certification chain based AIP protocol requires a lot of computation time and user IDs are known to others. We propose a Micro-Payment protocol based on credit card. Our protocol use the encryption techniques of the public key with ID to ensure the secret of transaction in the step of session key generation. IDs are generated using ECC based Weil pairing. We also use the certification with hidden electronic sign to transmit the payment result. The proposed protocol also solves the privacy protection and Non-repudiation problem.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.409-414
• /
• 2002

1996년 Crypto의 럼프세션에 소개된 NTRU는 잘려진 다항식 환(truncated polynomial ring)을 기반으로 작은 정수의 덧셈과 곱셈, 그리고 쉬프트(shift)연산만 이루어지는 암호시스템이다. 그 응용분야 중 NTRU기반 서명기법은 몇 번의 개정에 의해 2001년 NTRUSign이 소개되었다. NTRUSign은 기존의 NSS들의 단점을 보완하였지만 디지털 문서로부터 서명 생성시 순열기법이 아닌 것과 서명 복사본으로부터의 공격이 가능함이 최근 밝혀졌다. 이에 본 논문에서는 NTRU 암호시스템의 안전성을 기반으로 생성한 공유키와 대칭키 암호를 결합해 개선된 서명(Improved NTRUSign) 프로토콜을 제안한다.

• Journal of KIISE:Information Networking
• /
• v.31 no.4
• /
• pp.347-352
• /
• 2004

In this paper, we propose a new key exchange protocol which authenticates each other and shares a session key between a user and a server over an insecure channel using only a small password. The security of the protocol is based on the difficulty of solving the discrete logarithm problem and the Diffie-Hellman problem and the cryptographic strength of hash function. The protocol is secure against the man-in-the-middle attack, the password guessing attack, the Denning-Sacco attack, and the stolen-verifier attack, and provide the perfect forward secrecy. Furthermore, it is more efficient than other well-known protocols in terms of protocol execution time because it could be executed in parallel and has a simple structure.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.2 s.332
• /
• pp.33-38
• /
• 2005

In this paper, we propose a password-based authenticated key exchange protocol which authenticates each other and shares a session key using only a small memorable password between a client and a server over an insecure channel. The proposed protocol allows an authenticated client to freely change a his/her own password. The protocol is also secure against various attacks and provides the perfect forward secrecy. Furthermore, it has good efficiency compared with the previously well-known password-based protocols with the same security requirements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.59-69
• /
• 2004

Password-based authenticated group key exchange protocols provide a group of user, communicating over a public(insecure) channel and holding a common human-memorable password, with a session key to be used to construct secure multicast sessions for data integrity and confidentiality. In this paper, we present a password-based authenticated group key exchange protocol and prove the security in the random oracle model and the ideal cipher model under the intractability of the decisional Diffie-Hellman(DH) problem and computational DH problem. The protocol is scalable, i.e. constant round and with O(1) exponentiations per user, and provides forward secrecy.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.4
• /
• pp.197-202
• /
• 2017

The remote healthcare monitoring system enables a doctor to diagnose and monitor patient's health problem from a distance. Previous researches have focused on key establishment method between a patient and a particular doctor to solve personal health information disclosure problem in data transmission process. However, when considering a misdiagnosis of doctor, the result of a diagnosis by a many doctors is more reliable. In previous work, in order to select multiple doctors, patient should generate shared key for each chosen doctor and perform many times encryptions. Therefore, in this paper, we propose a secure data transmission protocol for receiving diagnosis from multiple doctors using identity-based proxy re-encryption scheme. In proposed protocol, a patient don't need key management work for session key. Also, monitoring server performs re-encryption process on behalf of patient. So, we can reduce computational burden of patient in previous work.

• Annual Conference of KIPS
• /
• 2012.11a
• /
• pp.969-972
• /
• 2012

기존의 CCTV와는 달리 IP Camera는 네트워크에 유선 또는 무선으로 직접 연결되며 IP Camera에 임베디드된 웹 서버를 통하여 서비스를 제공한다. 한 건물 또는 지역 안에는 다수의 IP Camera가 설치될 수 있다. 이때 각 각의 IP Camera에 웹 서버가 존재하기 때문에 웹서버 마다 다른 key를 가지고 관리하게 되어 서버 관리에 있어서 비효율적이다. 또한 단순 ID, Password로 사용자 인증을 하며 별도의 암호화 과정을 거치지 않기 때문에 취약점을 갖는다. 따라서 본 논문에서는 그룹 키를 이용하여 다수의 웹 서버의 키를 관리하고 PKI 암호를 통하여 사용자 인증 및 세션 키를 생성함으로써 위장 공격, 기밀성, 무결성, 재사용 공격 등의 보안 취약점을 강화한다.