• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.23-35
• /
• 2009

Password-Authenticated Key Exchange (PAKE) Protocol is a useful tool for secure communication conducted over open networks without sharing a common secret key or assuming the existence of the public key infrastructure (PKI). It seems difficult to design efficient PAKE protocols using RSA, and thus many PAKE protocols are designed based on the Diffie-Hellman key exchange (DH-PAKE). Therefore it is important to design an efficient PAKE based on RSA function since the function is suitable for designing a PAKE protocol for imbalanced communication environment. In this paper, we propose a computationally-efficient key exchange protocol based on the RSA function that is suitable for low-power devices in imbalanced environment. Our protocol is more efficient than previous RSA-PAKE protocols, required theoretical computation and experiment time in the same environment. Our protocol can provide that it is more 84% efficiency key exchange than secure and the most efficient RSA-PAKE protocol CEPEK. We can improve the performance of our protocol by computing some costly operations in offline step. We prove the security of our protocol under firmly formalized security model in the random oracle model.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.5
• /
• pp.291-298
• /
• 2002

Mutual authentication is essential for key exchange protocols and password-based authentication scheme is used widely, which is convenient to users and executed on the cheap. Password-based protocol should be not only secure against attach but also efficient to reduce user's load. In this paper, we propose a new key exchange protocol, called OTP-EKE(One Time Password based Encrypted Key Exchange), to provide authentication and to share a session key between a server and a user. We choose a password-based scheme as a user authentication. Especially, we use a one-time-password verifier and server's public password to protect against attacks on server's directory. As for efficiency, we improve the performance by reducing the number of modular exponentiations and the number of rounds.

• Journal of Broadcast Engineering
• /
• v.13 no.2
• /
• pp.251-260
• /
• 2008

In this paper, we present two verifier-based multi-party PAKE (password-authenticated key exchange) protocols. The shared key can be used for secure content transmission. The suggested protocols are secure against server compromise attacks. Our first protocol is designed to provide forward secrecy and security against known-key attacks. The second protocol is designed to additionally provide key secrecy against the server which means that even the server can not know the session keys of the users of a group. The suggested protocols have a constant number of rounds are provably secure in the standard model. To the best of our knowledge, the proposed protocols are the first secure multi-party PAKE protocols against server compromise attacks in the literature.

• Journal of Internet Computing and Services
• /
• v.23 no.3
• /
• pp.21-33
• /
• 2022

This paper is to suggest the secure secret sharing system in order to outstandingly reduce the damage caused by the leakage of the corporate secret. This research system is suggested as efficient P2P distributed system kept from the centrally controlled server scheme. Even the bitcoin circulation system is also based on P2P distribution scheme recenly. This research has designed the secure circulation of the secret shares produced by Threshold Shamir Secret Sharing scheme instead of the shares specified in the torrent file using the simple, highly scalable and fast transferring torrent P2P distribution structure and its protocol. In addition, this research has studied to apply both Shamir Threshold Secret Sharing scheme and the securely strong multiple user authentication based on Collaborative Threshold Autentication scheme. The secure transmission of secret data is protected as using the efficient symmetric encryption with the session secret key which is safely exchanged by the public key encryption. Also it is safer against the leakage because the secret key is effectively alive only for short lifetime like a session. Especially the characteristics of this proposed system is effectively to apply the threshold secret sharing scheme into efficient torrent P2P distributed system without modifying its architecture of the torrent system. In addition, this system guaranttes the confidentiality in distributing the secret file using the efficient symmetric encryption scheme, which the session key is securely exchanged using the public key encryption scheme. In this system, the devices to be taken out can be dynamically registered as an user. This scalability allows to apply the confidentiality and the authentication even to dynamically registerred users.

• Journal of Korea Multimedia Society
• /
• v.12 no.4
• /
• pp.540-549
• /
• 2009

An arbitrary mobile device configures Ad-hoc network to provide the transmission of a data and services using wireless communications. A mobile device requires authentication and encryption key management to securely communicate in the Ad-hoc network. This paper examines the trend of the authentication in the Ad-hoc network and the group key management and suggests the plan for ID-based mutual authentication and group key establishment. ID-based mutual authentication in proposed scheme uses zero knowledge in the absence of shared information and is applied to establish a session key and group key. In addition, the proposed scheme is applied to Ad-hoc network to increase the efficiency and the safety of security technology.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1991.11a
• /
• pp.19-29
• /
• 1991

본 논문에서는 관용 암호시스템의 세션키이분배방법으로 매우 효율적이며 안전한 새로운 키이분배 시스템을 제안한다. 제안된 시스템은 한번 혹은 두번의 모듈라 멱승 연산만으로 세견키이 공유가 가능하므로 기존의 어떤 방식보다도 효율적이라 할 수 있다. 또한 알려진 어떤 공격에 의해서도 세견키이를 불법 계산하는 것이 불가능함을 보일 수 있으므로 안전성을 확보할 수 있다는 장점도 지닌다.

• Annual Conference of KIPS
• /
• 2003.05b
• /
• pp.1365-1368
• /
• 2003

Ad-Hoc 네트워크는 인프라 구조가 없는 네트워크로 정의된다. 즉 고정된 라우터나 백본망과 같은 인프라 구조가 없는 네트워크 상에서 Ad-Hoc 노드들이 이동하면서 투선 채널을 사용하여 통신하는 구조를 일컫는다. 기존의 투선 네트워크에서는 인증기관의 역할을 하는 고정된 기지국이 존재하여 인증에 관련된 모든 작업을 기지국이 수행하였지만 네트워크 토폴로지가 수시로 변화하는 Ad-Hoc 네트워크 환경에서는 이러한 효과를 기대하기 힘들다. 본 논문에서는 클러스터를 기반으로 하는 Ad-Hoc 네트워크 환경에서 종단 노드 사이의 상호 인증과 안전한 세션키를 공유하는 방안을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.481-496
• /
• 2021

It is imperative to migrate the current public key cryptosystem to a quantum-resistance system ahead of the realization of large-scale quantum computing technology. The National Institute of Standards and Technology, NIST, is promoting a public standardization project for Post-Quantum Cryptography(PQC) and also many research efforts have been conducted to apply PQC to TLS(Transport Layer Security) protocols, which are used for Internet communication security. In this paper, we propose a scenario in which a server and multi-clients share session keys on TLS by using the parallelized NTRU which is PQC in the key exchange process. In addition, we propose a method of accelerating NTRU using GPU and analyze its efficiency in an environment where a server needs to process large-scale data simultaneously.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.1-6
• /
• 2015

The IoT(Internet of things) technology enable objects around user to be connected with each other for sharing information. To support security is the mandatory requirement in IoT because it is related to the disclosure of private information but also directly related to the human safety. However, it is difficult to apply traditional security mechanism into lightweight devices. This is owing to the fact that many IoT devices are generally resource constrained and powered by battery. PSK(Pre-Shared Key) based approach, which share secret key in advance between communication entities thereafter operate security functions, is suitable for light-weight device. That is because PSK is costly efficient than a session key establishment approach based on public key algorithm. However, how to safely set a PSK of the lightweight device in advance is a difficult issue because input/output interfaces such as keyboard or display are constrained in general lightweight devices. To solve the problem, we propose and develop a secure PSK configuration scheme for resource constrained devices in IoT.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.285-292
• /
• 2009

In 2005, Lee and Chen suggested an enhanced one-time password authentication scheme which can prevent the stolen verifier attack that the Yeh-Shen-Whang's scheme has. The Lee-Chen's scheme addresses the stolen verifier attack by deriving each user's pre-shared secret SEED from the server secret. However, we investigated the weakness of the Lee-Chen's scheme and found out that it was suffering from the off-line dictionary attack on the server secret. We demonstrated that the off-line dictionary attack on the server secret can be easily tackled with only the help of the Hardware Security Modules (HSM). Moreover, we improved the scheme not to be weak to the denial of service attack and allow compromise of the past session keys even though the current password is stolen. Through the comparison between the Lee-Chen's scheme and the proposed one, we showed that the proposed one is stronger than other.