• Journal of KIISE:Information Networking
• /
• v.31 no.3
• /
• pp.252-258
• /
• 2004

In this paper, we propose a new authenticated key exchange protocol in which client and sever can mutually authenticate and establish a session key over an insecure channel using only a human memorable password. The proposed protocol is based on Diffie-Hellman scheme and has many of desirable security attributes: It resists off-line dictionary attacks mounted by either Passive or active adversaries over network, allowing low-entropy Passwords to be used safely. It also offers perfect forward secrecy, which protects past sessions when passwords are compromised. In particular, the advantage of our scheme is that it is secure against an impersonation attack, even if a server's password file is exposed to an adversary. The proposed scheme here shows that it has better performance when compared to the previous notable password-based key exchange methods.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.1
• /
• pp.51-58
• /
• 2013

This paper describes the design and implementation of the PKI-based EAI system which is used for delivery of sensitive personal information between business systems. For this purpose, we propose a key exchange protocol with some key process : Diffie-Hellman Schema is used to provide forward secrecy, public key-based digital signature is used for EAI Server authentication, data integrity. In addition, in order to minimize the performance impact on the overall EAI systems. The EAI server was designed simply to be used only as a gateway. This paper shows the implementation of Korea public key authentication algorithm standard and a symmetric encryption algorithm for data encryption.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.2
• /
• pp.81-88
• /
• 2009

This paper proposed a session key exchange and authentication scheme on non-interactive key distribution algorithm using a community member's ID in ubiquitous networks. In ubiquitous network environment, User's context-awareness information is collected and used to provide a context-awareness service for someone who need it. However, in ubiquitous network environment, this kind of the Context-awareness information could be abused by a malicious nodes. The proposed scheme using the community member ID provides a session key exchange and mutual authentication between community members, and supports secure data communication. Also, when exchanging the session key and authenticating each other, this scheme reduces communication overhead and authentication delay compared to the AAA server scheme.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.760.1-762
• /
• 2002

키 교환 프로토콜에서 상호 인증은 필수 요소이며, 사용자에게 편리하고 비용이 적게 드는 패스워드 기반의 인증 방식이 널리 사용되고 있다. 패스워드 기반의 프로토콜은 패스워드가 가지는 제약으로 인한 공격에 대해서 안전해야 할 뿐 아니라, 사용자의 작업량을 줄이기 위한 효율성도 매우 중요한 요건이다. 본 논문에서는 서버와 사용자간의 인증을 제공하고 세션키를 공유하기 위한 키 교환 프로토콜OTP-EKE(One Time Password based Encrypted Key Exchange)를 제안한다. 키 교환을 위한 사용자 인증은 패스워드 방식을 채택하였으며, 특히 서버 디렉토리에 대한 공격 등에 대해서 안전도를 높이기 위하여 일회용 패스워드 확인자와 서버의 공개 패스워드를 이용하였다. 제안한 프로토콜은 모듈라 지수승 계산 횟수와 메시지 전송 횟수를 줄임으로써 효율성 향상을 보인다

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.2
• /
• pp.388-395
• /
• 2009

Three-party authenticated key exchange protocol based on smartcards using XOR and hash function operation instead of the public key operation has been proposed in 2006. Recently, it is doing for research because of increasing interest in privacy. This paper pointed out that proposed three-party authenticated key exchange protocol in 2006 has some problems; it is user anonymity and slow wrong input detection, and then we proposed new one to overcome these problems.

• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.79-85
• /
• 2008

An authenticated group key agreement protocol allows a group of parties communicating over an insecure network to share a common secret key. In this paper, we show that Zhou et al.'s ID-based authenticated group key agreement schemes do not provide forward secrecy.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2024.01a
• /
• pp.423-424
• /
• 2024

본 논문은 TCP/IP 네트워크 및 암호 프로토콜을 결합하여 CCTV 카메라 영상 데이터를 안전하게 전송하는 시스템에 관한 것이다. 특히, TCP Handshake에서 암호 키를 교환하고, 디바이스의 시그니처 정보를 활용하여 키를 생성하는 키 교환 암호 프로토콜을 도입한다. 이를 통해 CCTV 카메라의 영상 데이터를 암호화하여 전송하고, 수신 시 복호화하여 저장한다. 또한, 적어도 하나 이상의 CCTV 카메라에 대한 보안 인증과 네트워크 연결 상태를 제어하며, 중간자 공격을 방지하기 위한 안전한 키 교환을 수행한다. 이로써 안전성이 강화된 CCTV 카메라 시스템을 제공할 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.5
• /
• pp.35-46
• /
• 2006

The current Internet Key Exchange protocol(IKE) which has been used for key exchange of security system was pointed out the faults of scalability, speed, efficiency and stability. In this research, we tried to resolve those faults, and implemented the newly designed IKEv2 protocol in the IPsec test bed system. In the trend of network expansion, the current Internet Key Exchange protocol has a limitation of network scalability, so we implemented the new Internet Key Exchange protocol as a recommendation of RFC proposal, so as to resolve the fault of the key exchange complexity and the speed of authentication process. We improved the key exchange speed as a result of simplification of complex key exchange phase, and increased efficiency with using the preexistence state value in negotiation phase.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.2
• /
• pp.39-44
• /
• 2020

In this paper, we show a modified Diffie-Hellman key exchange protocol that can exchange keys by exposing only minimal information using pre-computable session key pairs. The discrete logarithm problem, which provides the safety of existing Diffie-Hellman and Diffie-Hellman based techniques, is modified to prevent exposure of primitive root. We prove the algorithm's operation by applying the actual value to the proposed scheme and compare the execution time and safety with the existing algorithm, shown that the security of the algorithm is improved more than the product of the time complexity of the two base algorithms while maintaining the computation amount at the time of key exchange. Based on the proposed algorithm, it is expected to provide a key exchange environment with improved security.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.9
• /
• pp.91-101
• /
• 2012

Key exchange protocols are essential for building a secure communication channel over an insecure open network. In particular, password-based key exchange protocols are designed to work when user authentication is done via the use of passwords. But, passwords are easy for human beings to remember, but are low entropy and thus are subject to dictionary attacks. Recently, Zhao and Gu proposed a new server-aided protocol for password-based key exchange. Zhao and Gu's protocol was claimed to be provably secure in a formal adversarial model which captures the notion of leakage of ephemeral secret keys. In this paper, we mount a replay attack on Zhao and Gu's protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. Our result implies that Zhao and Gu's proof of security for the protocol is invalid.