• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.12
• /
• pp.2563-2568
• /
• 2009

Although a symmetric cryptographic system has many advantages in speed of encryption decryption, the security problems with the distribution method of secret keys have been still raised. Especially, the distribution method of secret keys for unspecified individuals who want secret communication is becoming a core issue. As a simple solution to this issue, Diffie-Hellman key exchange methods were proposed, but proved to be insufficient in depending MITM(Main In The Middle) attacks. To find effective solution to problems mentioned above, this paper proposes the strengthened Diffie-Hellman key exchange methods applied for the mobile-phone channel which are widely used. This paper emphasizes the way to distribute the synthesized session keys to the sender and the receiver, which are created with authentication numbers exchanged between the mobile-phones and Diffie-Hellman key. Using proposed ways, MITMattacks can be effectively defended.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.868-870
• /
• 2002

기존의 네트워크 환경에서의 서비스와 달리 OSGi 프레임워크 환경에서의 서비스는 생명 주기에 따라 동적이고, 다른 서비스와의 상호작용 등이 일어나기 때문에 거짓 오퍼레이터(OP)에 의해 인증되지 않은 악의적인 서비스가 배치될 수 있고 또한 서비스가 변질 될 수도 있다. 그러므로, 개방형 서비스 게이트웨이 (OSG)를 시동하였을 때 초기화하는 과정인 부트스트랩핑(Bootstrapping)단계에서 공유 비밀키(shared secret)를 생성, 이로부터 유도된 MAC(Message Authentication Codes) Key를 기반으로 한 서비스 번들 인증을 통하여 안전한 서비스를 제공받을 수 있어야 한다. 본 논문에서는 서비스 번들을 인증 하기 위한 키 교환 방법과 서비스 인증 메커니즘을 제시하였다. 대칭키, 공개키의 키 교환 메커니즘은 대칭키를 이용한 키 교환 메커니즘이 공개키를 이용한 것보다 더 효율적이며, 이를 이용한 MAC 기반 서비스 번들 인증 또한 기존의 PKI 기반 서비스 번들 인증보다 인증 속도가 빠르다.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.77-82
• /
• 2003

본 논문에서는 ElGamal 암호 기반에 PAK(Password-Authenticated Key Exchange) 프로토콜을 적용하여, 새로운 패스워드-인증 키 분배 프로토콜을 제안하고자 한다. ElGamal 암호 기법에서 사용자와 서버의 공개키와 개인키로 미리 공유된 패스워드와 비밀 정보를 암호문으로 전송하고 복호함으로써 서버-클라이언트 상호 인증을 하고, 비밀 정보를 근거로 세션키를 나누어 갖는 것이 이 프로토콜의 목적이다. 또한 설계 시 패스워드-인증 키 교환 프로토콜에서의 보안 요구사항을 고려하여 패스워드 기반의 인증 키 분배 프로토콜에서 요구하는 보안 요구사항을 만족하고 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.33-46
• /
• 2000

IPsec is a protocol suite to protect the data communication between computers on internet and many VPNs(Virtual Private Networks) use IPsec protocol. IKE protocol is used to exchange keys in IPsec. Formal analysis method is used increasingly in computer science to increase the reliability of a system. In this paper, the IKE protocol is analyzed formally. This paper shows that IKE with Authentication with Signature and Authentication with Pre-Shared Key is safe, but Authentication with Public Key Encryption and A Revised Method of Authentication with Public Key Encryption are safe only with the assumption that a participant has the correct public key of the correspondent. To make sure that a participant has the correct public key of the correspondent, the usage of certificate is recommended.

• Journal of KIISE:Information Networking
• /
• v.35 no.6
• /
• pp.465-473
• /
• 2008

The MQV protocol has been regarded as the most efficient authenticated Diffie- Hellman key exchange protocol, and standardized by many organizations including the US NSA. In Crypto 2005, Hugo Krawczyk showed vulnerabilities of MQV to several attacks and suggested a hashed variant of MQV, called HMQV, which provides the same superb performance of MQV and provable security in the random oracle model. In this paper we suggest an efficient authenticated Diffie-Hellman key exchange protocol providing the same functionalities and security of HMQV without random oracles. So far there are no authenticated Diffie-Hellman protocols which are provably secure without using random oracles and achieve the same level of security goals of HMQV efficiently yet.

• Journal of KIISE:Information Networking
• /
• v.31 no.3
• /
• pp.252-258
• /
• 2004

In this paper, we propose a new authenticated key exchange protocol in which client and sever can mutually authenticate and establish a session key over an insecure channel using only a human memorable password. The proposed protocol is based on Diffie-Hellman scheme and has many of desirable security attributes: It resists off-line dictionary attacks mounted by either Passive or active adversaries over network, allowing low-entropy Passwords to be used safely. It also offers perfect forward secrecy, which protects past sessions when passwords are compromised. In particular, the advantage of our scheme is that it is secure against an impersonation attack, even if a server's password file is exposed to an adversary. The proposed scheme here shows that it has better performance when compared to the previous notable password-based key exchange methods.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.2
• /
• pp.81-88
• /
• 2009

This paper proposed a session key exchange and authentication scheme on non-interactive key distribution algorithm using a community member's ID in ubiquitous networks. In ubiquitous network environment, User's context-awareness information is collected and used to provide a context-awareness service for someone who need it. However, in ubiquitous network environment, this kind of the Context-awareness information could be abused by a malicious nodes. The proposed scheme using the community member ID provides a session key exchange and mutual authentication between community members, and supports secure data communication. Also, when exchanging the session key and authenticating each other, this scheme reduces communication overhead and authentication delay compared to the AAA server scheme.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.760.1-762
• /
• 2002

키 교환 프로토콜에서 상호 인증은 필수 요소이며, 사용자에게 편리하고 비용이 적게 드는 패스워드 기반의 인증 방식이 널리 사용되고 있다. 패스워드 기반의 프로토콜은 패스워드가 가지는 제약으로 인한 공격에 대해서 안전해야 할 뿐 아니라, 사용자의 작업량을 줄이기 위한 효율성도 매우 중요한 요건이다. 본 논문에서는 서버와 사용자간의 인증을 제공하고 세션키를 공유하기 위한 키 교환 프로토콜OTP-EKE(One Time Password based Encrypted Key Exchange)를 제안한다. 키 교환을 위한 사용자 인증은 패스워드 방식을 채택하였으며, 특히 서버 디렉토리에 대한 공격 등에 대해서 안전도를 높이기 위하여 일회용 패스워드 확인자와 서버의 공개 패스워드를 이용하였다. 제안한 프로토콜은 모듈라 지수승 계산 횟수와 메시지 전송 횟수를 줄임으로써 효율성 향상을 보인다

• The KIPS Transactions:PartC
• /
• v.14C no.6
• /
• pp.471-474
• /
• 2007

In this paper, we propose a variant of Diffie-Hellman key exchange protocol to provide pre-computable session key and to give another version of Diffie-Hellman key exchange protocol that might be useful in designing more sophisticated cryptographic protocols. We prove the security of the key exchange protocol by reducing DH key exchange protocol to ours.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.2
• /
• pp.388-395
• /
• 2009

Three-party authenticated key exchange protocol based on smartcards using XOR and hash function operation instead of the public key operation has been proposed in 2006. Recently, it is doing for research because of increasing interest in privacy. This paper pointed out that proposed three-party authenticated key exchange protocol in 2006 has some problems; it is user anonymity and slow wrong input detection, and then we proposed new one to overcome these problems.