• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2C
• /
• pp.348-353
• /
• 2004

Development of an efficient and secure payment system is prerequisite for the construction of electronic payment mechanism in mobile environment. Since current PayWord protocol system generates vendor's certificate for each transaction, it requires lot of operation for transaction. In this paper, we use a session key generated by ID-based tripartite Key agreement protocol which use an Elliptic Curve Cryptosystem over finite field $F_{q}$ for transactions. Therefore, our protocol reduces algorithm operations. In particular, proposed protocol using ID-based public key cryptosystem has the advantages over the existing systems in speed and it is more secure in Man-in-the-middle attacks and Forward secrecy.

• Journal of Convergence for Information Technology
• /
• v.12 no.2
• /
• pp.23-29
• /
• 2022

Recently, due to the increase in the use of Internet of Things (IoT) devices, the amount of data transmitted and processed to cloud computing servers has increased rapidly. As a result, network problems (delay, server overload and security threats) are emerging. In particular, edge computing with lower computational capabilities than cloud computing requires a lightweight authentication algorithm that can easily authenticate numerous IoT devices.In this paper, we proposed a key-agreement protocol of a lightweight algorithm that guarantees anonymity and forward and backward secrecy between IoT and edge devices. and the proposed algorithm is stable in MITM and replay attacks for edge device and IoT. As a result of comparing and analyzing the proposed key-agreement protocol with previous studies, it was shown that a lightweight protocol that can be efficiently used in IoT and edge devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.67-78
• /
• 2010

CAS(Conditional Access System) is used in Pay-TV System to prohibit unauthorized user(s) accessing the contents in IPTV broadcasting environment. In the CAS, Smartcard transfers CW which is necessary in the process of descrambling the scrambled program to STB. CW hacking problem is one of the most serious problems in pay-TV system. There have been many researches on generating secure communication channel between smartcard and STB for secure transmitting, But they had problems in efficiency and security. In this paper, we propose a lightweight key agreement protocol based on a symmetric key algorithm. We show that our proposed protocol is more efficient than existing protocols by comparing the amount of computations, and analyzing the security requirement of the proposed protocol.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.6
• /
• pp.1519-1523
• /
• 2007

In this paper, we propose the fast and secure binding update protocol as handoff or handover in the micro and pico environment based on mobile IPv6. The nodes or routers on participating in this protocol generate their addresses from cryptographically generated addresses (CGAs) method unlike previous address generation method. The mobile node (MN) includes in home network or home link has limited power and computational abilities. So the home agent (HA) of the MN executes key agreement protocol with the correspondent node (CN) on behalf of the MN. The CN then creates a ticket on including session key, lifetime of ticket. and so on. It then transmits it to the MN via the HA of the MN. The ticket is used to communicate directly between the MN and its CN. In performance analysis, we analyze security of proposed binding update protocol under various attack scenarios and efficiency by comparing proposed protocol with prior binding update protocols. Finally we make a conclusion of this paper and present future works.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.667-668
• /
• 2009

IPTV 시스템에서 서비스 제공자는 제한수신시스템(CAS, Conditional Access System)을 통해 미디어 콘텐츠의 안전한 전송을 제공한다. Scramble Function의 Pseudo-random sequence 생성 초기화 단계에서 사용하는 CW(Control Word)를 허가된 사용자만 획득하게 함으로써 데이터를 보호한다. 적합한 사용자 측에서는 스마트카드를 통해 획득한 CW를 셋톱박스에 전송하고, 셋톱박스는 CW를 이용해 암호화된 데이터로부터 원본의 미디어 콘텐츠를 획득한다. 이 때, CW가 그대로 셋톱박스에게 전송되기 때문에 비인가된 사용자가 공격을 통해 CW를 획득할 수 있어서 암호화된 전송이 요구된다. 이본 논문에서는 스마트카드와 셋톱박스 사이의 암호화 통신을 위해 기존의 방법보다 경량화된 상호인증 및 키 동의 프로토콜을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.2
• /
• pp.3-12
• /
• 2006

The spread of mobile devices, PDAs and sensors has enabled the construction of ubiquitous computing environments, transforming regular physical spaces into 'smart space' augmented with intelligence and enhanced with services. However, unless privacy concerns are taken into account early in the design process of various ubiquitous devices(e.g. mobile devices, PDAs, sensors, etc.). we will end up crating ubiquitous surveillance infrastructure. Also, it may inappropriate to use public key techniques for computational constrained devices in ubiquitous computing environment. In this paper, we propose efficient user authentication and ky agreement protocol not only to preserve anonymity for protecting personal privacy but also to be suitable for computational constrained devices in ubiquitous computing environments.

• Review of Korean Society for Internet Information
• /
• v.5 no.1
• /
• pp.58-70
• /
• 2004

• The KIPS Transactions:PartC
• /
• v.15C no.5
• /
• pp.359-366
• /
• 2008

As the use of Internet and information communication technology is being generalized, the SSL protocol is essential in Internet because the important data should be transferred securely. While the SSL protocol is designed to defend from active attack such as message forgery and message alteration, the cipher suite setting can be easily modified. If the attacker draw on a malfunction of the client system and modify the cipher suite setting to the symmetric key algorithm which has short key length, he should eavesdrop and cryptanalysis the encrypt data. In this paper, we examine the domestic web site whether they generate the security session through the symmetric key algorithm which has short key length and propose the solution of the cipher suite setting problem.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.317-322
• /
• 2005

The existing certificate based authentication or identification just verifies whether the owner of private key corresponding to public key of certificate is the DN user set in the user field in the certificate or not, then we cannot find out who is the actual private key owner in a real world. To make up for this weak points, the method to insert the identification number like the resident registration number into the certificate extension field is applied as a technical standard to current domestic PKI system. In this paper, we propose the ECC based integrated identification, identification number checking and key management protocol providing user validation during the login.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.11a
• /
• pp.82-83
• /
• 2010