• Title/Summary/Keyword: Cryptography Protocol

Search Result 172, Processing Time 0.035 seconds

Improving the CGA-based HMIPv6 Security Protocol (CGA 기반의 HMIPv6 보안 프로토콜 개선)

  • You, Il-Sun;Kim, Heung-Jun;Lee, Jin-Young
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.13 no.1
    • /
    • pp.95-102
    • /
    • 2009
  • In 2006, Haddad, Krishnan and Soliman proposed a Cryptographically Generated Address based protocol as a standard for protecting HMIPv6. Though this protocol can provide both the strong message authentication and binding update key negotiation based on the public-key cryptography, it is still vulnerable to several attacks such as denial of service attacks and redirection attacks. This paper improves the problems caused by the protocol. The improved protocol is analyzed in terms of security and performance, and then is shown to be better than the previous one considering the two factors together.

A Secure Protocol for the Electronic Auction (전자경매를 위한 보안 프로토콜)

  • Shi, Wenbo;Jang, In-Joo;Yoo, Hyeong-Seon
    • The Journal of Society for e-Business Studies
    • /
    • v.12 no.4
    • /
    • pp.29-36
    • /
    • 2007
  • Recently, Jaiswal et al. proposed a protocol to improve the multi-agent negotiation test-bed which was proposed by Collins et al. Using publish/subscribe system, time-release cryptography and anonymous communication, their protocol gives an improvement on the old one. However, it is shown that the protocol also has some security weaknesses: such as replay data attack and DOS (denial-of-service) attack, anonymity disclosure, collusion between customers and a certain supplier. So proposed protocol reduces DOS attack and avoids replay data attack by providing ticket token and deal sequence number to the supplier. And it is proved that the way that market generates random number to the supplier is better than the supplier do by himself in guaranteeing anonymity. Market publishes interpolating polynomial for sharing the determination process data. It avoids collusion between customer and a certain supplie

  • PDF

End-to-end MQTT security protocol using elliptic curve cryptography algorithm (타원곡선암호 알고리즘을 이용한 종단간 MQTT 보안 프로토콜)

  • Min, Jung-Hwan;Kim, Young-Gon
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.19 no.5
    • /
    • pp.1-8
    • /
    • 2019
  • Internet of Things (IoT) is proliferating to provide more intelligent services by interconnecting various Internet devices, and TCP based MQTT is being used as a standard communication protocol of the IoT. Although it is recommended to use TLS/SSL security protocol for TCP with MQTT-based IoT devices, encryption and decryption performance degenerates when applied to low-specification / low-capacity IoT devices. In this paper, we propose an end-to-end message security protocol using elliptic curve cryptosystem, a lightweight encryption algorithm, which improves performance on both sides of the client and server, based on the simulation of TLS/SSL and the proposed protocol.

Efficient Password-based Authenticated Key Exchange Protocol with Password Changing (패스워드를 변경 가능한 효율적인 패스워드 기반의 인증된 키 교환 프로토콜)

  • Lee Sung-Woon;Kim Hyun-Sung;Yoo Hee-Young
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.42 no.2 s.332
    • /
    • pp.33-38
    • /
    • 2005
  • In this paper, we propose a password-based authenticated key exchange protocol which authenticates each other and shares a session key using only a small memorable password between a client and a server over an insecure channel. The proposed protocol allows an authenticated client to freely change a his/her own password. The protocol is also secure against various attacks and provides the perfect forward secrecy. Furthermore, it has good efficiency compared with the previously well-known password-based protocols with the same security requirements.

Quantum Authentication and Key Distribution protocol based on one-time ID (일회용 ID 기반 양자 인증 및 키 분배 프로토롤)

  • Lee Hwa-Yean;Hong Chang-Ho;Lim Jong-in;Yang Hyung-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.2
    • /
    • pp.73-80
    • /
    • 2005
  • We propose a Quantum Authentication and Key distribution protocol based on one-time n using one-way Hash function. The designated users can authenticate each other and the arbitrator using their one-time ID and distribute a quantum secret key using remained GHZ states after authentication procedure. Though the help of the arbitrator is needed in the process of authentication and key distribution, our protocol prevents the arbitrator from finding out the shared secret key even if the arbitrator becomes an active attacker. Unconditional security can be proved in our protocol as the other QKD protocols.

An Efficient PSI-CA Protocol Under the Malicious Model

  • Jingjie Liu;Suzhen Cao;Caifen Wang;Chenxu Liu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.18 no.3
    • /
    • pp.720-737
    • /
    • 2024
  • Private set intersection cardinality (PSI-CA) is a typical problem in the field of secure multi-party computation, which enables two parties calculate the cardinality of intersection securely without revealing any information about their sets. And it is suitable for private data protection scenarios where only the cardinality of the set intersection needs to be calculated. However, most of the currently available PSI-CA protocols only meet the security under the semi-honest model and can't resist the malicious behaviors of participants. To solve the problems above, by the application of the variant of Elgamal cryptography and Bloom filter, we propose an efficient PSI-CA protocol with high security. We also present two new operations on Bloom filter called IBF and BIBF, which could further enhance the safety of private data. Using zero-knowledge proof to ensure the safety under malicious adversary model. Moreover, in order to minimize the error in the results caused by the false positive problem, we use Garbled Bloom Filter and key-value pair packing creatively and present an improved PSI-CA protocol. Through experimental comparison with several existing representative protocols, our protocol runs with linear time complexity and more excellent characters, which is more suitable for practical application scenarios.

Password-Based Authentication Protocol for Remote Access using Public Key Cryptography (공개키 암호 기법을 이용한 패스워드 기반의 원거리 사용자 인증 프로토콜)

  • 최은정;김찬오;송주석
    • Journal of KIISE:Information Networking
    • /
    • v.30 no.1
    • /
    • pp.75-81
    • /
    • 2003
  • User authentication, including confidentiality, integrity over untrusted networks, is an important part of security for systems that allow remote access. Using human-memorable Password for remote user authentication is not easy due to the low entropy of the password, which constrained by the memory of the user. This paper presents a new password authentication and key agreement protocol suitable for authenticating users and exchanging keys over an insecure channel. The new protocol resists the dictionary attack and offers perfect forward secrecy, which means that revealing the password to an attacher does not help him obtain the session keys of past sessions against future compromises. Additionally user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the server. It does not have to resort to a PKI or trusted third party such as a key server or arbitrator So no keys and certificates stored on the users computer. Further desirable properties are to minimize setup time by keeping the number of flows and the computation time. This is very useful in application which secure password authentication is required such as home banking through web, SSL, SET, IPSEC, telnet, ftp, and user mobile situation.

A Formal Security Analysis on the Enhanced Route Optimization Protocol for Mobile IPv6 (이동 IPv6의 확장된 경로 최적화프로토콜에 대한 형식화된 보안 분석)

  • You, Il-Sun;Kim, Heung-Jun
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.13 no.4
    • /
    • pp.691-699
    • /
    • 2009
  • Recently, the ERO protocol has been adopted as a standard to protect the routing optimization mode introduced by MIPv6. This protocol uses the public key cryptography and the early binding update method to improve the Return Routeability protocol while optimizing both security and performance. On the other hand, though various security approaches including the ERO protocol have been proposed for MIPv6, they lack formal verification. Especially, to our best knowledge, there is no formal analysis on the ERO protocol. In order to provide a good example for formal analysis on MIPv6 security protocols, this paper verifies the correctness of the ERO protocol through BAN-logic. For this goal, BAN-logic is extended to consider the address tests on the mobile nodes's CoA and HoA. It is expected that the analysis presented in this paper will be useful for the formal verifications on the security protocols related to MIPv6.

A Study on the Performance Improvement in SEcure Neighbor Discovery (SEND) Protocol (보안 이웃 탐색 프로토콜 성능 향상 기법에 관한 연구)

  • Park, Jin-Ho;Im, Eul-Gyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.6A
    • /
    • pp.85-96
    • /
    • 2008
  • Neighbor Discovery(ND) protocol is used to exchange an information of the neighboring nodes on the same link in the IPv6 protocol environment. For protecting the ND protocol, firstly utilizing Authentication Header(AH) of the IPsec protocol was proposed. But the method has some problems-uses of key exchange protocol is not available and it is hard to distribute manual keys. And then secondly the SEcure Neighbor Discovery(SEND) protocol which protects all of the ND message with digital signature was proposed. However, the digital signature technology on the basis of public key cryptography system is commonly known as requiring high cost, therefore it is expected that there is performance degradation in terms of the availability. In the paper, to improve performance of the SEND protocol, we proposed a modified CGA(Cryptographically Generated Address) which is made by additionally adding MAC(Media Access Control) address to the input of the hash function. Also, we proposed cache mechanism. We compared performance of the methods by experimentation.