• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.83-88
• /
• 2008

Session initiation protocol (SIP) is an application-layer prolocol to initiate and control multimedia client session. When client ask to use a SIP service, they need to be authenticated in order to get service from the server. Authentication in a SIP application is the process in which a client agent present credentials to another SIP element to establish a session or be granted access to the network service. In 2005, Yang et al. proposed a key exchange and authentication scheme for use in SIP applications, which is based on the Diffie-Hellman protocol. But, Yang et al.'s scheme is not suitable for the hardware-limited client and severs, since it requires the protocol participant to perform significant amount of computations (i.e., four modular exponentiations). Based on this observation. Huang and Wei have recently proposed a new efficient key exchange and authentication scheme thor improves on Yang et al.'s scheme. As for security, Huang and Wei claimed, among others, that their scheme is resistant to offline dictionary attacks. However, the claim turned out to be untrue. In this paper, we show thor Huang and Wei's key exchange and authentication scheme is vulnerable to on offline dictionary attack and forward secrecy.

• Journal of Communications and Networks
• /
• v.8 no.4
• /
• pp.461-474
• /
• 2006

A group key exchange protocol is a cryptographic primitive that describes how a group of parties communicating over a public network can come up with a common secret key. Due to its significance both in network security and cryptography, the design of secure and efficient group key exchange protocols has attracted many researchers' attention over the years. However, despite all the efforts undertaken, there seems to have been no previous systematic look at the growing problem of key exchange over combined wired and wireless networks which consist of both stationary computers with sufficient computational capabilities and mobile devices with relatively restricted computing resources. In this paper, we present the first group key exchange protocol that is specifically designed to be well suited for this rapidly expanding network environment. Our construction meets simplicity, efficiency, and strong notions of security.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.581-583
• /
• 2017

Elliptic curve cyptography is relatively a current cryptography based on point arithmetic on elliptic curves and the Elliptic Curve Discrete Logarithm Problem (ECDLP). This discrete logarithm problems enables perfect forward secrecy which helps to easily generate key and almost impossible to revert the generation which is a great feature for privacy and protection. In this paper, we provide a lightweight Elliptic Curve Diffie-Hellman (ECDH) Key exchange generator that creates a 163 bit long shared key that can be used in an Elliptic Curve Integrated Encryption Scheme (ECIES) as well as for key agreement. The algorithm uses a fast multiplication algorithm that is small in size and also implements the extended euclidean algorithm. This proposed architecture was designed using verilog HDL, synthesized with the vivado ISE 2016.3 and was implemented on the virtex-7 FPGA board.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.73-76
• /
• 2003

인터넷상에서 많은 상거래 및 개인 정보들이 전송되고 있다. 그러나 이런 정보들은 많은 위협에 노출되어 있다. 이를 해결하기 위해서 전자서명, 컨텐츠 암호 등 많은 방법들이 제안되고 있지만, 이런 기법들을 이용하기 위해서는 키의 생성, 분배, 전송을 위한 처리 모듈이 기본적으로 필요하다. 이런 모듈 중 전송 및 분배 시에 제3자를 이를 가로채어서 유용하는 문제점이 발생된다. 이에 본 연구는 기존의 키 교환 알고리즘인 Diffie-Hellman(DH)에 공개키 암호화 방법과 패스워드 방법을 추가하여 기존의 키 교환에서 발생된 문제점들에 대해서 해결 하고자 한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.5
• /
• pp.3086-3092
• /
• 2014

The FTP that provides file transfer capabilities to/from another station cannot provides data confidentialities. The FTPS and SFTP can support a security functionalities. The FTPS needs a SSL layer and SFTP use a functions of SSH. And therefore the FTPS or SFTP needs an additional modules such as SSL or SSH. In this paper, we propose a new Secured FTP protocol that can support the security functions without extra security system. The Secured FTP uses Diffie-Hellman key agreement algorithm for shared secret key generation and AES-Counter algorithm for data encryption algorithm. Our designed Secured FTP is implemented in Linux environments and the proper operations of implemented Secured FTP is verified.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1759-1762
• /
• 2003

최근 키 분배 프로토콜과는 다르게 하드웨어에 암호키를 저장하여 사용하는 것과 달리, 사용자가 기억할 수 있는 길이의 패스워드(password)를 사용해 서버와의 인증과 키 교환을 동시에 수행하는 패스워드 기반 키 분배 프로토콜이 제안되고 있다. 본 논문에서는 이러한 패스워드 기반의 키 분배 프로토콜 중 BPKA(Balanced Password-authenticated Key Agreement)에 속하는 DH-EKE(Diffie-Hellman Encrypted Key Exchange), PAK(Password-Authenticated Key exchange), SPEKE(Simple Password Exponential Key Exchange) 프로토콜을 비교 분석하고, 이를 바탕으로 기존의 BPKA 프로토콜에 비해 적은 연산량을 가지면서 사용자와 서버가 각기 다른 정보를 갖는 패스워드-검증자 기반 프로토콜을 제안한다. 본 논문에서 제안하는 패스워드 기반 키 분배 프로토콜의 안전성 분석을 위해 Active Impersonation 과 Forward Secrecy, Off-line dictionary attack, Man-in-the -middle Attack 등의 공격모델을 적용하였다.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.3
• /
• pp.130-137
• /
• 2003

This paper proposes protocol design that can do user authentication efficiently in current systems that client-server environment is developed. And proposes a password-based authentication protocol suitable to certification through trustless network or key exchange. While the existing password-base protocols certify users through certification authority (CA) between client and server, the proposed protocol in this paper, users and server exchange keys and perform authentication without help of CA. To ameliorate the drawback of password-based protocols causing by the short length and randomness of password, the proposed protocol uses the signature techniques of ECDSA and the SRP protocol based on Diffie-Hellman key exchange method. Also, by with compare to round number and Hash function number and exponential operation of existing protocols, we explained efficiency of proposed protocol.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.105-111
• /
• 2012

Internet Protocol Television (IPTV) through broadband cable network is a subscriber-based system which consists of software and set-top box. However, a weakness for the current IPTV system is the lack of security between users and CAS. This paper proposes a user authentication protocol at STB, which limits the service by the user-valued attribute to prevent illegal IPTV users. User attribute values change the order with bit form according to the certain rule, and apply to one-way hash function and Diffie-Hellman's elliptic curve key-exchange algorithm. The proposed protocol is able to improve on user authentication and computation. Also, each user generates an authentication message by smart card and receives various services based on the user-valued attribute.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.1_2
• /
• pp.112-117
• /
• 2004

In this paper, we propose a suitable multiplication architecture for cellular automata in a finite field $GF(2^m)$. Proposed least significant bit first multiplier is based on irreducible all one Polynomial, and has a latency of (m+1) and a critical path of $ 1-D_{AND}＋1-D{XOR}$.Specially it is efficient for implementing VLSI architecture and has potential for use as a basic architecture for division, exponentiation and inverses since it is a parallel structure with regularity and modularity. Moreover our architecture can be used as a basic architecture for well-known public-key information service in $GF(2^m)$ such as Diffie-Hellman key exchange protocol, Digital Signature Algorithm and ElGamal cryptosystem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.13-25
• /
• 2004

The key exchange protocols are very crucial tools to provide the secure communication in the broadband satellite access network. They should be required to satisfy various requirements such as security, key confirmation, and key freshness. In this paper, we present the guideline of security functions in BSAN(Broadband Satellite Access Network), and analyze the specification of the security primitives and the hey exchange Protocols for the authenticated key agreement between RCST(Return Channel Satellite Terminal) and NCC(fretwork Control Centre). In addition, we propose the security specification for a domestic broad satellite network based on the analysis on the analysis profile of ETSI(European Telecommunications Standards Institute) standards. The key exchange protocols proposed in ETSI standard are vulnerable to man-in-the-middle attack and they don't provide key confirmation. To overcome this shortcoming, we propose the 4 types of the key exchange protocols which have the resistant to man-in-the-middle-attack, key freshness, and key confirmation, These proposed protocols can be used as a key exchange protocol between RCST and NCC in domestic BSAN. These proposed protocols are based on DH key exchange protocol, MTI(Matsumoto, Takashima, Imai) key exchange protocol, and ECDH(Elliptic Curve Diffie-Hellman).