• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.04b
• /
• pp.813-816
• /
• 2002

현재 인터넷은 IPv4(Internetworking Protocol, version 4)를 사용하고 있다. 하지만 데이터 통신은 1970년대에 IPv4가 나온 이래에 발전을 거듭하여 왔다. IPv4는 빠르게 발전하는 인터넷에의 요구를 수용하기 위해 IPv6가 제안되었고 현재 표준이 되었다. IPv6에서는 암호화와 인증옵션들은 패킷의 신뢰성과 무결성을 등을 제공한다. 인터넷에서의 정보보호는 인터넷을 구성하는 여러 계층에서 이루어 질 수 있지만, IPsec에서는 AH(Authentication Header)프로토콜과 IPsec ESP(Encapsulating Security Payload)프로토콜 두 가지의 암호 프로토콜이 사용되지만 AH에서는 HMAC를 이용한 HMAC-MD5나 HMAC-SHA-1 중 하나를 반드시 기본 인증 알고리즘으로 지원하여야 한다. 본 논문에서는 MD5를 이용한 HMAC-MD5를 기준으로 설계하였으며, Iterative Architecture과 Full loop unrolling Architecture의 두 가지 구조를 설계하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.63-74
• /
• 2009

In 2005, Wang et al. discovered devastating collision attacks on the main hash functions from the MD4 family. After the discovery of Wang, many analysis results on the security of existing hash-based cryptographic schemes are presented. At CRYPTO'07, Fouque, Leurent and Nguyen presented full key-recovery attacks on HMAC/NMAC-MD4 and NMAC-MD5[4]. Such attacks are based on collision attacks on the underlying hash function, and the most expensive stage is the recovery of the outer key. At EUROCRYPT'08, Wang, Ohta and Kunihiro presented improved outer key recovery attack on HMAC/NMAC-MD4, by using a new near collision path with a high probability[2]. This improves the complexity of the full key-recovery attack on HMAC/NMAC-MD4 which proposed by Fouque, Leurent and Nguyen at CRYPTO'07: The MAC queries decreases from $2^{88}$ to $2^{72}$, and the number of MD4 computations decreases from $2^{95}$ to $2^{77}$. In this paper, we propose improved outer key-recovery attack on HMAC/NMAC-MD4 with $2^{77.1246}$ MAC queries and $2^{37}$ MD4 computations, by using divide and conquer paradigm.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.374-376
• /
• 2005

In this paper, we presented our implementation of 3DES and HMAC-MD5 processing functionality in Intel? IXP 2400 platform. It can be used as encryption and authentication engine for VPNs such as IPsec and SSL.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10e
• /
• pp.277-279
• /
• 2002

전자상거래, 무선 인터넷 등의 활성화를 위해서는 신뢰성 있는 통신 서비스를 제공하는 IPv6용 보안시스템이 필요하다. 이를 위한 기존의 암호화 알고리즘은 소프트웨어 및 하드웨어로 많이 구현되어 있으나 IPv4를 기반으로 한 운영체제에 종속되어 있다. 이를 해결하기 위하여 운영체제 없이 고성능의 보안서비스를 제공하는 IPv6용 보안시스템이 하드웨어로 구현되었다. 본 논문에서는 이러한 IPv6용 하드웨어 보안시스템에 요구되는 암호화알고리즘 중에서 HMAC-SHA-1을 하드웨어 모듈로 구현하였다. 그리고 구현한HMAC-SHA-1 모듈에 대하여 시뮬레이션 테스트를 수행하고 IPv6 하드웨어 보안시스템과 연동함으로써 기능을 검증하였다.

• Proceedings of the IEEK Conference
• /
• 2002.06b
• /
• pp.117-120
• /
• 2002

In this paper, we construct cryptographic accelerators using hardware Implementations of HMACS based on a hash algorithm such as MD5.It is basically a secure version of his previous algorithm, MD4 which is a little faster than MD5 The algorithm takes as Input a message of arbitrary length and produces as output a 128-blt message digest The input is processed In 512-bit blocks In this paper, new architectures, Iterative and full loop, of MD5 have been implemented using Field Programmable Gate Arrays(FPGAS). For the full-loop design, the performance Is about 500Mbps @ 100MHz

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.769-776
• /
• 2016

TELNET is vulnerable to network attack because it was designed without considering security. SSL/TLS and SSH are used to solve this problem. However it needs additional secure protocol and has no backward compatibility with existing TELNET in this way. In this paper, we have suggested STELNET(Secured Telnet) which supports security functionalities internally so that has a backward compatibility. STELNET supports a backward compatibility with existing TELNET through option negotiation. On STELNET, A client authenticates server by a certificate or digital signature generated by using ECDSA. After server is authenticated, two hosts generate a session key by ECDH algorithm. And then by using the key, they encrypt data with AES and generate HMAC by using SHA-256. After then they transmit encrypted data and generated HMAC. In conclusion, STELNET which has a backward compatibility with existing TELNET defends MITM(Man-In-The-Middle) attack and supports security functionalities ensuring confidentiality and integrity of transmitted data.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.25 no.4B
• /
• pp.700-707
• /
• 2000

In this paper, we address vulnerabilities of legacy VOD system and implement secure-VOD system to protect security holes of it. Our secure-VOD system provide user authentication using one-time password, message authentication and encryption/decryption for video server information. To improve security of existing fixed password system, our secure-VOD system use one-time password. Also, our secure-VOD system provides integrity for video server information by generating and verifying message authentication code using HMAC-HAS 160 algorithm. Finally, our secure-VOD system uses RC5 encryption algorithm to guarantee confidentiality for video server information.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.747-754
• /
• 2016

DHCP(Dynamic Host Configuration Protocol) is a protocol for efficiency and convenience of the IP address management. DHCP automatically assigns an IP address and configuration information needed to run the TCP/IP communication to individual host in the network. However, existing DHCP is vulnerable for network attack such as DHCP spoofing, release attack because there is no mutual authentication systems between server and client. To solve this problem, we have designed a new DHCP protocol supporting the following features: First, ECDH(Elliptic Curve Diffie-Hellman) is used to create session key and ECDSA(Elliptic Curve Digital Signature Algorithm) is used for mutual authentication between server and client. Also this protocol ensures integrity of message by adding a HMAC(Hash-based Message Authentication Code) on the message. And replay attacks can be prevented by using a Nonce. As a result, The receiver can prevent the network attack by discarding the received message from unauthorized host.

• Journal of IKEEE
• /
• v.21 no.4
• /
• pp.348-352
• /
• 2017

A lot of researches have done for WSN(Wireless Sensor Networks) authentication. Those are divided by whether using certificates or not for the authentication. In this paper, we proposed certificateless protocol. As simplifying the process of authentication, overall the process become faster and the load of the sensor node is decreased. Using the method we proposed, the energy consumption is decreased. That is because instead using keyed hash authentication code(HMAC) simple one way hash function was used. The study confirmed that it could operate on sensor nodes with extremely limited resources and low processing power.

• Proceedings of the Korea Society of Information Technology Applications Conference
• /
• 2005.11a
• /
• pp.277-280
• /
• 2005

With the proliferation of mobile terminals, use of the Internet in mobile environments is becoming more common. To support mobility in these terminals, Mobile IPv4 is proposed and represents the standard in IPv4 environments. Authentication should be mandatory, because mobile terminals can utilize Internet services in any foreign domain. Mobile IPv4 provides symmetric key based authentication using the default HMAC-MD5. However, symmetric key based authentication creates a key distribution problem. To solve this problem, public key based authentication mechanisms have been proposed. In this paper, the performance of each of these mechanisms is evaluated. The results present that, among these mechanisms, partial certificate based authentication has superior performance, and certificate based authentication has the worst performance. Although current public key based authentication mechanisms have lower performance than symmetric key based authentication, this paper presents the possibility that public key based authentication mechanisms may be used for future mobile terminal authentication.