• Journal of KIISE:Information Networking
• /
• v.29 no.3
• /
• pp.324-332
• /
• 2002

We design authentication protocols for wireless internet not using certificates but using passwords. The target protocols include WTLS and the certificate request protocol in the wireless PKI(Public Key Infrastructure). When a password based protocol is designed and implemented for authentication and key exchange, care mutt be taken of the short length and of the not-so-randomness of passwords. To frustrate the offline guessing attack that makes use of those weaknesses, our two protocols are dependent on the password based authentication protocol that has security proof. In this paper, how to design systematically the security protocols for authentication and key exchange using passwords is presented, and the methodology hopes to be useful in some other area that needs authentication using passwords.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.7 no.8
• /
• pp.1732-1742
• /
• 2003

WPP protocol based a Credit card payment in mobile Internet uses WTLS which is security protocol of WAP. WTLS can't provide End­to­End security in network. In this paper, we propose a protocol both independent in mobile Internet platform and allow a security between user and VASP using Mobile Gateway in AIP. In particular, our proposed protocol is suitable in mobile Internet, since session key for authentication and initial payment process is generated using Weil Diffie­Hellman key exchange method that use additive group algorithm on elliptic curve.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.27-43
• /
• 2005

EAP provides authentication for each entity based on IEEE Std 802.1x Wireless lAN and RADIUS/DIAMETER protocol, and it uses certificate, dual scheme(e.g., password and token) with the authentication method. The password-based authentication scheme for authenticated key exchange is the most widely-used user authentication method due to various advantages, such as human-memorable simplicity, convenience, mobility, A specific hardware device is also unnecessary, This paper discusses user authentication via public networks and proposes the Split Password-based Authenticated Key Exchange (SPAKE), which is ideal for both authenticating users and exchanging session keys when using a subsequent secure communication over untrusted network, And then we provides EAP authentication framework EAP-SPAKE by using it.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6092-6115
• /
• 2017

This paper demonstrates a case for an end-to-end pure Application Security Layer for reliable and confidential communications within an Internet of Things (IoT) constrained environment. To provide a secure key exchange and to setup a secure data connection, Transport Layer Security (TLS) is used, which provides native protection against replay attacks. TLS along with digital signature can be used to achieve non-repudiation within app-to-app communications. This paper studies the use of TLS over the JavaScript Object Notation (JSON) via a The Constrained Application Protocol (CoAP) RESTful service to verify the hypothesis that in this way one can provide end-to-end communication flexibility and potentially retain identity information for repudiation. As a proof of concept, a prototype has been developed to simulate an IoT software client with the capability of hosting a CoAP RESTful service. The prototype studies data requests via a network client establishing a TLS over JSON session using a hosted CoAP RESTful service. To prove reputability and integrity of TLS JSON messages, JSON messages was intercepted and verified against simulated MITM attacks. The experimental results confirm that TLS over JSON works as hypothesised.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.10 s.340
• /
• pp.31-38
• /
• 2005

Ipsec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the internet. Internet Key Exchange (IKE) is a protocol that is used to negotiate and provide authenticated keying materials in a protected manner for Security Associations (SAs). In this paper, we propose a dynamic key lifetime change algorithm for performance enhancement of virtual private networks using IPSec. The proposed algorithm changes the key lifetime according to the number of secure tunnels. The proposed algorithm is implemented with Linux 2.4.18 and FreeS/WAN 1.99. The system employing our proposed algorithm performs better than the original version in terms of network performance and security.

• Journal of Internet Computing and Services
• /
• v.6 no.3
• /
• pp.17-30
• /
• 2005

A PAK(Password-Authenticated Key Exchange) protocol is used as a protocol to provide both the mutual authentication and allow the communication entities to share the session key for the subsequent secure communication, using the human-memorable portable short-length password, In this paper, we propose distributed key exchange protocols applicable to a smartcard using the MTI(Matsumoto, Takashima, Imai) key distribution protocol and PAK protocol. If only one server keeps the password verification data which is used for password authentication protocol. then It could easily be compromised by an attacker, called the server-compromised attack, which results in impersonating either a user or a server, Therefore, these password verification data should be distributed among the many server using the secret sharing scheme, The Object of this paper Is to present a password-based key exchange protocol which is to allow user authentication and session key distribution, using the private key in a smartcard and a password typed by a user. Moreover, to avoid the server-compromised attack, we propose the distributee key exchange protocols using the MTI key distribution protocol, And we present the security analysis of the proposed key exchange protocol and compare the proposed protocols with the existing protocols.

• Journal of Internet Computing and Services
• /
• v.4 no.6
• /
• pp.95-102
• /
• 2003

The Diffle-Hellman Key Exchange scheme can produce a common session key between the two communicators, but its problem is that it makes a man-in-the middle attack possible. To solve problems like these, several protocols have been put forward, and the Simple Authenticated Key Agreement (SAKA) Protocol is among them. This protocol has been suggested by Seo-Sweeney, Tseng, and Ku-Wang, respectively, In this paper, we will put forward a new protocol that has been improved from all the original protocols mentioned above, but is still safe and quick to use, While the existing protocol divides the common session key production stage and the verification stage, the protocol suggested in this paper takes care of both of those stages simultaneously, therefore improving the processing performance.

• Journal of Internet Computing and Services
• /
• v.9 no.2
• /
• pp.83-88
• /
• 2008

Session initiation protocol (SIP) is an application-layer prolocol to initiate and control multimedia client session. When client ask to use a SIP service, they need to be authenticated in order to get service from the server. Authentication in a SIP application is the process in which a client agent present credentials to another SIP element to establish a session or be granted access to the network service. In 2005, Yang et al. proposed a key exchange and authentication scheme for use in SIP applications, which is based on the Diffie-Hellman protocol. But, Yang et al.'s scheme is not suitable for the hardware-limited client and severs, since it requires the protocol participant to perform significant amount of computations (i.e., four modular exponentiations). Based on this observation. Huang and Wei have recently proposed a new efficient key exchange and authentication scheme thor improves on Yang et al.'s scheme. As for security, Huang and Wei claimed, among others, that their scheme is resistant to offline dictionary attacks. However, the claim turned out to be untrue. In this paper, we show thor Huang and Wei's key exchange and authentication scheme is vulnerable to on offline dictionary attack and forward secrecy.

• The Journal of Society for e-Business Studies
• /
• v.4 no.3
• /
• pp.159-178
• /
• 1999

As Electronic Commerce is getting larger, the volume of Internet-based commerce by enterprise is also getting larger. This phenomenon applies to Internet EDI, Global Internet Business, and CALS information services. In this paper, a new type of cryptographic key recovery mechanism satisfying requirements of business environment is proposed. It is also applied to enterprise information infrastructure for managing employees' task related to handling official properties of electronic enterprise documents exchange. This technology needs to be complied to information management policy of a certain enterprise environment because behavior of cryptographic key recovery can cause interruption of the employees' privacy. However, the cryptographic key recovery mechanism is able to applied to any kind of information service, the application areas of key recovery technology must be seriously considered as not disturbing user's privacy It will depend on the policy of enterprise information management of a specific company.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.33-46
• /
• 2000

IPsec is a protocol suite to protect the data communication between computers on internet and many VPNs(Virtual Private Networks) use IPsec protocol. IKE protocol is used to exchange keys in IPsec. Formal analysis method is used increasingly in computer science to increase the reliability of a system. In this paper, the IKE protocol is analyzed formally. This paper shows that IKE with Authentication with Signature and Authentication with Pre-Shared Key is safe, but Authentication with Public Key Encryption and A Revised Method of Authentication with Public Key Encryption are safe only with the assumption that a participant has the correct public key of the correspondent. To make sure that a participant has the correct public key of the correspondent, the usage of certificate is recommended.