• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2001.05a
• /
• pp.152-156
• /
• 2001

In this paper we propose a secure multicast key distribution protocol using OFT(One-way Function Trees). The proposed protocol is a hybrid scheme of DKMP(Distributed Key Management Protocol) that guarantees all group member's participation for generating a group key, and CKMP(Centralized Key Management Protocol) that makes it easy to manage group key and design a protocol. Since the proposed protocol also computes group key using only hash function and bitwise-XOR, computational overhead ran be reduced. Hence it is suitably and efficiently adaptive to dynamic multicast environment that membership change event frequently occurs.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.7C
• /
• pp.733-742
• /
• 2003

Unlikely unicast transmission, there are many elements that threaten security. Thus, key management of creating and distributing group keys to authorized group members is a critical aspect of secure multicast operations. To offer security in multicast environment, the recent researches are related to most group key distribution. In this thesis, we propose a group key management protocol for efficient, scalable, and multicast operation. This proposed protocol architecture can distribute traffic centralized to the key server. since the group key rekeyed by sub-group manager. The detailed simulation compared with other group key management protocol show that the proposed group key management protocol is better for join, leave, and data latency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.12
• /
• pp.3352-3365
• /
• 2012

Group key agreement (GKA) is a cryptographic primitive allowing two or more users to negotiate a shared session key over public networks. Wu et al. recently introduced the concept of asymmetric GKA that allows a group of users to negotiate a common public key, while each user only needs to hold his/her respective private key. However, Wu et al.'s protocol can not resist active attacks, such as fabrication. To solve this problem, Zhang et al. proposed an authenticated asymmetric GKA protocol, where each user is authenticated during the negotiation process, so it can resist active attacks. Whereas, Zhang et al.'s protocol needs a partially trusted certificate authority to issue certificates, which brings a heavy certificate management burden. To eliminate such cost, Zhang et al. constructed another protocol in identity-based setting. Unfortunately, it suffers from the so-called key escrow problem. In this paper, we propose the certificateless authenticated asymmetric group key agreement protocol which does not have certificate management burden and key escrow problem. Besides, our protocol achieves known-key security, unknown key-share security, key-compromise impersonation security, and key control security. Our simulation based on the pairing-based cryptography (PBC) library shows that this protocol is efficient and practical.

• ETRI Journal
• /
• v.32 no.2
• /
• pp.204-213
• /
• 2010

In this paper, we investigate the possible security threats to downloadable conditional access system (DCAS) host devices. We then propose a DCAS secure micro (SM) and transport processor (TP) security protocol that counters identified security threats using a secure key establishment and pairing management scheme. The proposed protocol not only resists disclosed SM ID and TP ID threats and indirect connection between TA and TP threats, but also meets some desirable security attributes such as known key secrecy, perfect forward secrecy, key compromised impersonation, unknown key-share, and key control.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2003.09a
• /
• pp.256-259
• /
• 2003

This paper presents mutual authentication scheme between user and network on mobile communications using public key scheme based on counter, and simultaneously shows key agreement between user and user using random number for secure communications. This is also a range of possible solutions to authentication and key agreement problem-authentication and key agreement protocol based on nonce and count, and secure end-to-end protocol based on the function Y=f(.)$\^$1/, C$\^$i/ is count of user I, and f(.) is one way function.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.799-802
• /
• 2005

In this paper, we analyses of Key Management Protocol for Wireless Sensor Networks in Wireless Sensor Networks. Wireless sensor networks have a wide spectrum of civil military application that call for security, target surveillance in hostile environments. Typical sensors possess limited computation, energy, and memory resources; therefore the use of vastly resource consuming security mechanism is not possible. In this paper, we propose a cryptography key management protocol, which is based on identity based symmetric keying.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.139-150
• /
• 2009

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

• Journal of Communications and Networks
• /
• v.15 no.5
• /
• pp.464-468
• /
• 2013

The widespread use of cryptographic technologies is complicated by inconsistencies and duplication in the key management systems supporting their applications. The proliferation of key management systems or protocols also results in higher operational and infrastructure costs, and fails in interoperability. Thus, it is essential to realize key management interoperability between different and heterogeneous cryptosystems. This paper presents a practical and separable key management system for heterogeneous public-key cryptosystems. We achieve the interoperability between different cryptosystems via cryptography approaches rather than communication protocols. With our scheme, each client can freely use any kind of cryptosystemthat it likes. The proposed scheme has two advantages over the key management interoperability protocol introduced by the organization for the advancement of structured information standards. One is that all the related operations do not involve the communication protocol and thus no special restrictions are taken on the client devices. The other is that the proposed scheme does not suffer from single-point fault and bottleneck problems.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.1B
• /
• pp.1-10
• /
• 2003

An EPON which is going on standardization in IEEE 802.3ah, is tree topology consists of a OLT and multiple ONU using passive optical components, so this network is susceptible to variable security threats - eavesdropping, masquerading, denial of service and so on. In this paper, we design a security protocol supporting authentication and confidentiality services in MAC layer in order to prevent these security threats and to guarantee secure data exchange The designed security protocol introduce public-key based authentication and key management protocols for efficient key management, and choose Rijndael algorithm, which is recent standard of AES, to provide the confidentiality of EPON Proposed authentication and key management protocols perform authentication and public-key exchange at a time, and are secure protocols using derived common cipher key by exchanging public random number To implement the designed security protocol, we propose the procedures of authentication and public-key exchange, session key update, key recovery. This proposed protocol is verified using unknown session key, forward secrecy, unknown key-share, key-compromise impersonation.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.87-101
• /
• 2017

As people increasingly rely on mobile networks in modern society, mobile communication security is becoming more and more important. In the Long Term Evolution/System Architecture Evolution (LTE/SAE) architecture, the 3rd Generation Partnership (3GPP) team has also developed the improved Evolved Packet System Authentication and Key Agreement (EPS AKA) protocol based on the 3rd Generation Authentication and Key Agreement (3G AKA) protocol in order to provide mutual authentication and secure communication between the user and the network. Unfortunately, the EPS AKA also has several vulnerabilities such as sending the International Mobile Subscriber Identity (IMSI) in plain text (which leads to disclosure of user identity and further causes location and tracing of the user, Mobility Management Entity (MME) attack), man-in-middle attack, etc. Hence, in this paper, we analyze the EPS AKA protocol and point out its deficiencies and then propose an Efficient and Security Enhanced Authentication and Key agreement (ESE-EPS AKA) protocol based on hybrid of Dynamic Pseudonym Mechanism (DPM) and Public Key Infrastructure (PKI) retaining the original framework and the infrastructure of the LTE network. Then, our evaluation proves that the proposed new ESE-EPS AKA protocol is relatively more efficient, secure and satisfies some of the security requirements such as confidentiality, integrity and authentication.