• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권11호
• /
• pp.5639-5653
• /
• 2016

Security models for key exchange protocols have been researched for years, however, lots of them only focus on what secret can be compromised but they do not differentiate the timing of secrets compromise, such as the extended Canetti-Krawczyk (eCK) model. In this paper, we propose a new security model for key exchange protocols which can not only consider what keys can be compromised as well as when they are compromised. The proposed security model is important to the security proof of the key exchange protocols with forward secrecy (either weak forward secrecy (wFS) or strong forward secrecy (sFS)). In addition, a new kind of key compromise impersonation (KCI) attacks which is called strong key compromise impersonation (sKCI) attack is proposed. Finally, we provide a new one-round key exchange protocol called mOT+ based on mOT protocol. The security of the mOT+ is given in the new model. It can provide the properties of sKCI-resilience and sFS and it is secure even if the ephemeral key reveal query is considered.

• 한국통신학회논문지
• /
• 제30권1C호
• /
• pp.25-34
• /
• 2005

Girault는 자체 인증 공개키(self-certified public key)의 개념과 함께 이를 사용한 키 분배 프로토롤을 제안하였고 후에 Rueppel과 Oorschot는 이를 변형한 프로토콜들을 제안하였다. 자체인증 공개키에 기반한 키 분배 프로토콜은 사용자가 자신의 비밀키를 직접 선택하므로 개인식별 정보에 기반한 방식의 문제점으로 지적되었던 신뢰센터가 임의의 사용자로 위장할 수 있는 문제를 해결할 수 있고, 또한 메모리와 계산량을 감소시킬 수 있다는 장점이 있다. 그러나, 키 분배 프로토콜의 안전성에 대한 구체적인 증명은 아직까지 미흡한 실정이다. 본 논문에서는 지금까지 제안된 자체인증 공개키에 기반한 키분배 프로토콜에 대한 능동적 공격자 환경에서의 구체적인 안전성 분석을 수행하고자 한다. 본 논문에서 고려하는 공격은 active impersonation 공격, key-compromise impersonation 공격, forward secrecy, known key secuity이며, 안전성 증명에는 수학적 귀착 이론을 이용한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제6권12호
• /
• pp.3352-3365
• /
• 2012

Group key agreement (GKA) is a cryptographic primitive allowing two or more users to negotiate a shared session key over public networks. Wu et al. recently introduced the concept of asymmetric GKA that allows a group of users to negotiate a common public key, while each user only needs to hold his/her respective private key. However, Wu et al.'s protocol can not resist active attacks, such as fabrication. To solve this problem, Zhang et al. proposed an authenticated asymmetric GKA protocol, where each user is authenticated during the negotiation process, so it can resist active attacks. Whereas, Zhang et al.'s protocol needs a partially trusted certificate authority to issue certificates, which brings a heavy certificate management burden. To eliminate such cost, Zhang et al. constructed another protocol in identity-based setting. Unfortunately, it suffers from the so-called key escrow problem. In this paper, we propose the certificateless authenticated asymmetric group key agreement protocol which does not have certificate management burden and key escrow problem. Besides, our protocol achieves known-key security, unknown key-share security, key-compromise impersonation security, and key control security. Our simulation based on the pairing-based cryptography (PBC) library shows that this protocol is efficient and practical.

• 한국정보과학회논문지:정보통신
• /
• 제35권6호
• /
• pp.465-473
• /
• 2008

MQV 프로토콜은 가장 효율적인 Diffie-Hellman 키 교환 프로토콜로 여겨지고 있으며, 미국 NSA를 비롯한 많은 기관들에서 표준으로 채택되었다. Crypto 2005에서 Hugo Krawczyk는 MQV의 약점들을 보였으며, MQV를 변형한 HMQV를 제안했다. HMQV는 MQV와 비슷한 계산량을 요구하는 반면 다양한 안전성을 만족하며, 랜덤 오라클 모델에서 안전성 증명이 가능하다. 이 논문에서 HMQV가 제공하는 다양한 안전성을 만족하면서도 랜덤 오라클을 사용하지 않는 Diffie-Hellman 키 교환 프로토콜을 제안한다. 지금까지는 랜덤 오라클을 사용하지 않으면서 HMQV가 제공하는 다양한 안전성을 보장하는 Diffie-Hellman 키 교환 프로토콜은 존재하지 않았다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권1호
• /
• pp.344-365
• /
• 2020

Providing security has been always on priority in all areas of computing and communication, and for the systems that are low on computing power, implementing appropriate and efficient security mechanism has been a continuous challenge for the researchers. Radio Frequency Identification (RFID) system is such an environment, which requires the design and implementation of efficient security mechanism. Earlier, the security protocols for RFID based on hash functions and symmetric key cryptography have been proposed. But, due to high strength and requirement of less key size in elliptic curve cryptography, the focus of researchers has been on designing efficient security protocol for RFID based on elliptic curves. In this paper, an efficient elliptic curve signcryption based security protocol for RFID has been proposed, which provides mutual authentication, confidentiality, non-repudiation, integrity, availability, forward security, anonymity, and scalability. Moreover, the proposed protocol successfully provides resistance from replay attack, impersonation attack, location tracking attack, de-synchronization attack, denial of service attack, man-in-the-middle attack, cloning attack, and key-compromise attack. Results have revealed that the proposed protocol is efficient than the other related protocols as it takes less computational time and storage cost, especially for the tag, making it ideal to be used for RFID systems.

• 한국통신학회논문지
• /
• 제28권1B호
• /
• pp.1-10
• /
• 2003

IEEE 802 3ah에서 표준화가 진행되고 있는 EPON은 하나의 OLT와 다수의 ONU가 수동소자에 의해 트리 구조로 연결되므로 도청, 위장, 가용성 등의 보안 위협을 포함한다 본 논문에서는 EPON에서 보안 위협으로부터 망을 보호하고 안전한 데이터 전송을 보장하기 위해 MAC 계층에서 인증 및 비밀성 서비스를 제공하는 보안 프로토콜을 설계하였다. 설계된 보안 프로토콜은 효율적인 키관리를 위하여 공개키 기반 인증 및 키관리 프로토콜을 이용하며, 비밀성 서비스를 위하여 최근 표준화된 AES의 Rijndael 알고리즘을 채택하였다. 제안된 인증 및 키관리 프로토콜은 인증과 공개키 교환을 동시에 수행하며, 공개 난수를 전송하여 공통의 암호키를 생성하는 안전한 프로토콜이다. 키관리의 구현을 위하여 인증 및 공개키 교환 절차, 세션키 변경 절차, 키복구 절차 등을 제안하였다. 제안된 프로토콜을 검증하기 위하여 알려진 세션키, 전향적 비밀성, 미지키 공유, 키손상 위장 등의 안전성을 분석하였다.

• IEIE Transactions on Smart Processing and Computing
• /
• 제2권3호
• /
• pp.168-175
• /
• 2013

Key escrow is a default property that is inherent in identity-based cryptography, where a curious private key generator (PKG) can derive a secret value shared by communicating entities in its domain. Therefore, a dishonest PKG can encrypt and decrypt ciphers or can carry out any attack on the communicating parties. Of course, the escrow property is not completely unwanted but is acceptable in other particular applications. On the other hand, in more civil applications, this key escrow property is undesirable and needs to be removed to provide maximum communication privacy. Therefore, this paper presents an escrow-free identity-based key agreement protocol that is also applicable even in a distinct PKG condition that does not use pairings. The proposed protocol has comparable computational and communicational performance to many other protocols with similar security attributes, of which their security is based on costly bilinear pairings. The protocol's notion was inspired by McCullagh et al. and Chen-Kudla, in regard to escrow-free and multi-PKG key agreement ideas. In particular, the scheme captures perfect forward secrecy and key compromise impersonation resilience, which were lacking in McCullagh et al.'s study, as well as all other desirable security attributes, such as known key secrecy, unknown key-share resilience and no-key control. The merit in the proposed protocol is the achievement of all required security requirements with a relatively lower computational overhead than many other protocols because it precludes pairings.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.978-1002
• /
• 2019

With the rapid development of the Internet of Things, the problem of privacy protection has been paid great attention. Recently, Nikooghadam et al. pointed out that Kumari et al.'s protocol can neither resist off-line guessing attack nor preserve user anonymity. Moreover, the authors also proposed an authentication supportive session initial protocol, claiming to resist various vulnerability attacks. Unfortunately, this paper proves that the authentication protocols of Kumari et al. and Nikooghadam et al. have neither the ability to preserve perfect forward secrecy nor the ability to resist key-compromise impersonation attack. In order to remedy such flaws in their protocols, we design a lightweight authentication protocol using elliptic curve cryptography. By way of informal security analysis, it is shown that the proposed protocol can both resist a variety of attacks and provide more security. Afterward, it is also proved that the protocol is resistant against active and passive attacks under Dolev-Yao model by means of Burrows-Abadi-Needham logic (BAN-Logic), and fulfills mutual authentication using Automated Validation of Internet Security Protocols and Applications (AVISPA) software. Subsequently, we compare the protocol with the related scheme in terms of computational complexity and security. The comparative analytics witness that the proposed protocol is more suitable for practical application scenarios.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권3호
• /
• pp.1273-1288
• /
• 2016

With the swift growth of wireless technologies, an increasing number of users rely on the mobile services which can exchange information in mobile networks. Security is of key issue when a user tries to access those services in this network environment. Many authentication schemes have been presented with the purpose of authenticating entities and wishing to communicate securely. Recently, Chou et al. and Farash-Attari presented two ID authentication schemes. They both claimed that their scheme could withstand various attacks. However, we find that the two authentication schemes are vulnerable to trace attack while having a problem of clock synchronization. Additionally, we show that Farash-Attari's scheme is still susceptible to key-compromise impersonation attack. Therefore, we present an enhanced scheme to remedy the security weaknesses which are troubled in these schemes. We also demonstrate the completeness of the enhanced scheme through the Burrow-Abadi-Needham (BAN) logic. Security analysis shows that our scheme prevents the drawbacks found in the two authentication schemes while supporting better secure attributes. In addition, our scheme owns low computation overheads compared with other related schemes. As a result, our enhanced scheme seems to be more practical and suitable for resource-constrained mobile devices in mobile networks.