• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.7
• /
• pp.2719-2735
• /
• 2015

In the cloud environment, users pay more attentions to their data security since all of them are stored in the cloud server. Researchers have proposed many mutual authentication schemes for the access control of the cloud server by using the smart card to protect the sensitive data. However, few of them can resist from the smart card lost problem and provide both of the forward security and the backward security. In this paper, we propose a novel authentication scheme for cloud computing which can address these problems and also provide the anonymity for the user. The trick we use is using the password, the smart card and the public key technique to protect the processes of the user's authentication and key exchange. Under the Elliptic Curve Diffie-Hellman (ECDH) assumption, it is provably secure in the random oracle model. Compared with the existing smart card based authentication schemes in the cloud computing, the proposed scheme can provide better security degree.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2012.05a
• /
• pp.89-92
• /
• 2012

Wireless Mesh Network expanded the capability of the conventional wireless networking by allowing the nodes to operate in proactive mode, reactive mode or the combination of both, the hybrid mode in the multi-hopping nature. By doing so, the links between the nodes become much more robust and reliable because of the number of paths to reach a destination node from a source node can be more than 1 and do not need to rely on the access point (AP) alone to relay the messages. As there may be many possible ways to form an end-to-end link between 2 nodes, the routing security becomes another main concern of the 802.11s protocol. Besides its reliance on the 802.11i for the security measures, 802.11s also includes some new features such as the Mesh Temporal Key (MTK) and the Simultaneous Authentication of Equals (SAE). The authentication and key management (AKM) process of 802.11s were observed in this paper.

• Journal of information and communication convergence engineering
• /
• v.9 no.4
• /
• pp.431-434
• /
• 2011

Password-based user-authentication schemes have been widely used when users access a server to avail internet services. Multiserver password-authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. In 2008, Jia-Lun Tsai proposed an improved and efficient password-authenticated key agreement scheme for a multiserver architecture based on Chang-Lee's scheme proposed in 2004. However, we found that Tsai's scheme does not provide forward secrecy and is weak to insider impersonation and denial of service attacks. In this article, we describe the drawbacks of Tsai's scheme and provide a countermeasure to satisfy the forward secrecy property.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.1 no.1
• /
• pp.67-74
• /
• 2008

As wireless network market is increasing rapidly, the biggest issue is to transfer safe data and to authenticate users. This paper proposes ECbA(Elliptic Curve based Authentication) which consists of the mutual authentication mechanism that users can ascertain the identity of an authentication server and the user authentication mechanism that an authentication server can make sure users' identity, by using Elliptic Curve algorithms. The proposed ECbA system diminishes the message quantity and the execution time by using the small elliptic curve algorithm with the small key length in authentication. In addition, as this paper reduces the authentication steps of existing EAP_TLS into 6 authentication steps, the communication cost and mutual authentication time can be saved. As this paper distributes new keys, whenever authenticating users by using key exchange mechanism, it provides safe encryption communication and prevents DoS attack by controlling the users authentication request by authentication server.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.11
• /
• pp.303-309
• /
• 2018

Internet of Things technology is an intelligent service that connects all objects to the Internet and interacts with them. It is a technology that can be used in various fields, such as device management, process management, monitoring of restricted areas for industrial systems, as well as for navigation in military theaters of operation. However, because all devices are connected to the Internet, various attacks using security vulnerabilities can cause a variety of damage, such as economic loss, personal information leaks, and risks to life from vulnerability attacks against medical services or for military purposes. Therefore, in this paper, a mutual authentication method and a key-generation and update system are applied by applying S/Key technology based on a hash chain in the communications process. A mutual authentication method is studied, which can cope with various security threats. The proposed protocol can be applied to inter-peer security communications, and we confirm it is robust against replay attacks and man-in-the-middle attacks, providing data integrity against well-known attacks in the IoT environment.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.2
• /
• pp.177-184
• /
• 2009

The digital contents distribution system via network provides comfortability, usability, and diversified functions to content's users. However, for the characteristic of easy access of digital contents, the copyright infringements and indiscreet contents distribution are realized in this days. In other words, any users with the authentication key can access to copyright contents with any restrictions. To solve this problems, we proposed a user authentication mechanism which prevent indiscreet access to the digital content by using user system information. Also, to provide safe distribution of digital content, we used user's unique content authentication key.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.5 no.3
• /
• pp.168-174
• /
• 2010

User authentication is an important requirement to provide secure network service. Therefore, many authentication schemes have been proposed to provide secure authentication, such as key agreement and anonymity. However, authority of scheme is limited to one's self. It is inefficient when authenticated users grant a certification to other users who are in an organization which has a hierarchical structure, such as a company or school. In this paper, we propose the first authentication scheme to use Attributes-Based Re-encryption that creates a certification to other users with specified attributes. The scheme, which has expanded from Rhee et al. scheme, has optimized computation performance on a smart card, ensuring the user's anonymity and key agreement between users and server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.313-323
• /
• 2020

With the development of smart grid technologies, a user can use the secure and reliable power services in smart gird environments. However, the users are not secure against various potential attacks because the smart gird services are provided through the public channel. Therefore, a secure and lightweight authentication and key agreement scheme has become a very important security issue in smart grid in order to guarantee user's privacy. In 2019, Zhang et al. proposed a lightweight authentication scheme for smart gird communications. In this paper, we demonstrate that Zhang et al.'s scheme is vulnerable to impersonation and session key disclosure attacks, and then we propose a secure authentication and key agreement scheme for smart grid environments without tamper-resistant devices. Moreover, we perform the informal security and the BAN logic analysis to prove that our scheme is secure various attacks and provides secure mutual authentication, respectively. We also perform the performance analysis compared with related schemes. Therefore, the proposed scheme is efficiently applicable to practical smart gird environments.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.3
• /
• pp.1350-1355
• /
• 2011

It is very important issues to protect many system resources using authorized client authentication in distributed client server systems. So it is not enough to prevent unauthorized opponents from attacking our systems that client authentication is performed using only the client's identifier and password. In this paper, we propose a secure authentication database modeling with two authentication keys such as a client authentication key and a server authentication key. The proposed authentication model can be used making high quality of computer security using two authentication keys during transaction processing. The two authentication keys are created by client and server, and are used in every request transaction without user's extra input. Using the proposed authentication keys, we can detect intrusion during authorized client's transaction processing because we can know intrusion immediately through comparing stored authentication keys in client server systems when hackers attack our network or computer systems.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.146-149
• /
• 2008

The RFID system is very useful in various fields such as the distribution industry and the management of the material, etc. However, the RFID system suffers from various attacks since it does not have a complete authentication protocol. Therefore, this paper propose the authentication protocol that used key server to resist various attacks including DoS(Denial of Service) attack. For easy implementation, the proposed protocol also uses CRC, RN16 generation function existing in EPCglobal class 1 gen2 protocol. This paper performed security analysis to prove that the proposed protocol is resistant to various attacks. The analytical results showed that the proposed protocol offered a secure RFID system.