• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.9-17
• /
• 2019

As the IoT environment becomes more popular, the safety of the M2M environment, which establishes the communication environment between objects and objects without human intervention, becomes important. Due to the nature of the wireless communication environment, there is a possibility of exposure to security threats in various aspects such as data exposure, falsification, tampering, deletion and privacy, and secure communication security technology is considered as an important requirement. In this paper, we propose a new method for group key generation and exchange using trap hash collision hash in existing 'M2M communication environment' using hash collision, And a mechanism for confirming the authentication of the device and the gateway after the group key is generated. The proposed method has attack resistance such as spoofing attack, meson attack, and retransmission attack in the group communication section by using the specificity of the collision message and collision hash, and is a technique for proving safety against vulnerability of hash collision.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.60-71
• /
• 2006

Group key agreement protocols are designed to allow a group of parties communicating over a public network to securely and efficiently establish a common secret key, Over the years, a number of solutions to the group key agreement protocol have been proposed with varying degrees of complexity, and the research relating to group key agreement to securely communicate among a group of members in integrated wired and wireless networks has been recently proceeded. Both features of wired computing machines with the high-performance and those of wireless devices with the low-power are considered to design a group key agreement protocol suited for integrated wired and wireless networks. Especially, it is important to reduce computational costs of mobile devices which have the limited system resources. In this paper, we present an efficient group key agreement scheme which minimizes the computational costs of mobile devices and is well suited for this network environment and prove its security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.12
• /
• pp.3244-3260
• /
• 2013

A three-party password-based authenticated key exchange (PAKE) protocol allows two clients registered with a trusted server to generate a common cryptographic key from their individual passwords shared only with the server. A key requirement for three-party PAKE protocols is to prevent an adversary from mounting a dictionary attack. This requirement must be met even when the adversary is a malicious (registered) client who can set up normal protocol sessions with other clients. This work revisits three existing three-party PAKE protocols, namely, Guo et al.'s (2008) protocol, Huang's (2009) protocol, and Lee and Hwang's (2010) protocol, and demonstrates that these protocols are not secure against offline and/or (undetectable) online dictionary attacks in the presence of a malicious client. The offline dictionary attack we present against Guo et al.'s protocol also applies to other similar protocols including Lee and Hwang's protocol. We conclude with some suggestions on how to design a three-party PAKE protocol that is resistant against dictionary attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.61-70
• /
• 2005

We propose and implement a flexible secure peer-to-peer(P2P) file sharing scheme which can be used for data sharing among closed user group (CUG) members. When a member wants to share data, notification messages are sent to the members with whom the member wants to share data. Each notification message includes one-time password encrypted with the receiver's public key. A member who received the notification message can download the data by using the one-time password. The proposed scheme provides selective sharing, download confirmation and efficient storage management. In terms of security, the proposed scheme supports authentication, entity privacy, replay attack protection and disguise prevention. We also implement the proposed system and find that the system is very useful among P2P service of closed user groups.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.10a
• /
• pp.748-750
• /
• 2001

최근 인터넷을 통한 네트워크 응용들의 확산은 unicast에서 multicast로 넓혀가고 있는 추세이다. 그러나 공개키 쌍을 사용하는 PKI 키 관리 및 인증기법에 반해 그룹 키 관리 및 인증기법에 대한 연구는 아직 미비한 상태이다. 따라서 본 논문에서는 동일한 보안등급을 갖는 다중 사용자들이 보다 안전하게 키를 공유하고 인증할 수 있도록 하는 그룹 키 분산 기법에서, 즉, 그룹키를 관리함에 있어서 필요한 정보보호에 대한 고찰 및 그룹 키 관리에서의 주요 처리인 join/leave 함수 처리, 다양한 그룹키 분산 기법에 관하여 연구하고 보다 안전한 키 관리 및 객체가 갖는 장점들을 포함하는 안전한 그룹 키 분산기법에 관하여 논하도록 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.255-266
• /
• 2022

Messenger applications applied end-to-end encryption on their own to prevent message exposure to servers. Standardization of a group messaging protocol called Message Layer Security (MLS) with end-to-end encryption is being discussed for secure and efficient message communication. This paper performs safety checks based on the operation process and security requirements of MLS. Confidentiality to a middleman server, which is an essential security requirement in messenger communication, can be easily violated by a server administrator. We define a server administrator who is curious about the group's communication content as a curious admin and present an attack in which the admin obtains a group key from MLS. Reminds messenger application users that the server can view your communication content at any time. We discuss ways to authenticate between users without going through the server to prevent curious admin attacks.

• Journal of the Korea Convergence Society
• /
• v.7 no.1
• /
• pp.49-55
• /
• 2016

In a delegate authentication, a user can lend his/her own authentication data to the third parties to let them be authenticated instead of himself/herself. The user authentication schemes based on the memory of unique data such as password, are vulnerable to this type of attack. Biometric authentication could minimize the risk of delegate authentication since it uses the biometric data unique by each person. Group authentication scheme is used to prove that each group member belongs to the corresponding group. For applications such as an electronic voting or a mobile meeting where the number of group members is changing dynamically, a new group authentication method is needed to reflect the status of group in real time. In this paper, we propose biometric authentication based dynamic group signature scheme. The proposed scheme is composed of biometric key generation, group public key creation, group signature generation, group signature verification and member update protocols. The proposed member update protocol is secure against colluding attacks of existing members and could reflect group status in real time.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.10 s.340
• /
• pp.31-38
• /
• 2005

Ipsec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the internet. Internet Key Exchange (IKE) is a protocol that is used to negotiate and provide authenticated keying materials in a protected manner for Security Associations (SAs). In this paper, we propose a dynamic key lifetime change algorithm for performance enhancement of virtual private networks using IPSec. The proposed algorithm changes the key lifetime according to the number of secure tunnels. The proposed algorithm is implemented with Linux 2.4.18 and FreeS/WAN 1.99. The system employing our proposed algorithm performs better than the original version in terms of network performance and security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.9
• /
• pp.4418-4437
• /
• 2017

In this paper a three-phase secure compressive sensing (CS) and received signal strength (RSS) based target localization approach is proposed to mitigate the effect of malicious node attack. RSS measurements are first arranged into a group of subsets where the same measurement can be included in multiple subsets. Intermediate target position estimates are then produced using individual subsets of RSS measurements and the CS technique. From the intermediate position estimates, the residual error vector and residual error square vector are formed. The least median of residual error square is utilized to define a verifier parameter. The selected residual error vector is utilized along with a threshold to determine whether a node or measurement is under attack. The final target positions are estimated by using only the attack-free measurements and the CS technique. Further, theoretical analysis is performed for parameter selection and computational complexity evaluation. Extensive simulation studies are carried out to demonstrate the advantage of the proposed CS-based secure localization approach over the existing algorithms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.29-43
• /
• 2019

In recent years, as the network traffic in the WSN(Wireless Sensor Network) has been increased by the growing number of IoT wireless devices, SDWSN(Software-Defined Wireless Sensor Network) and its security that aims a secure SDN(Software-Defined Networking) for efficiently managing network resources in WSN have received much attention. In this paper, we study on how to efficiently and securely design a PUF(Physical Unclonable Function)-assisted group key distribution scheme for the SDWSN environment. Recently, Huang et al. have designed a group key distribution scheme using the strengths of SDN and the physical security features of PUF. However, we observe that Huang et al.'s scheme has weak points that it does not only lack of authentication for the auxiliary controller but also it maintains the redundant synchronization information. In this paper, we securely design an authentication process of the auxiliary controller and improve the vulnerabilities of Huang et al.'s scheme by adding counter strings and random information but deleting the redundant synchronization information.