• ETRI Journal
• /
• v.45 no.6
• /
• pp.1090-1102
• /
• 2023

Authenticated multiple key agreement (AMKA) protocols provide participants with multiple session keys after one round of authentication. Many schemes use Diffie-Hellman or authenticated key agreement schemes that rely on hard integer factorizations that are vulnerable to quantum algorithms. Lattice cryptography provides quantum resistance to authenticated key agreement protocols, but the certificate always incurs excessive public key infrastructure management overhead. Thus, a lightweight lattice-based secure system is needed that removes this overhead. To answer this need, we provide a two-party lattice- and identity-based AMKA scheme based on bilateral short integer or computational bilateral inhomogeneous small integer solutions, and we provide a security proof based on the random oracle model. Compared with existing AMKA protocols, our new protocol has higher efficiency and stronger security.

• Journal of Korea Multimedia Society
• /
• v.14 no.6
• /
• pp.785-793
• /
• 2011

Since then, with the advance of computing environment, various Internet services are emerging and the importance of user authentication technology is increasing for verifying users authorized to use such services. Along with the advance of authentication technology, research is being made actively on one time password, which is used once in a session and then discarded. In existing one time passwords, however, the values of one time passwords in a created table are stored in serial order, and therefore, if the seed value and the number of one time passwords used are disclosed, one may infer the value of the one time password to be used next. What is more, one time passwords of the S/Key type have the problem that the number of uses is fixed. In this paper, We analysis the existing one time password. Also, We propose one time password methods using elliptic curve cryptography scheme and using enhanced randomness with time value.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.7
• /
• pp.1518-1523
• /
• 2005

With the expansion of service over the internet, the recent network demands the amount of the more bandwidth and fast transfer rate. Optical Burst Switching has considered as a promising solution for supporting high-speed Internet Service. Because of OBS architecture, it has the security threats such as eavesdropping, masquerading, denial of service and so on. In this Paper, We analyze OBS-specific security threats and requirement for supporting security protocol n OBS networks. We propose an authentication and key exchange protocol for supporting the security service. This protocol supports explicit key authentication by using the control messages and protects the control message by using the session key.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.115-124
• /
• 2005

We propose a new binding update(BU) protocol between mobile node(CN) and correspondent node(CN) for the purpose of preventing redirect attacks and DoS attacks observed from the existing BU protocols and enhancing the efficiency of the BU protocol. Home agent plays a role of both authentication server validating BU message and session key distribution center for MN and CN. Also propose the stateless Diffie-Hellman key agreement based on cryptographically generated address (CGA). Suity of our proposed Protocol is analyzed and compared with other protocols. The proposed protocol is more efficient than previous schemes in terms of the number of message flows and computation overhead and is secure against both redirect and DoS attacks.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1997.11a
• /
• pp.120-127
• /
• 1997

본 논문에서는 해쉬함수 만을 이용한 상호 인증 및 세션키 공유 시스템을 안전하면서 적은 비용으로도 구현할 수 있는 프로토콜을 제안한다. 인증값을 계산하기 위하여 암호 알고리즘이나 모듈라 연산은 전혀 사용되지 않기 때문에 사용자 Terminal도 간단한 계산 능력을 갖추면 된다. 사용자는 패스워드를 암기하며 128비트 이상의 키가 저장된 간단한 메모리 디바이스를 소유한다.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.11a
• /
• pp.622-625
• /
• 2006

The basic observation of the present paper is that cryptographic solutions that have been proposed so far completely ignore the communication context. IPSec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the Internet. We propose example to provide key recovery capability by adding key recovery information to an IP datagram. It is possible to take advantage of the communication environment in order to design key recovery protocols that are better suited and more efficient.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.6
• /
• pp.83-94
• /
• 2016

Recent cloud, big data, there is a problem for the architectural security vulnerability to the server platforms of various fields such as artificial intelligence occurs consistently, but using the virtualization technology. In addition, most secure virtualization technology is known to be dependent on the type is limited and the platform provider. This paper presents a method for mutual authentication for secure data between multiple instances of a shared virtualized environment. The proposed method was designing a security architecture in consideration of the mutual authentication between multiple independent instances, and enhance the safety of a security protocol for sharing data by applying a key chain techniques. Performance analysis results and the existing security architecture demonstrated that protect each virtualized instances of the session and the other way, a compliance effectiveness for each instance of the mutual authentication process.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.10
• /
• pp.1912-1918
• /
• 2016

MPTCP(Multipath Transmission Control Protocol) is able to compose many TCP paths when two hosts connect and the data is able to be transported through these paths simultaneously. When a new path is added, the authentication between both hosts is necessary to check the validity of host. So, MPTCP exchanges a key when initiating an connection and makes a token by using this key for authentication. However the original MPTCP is vulnerable to MITM(Man In The Middle) attacks because the key is transported in clear text. Therefore, we applied a ECDH(Elliptic Curve Diffie-Hellman) key exchange algorithm to original MPTCP and replaced the original key to the ECDH public key. And, by generating the secret key after the public key exchanges, only two hosts is able to make the token using the secret key to add new subflow. Also, we designed and implemented a method supporting encryption and decryption of data using a shared secret key to apply confidentiality to original MPTCP.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.75-81
• /
• 2003

User authentication, including confidentiality, integrity over untrusted networks, is an important part of security for systems that allow remote access. Using human-memorable Password for remote user authentication is not easy due to the low entropy of the password, which constrained by the memory of the user. This paper presents a new password authentication and key agreement protocol suitable for authenticating users and exchanging keys over an insecure channel. The new protocol resists the dictionary attack and offers perfect forward secrecy, which means that revealing the password to an attacher does not help him obtain the session keys of past sessions against future compromises. Additionally user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the server. It does not have to resort to a PKI or trusted third party such as a key server or arbitrator So no keys and certificates stored on the users computer. Further desirable properties are to minimize setup time by keeping the number of flows and the computation time. This is very useful in application which secure password authentication is required such as home banking through web, SSL, SET, IPSEC, telnet, ftp, and user mobile situation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.154-155
• /
• 2013

This paper presents a user authentication scheme for healthcare application using wireless sensor networks, where wireless sensors are used for patients monitoring. These medical sensors' sense the patient body data and transmit it to the professionals. Since, the data of an individual are highly vulnerable; it must ensures that patients medical vital signs are secure, and are not exposed to an unauthorized person. In this regards, we propose a user authentication scheme for healthcare application using medical sensor networks. The proposed scheme includes: a novel two-factor user authentication, where the healthcare professionals are authenticated before access the patient's body data; a secure session key is establish between the patient sensor node and the professional at the end of user authentication. Furthermore, the analysis shows that the proposed scheme is safeguard to various practical attacks and achieves efficiency at low computation cost.