• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.11C
• /
• pp.1023-1029
• /
• 2006

In this Paper, we present a novel authentication and key exchange(AKE) protocol for inter-NSP(provider) roaming in IEEE 802.16e networks. The proposed protocol allows performing both user and device authentication jointly by using two different authentication credentials and Provides user anonymity and session key establishment. Also, this protocol requires only two round number message exchange between foreign network and home network.

• Journal of the Korea Society of Computer and Information
• /
• v.8 no.4
• /
• pp.104-110
• /
• 2003

In this paper, we proposed hybrid cryptosystem of Diffie-Hellman base in Elliptic Curve, and explained for specific protocol design. The proposed system is efficient hybrid cryptosystems system that offer implicit key authentication about sender and receiver unlike existing hybrid system. This system increased safety generating session key using pseudo-random number generator by cryptographic. Because the system is hybrid system, it is more efficient in calculation amount aspect supplementing merit and fault of public key system and secret key system. Also, the system can not get right plaintext except receiver even if sender's secret key is revealed and impersonation attack is impossible. And the system offers security on known keys without influencing in safety of other session's cryptogram even if session key is exposed. And the system is provided safety about mutual entity authentication and replay attack.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.3C
• /
• pp.220-225
• /
• 2002

Mobile IP aims to support mobility within the Internet. This paper concerned with the security aspect of Mobile IP. We show that current registration protocol has a possible replay attack despite the use of authenticated registration message and replay protection. We propose a public-key based registration protocol that also distributes a session-key distribution protocol in AAA. Proposed protocol provides authentication of mobile node and session-key distribution simultaneously. It also provides non-repudiation of service request.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.67-76
• /
• 2002

Kerberos is designed to provide strong authentication between client and application servers which are working in distributed network environment by using symmetric-key cryptography, and supposed to trust other systems of the realm. In this paper, we design an efficient and strong authentication mechanism by introducing the public/private-key to Kerberos. In the mechanism to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we employ a mutual authentication method, which is used on challenge-response mechanism based on digital signatures, to improve trust between realms, and present a way of reducing the number of keys by simplifying authentication steps.

• The KIPS Transactions:PartC
• /
• v.13C no.7 s.110
• /
• pp.843-850
• /
• 2006

This is devoted to first, to propose a hash chain algorithm that generates more secure key than conventional encryption method. Secondly, we proposes encryption method that is more secure than conventional system using a encryption method that encrypts each block with each key generated by a hash chain algorithm. Thirdly, After identifying the user via wired and wireless network using a user authentication method. We propose a divided session key method so that Although a client key is disclosed, Attackers cannot catch a complete key and method to safely transfer the key using a divided key method. We make an experiment using various size of digital contents files for performance analysis after performing the design and implementation of system. Proposed system can distribute key securely than conventional system and encrypt data to prevent attacker from decrypting complete data although key may be disclosed. The encryption and decryption time that client system takes to replay video data fie is analogous to the conventional method.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.423-430
• /
• 2013

With the active Internet e-commerce and the financial sector, mutual authentication between users and service providers has become very important. Because ID- and password-based authentication is of low security, one-time password authentication methods are widely used. The existing one-time password authentication scheme of S/Key authentication method is fraught with a number of issues in addition to plain text transmission, and the method of Kim Gong-ki et al. does not offer suggestions for session key generation and distribution method. Proposed in this paper is a protocol that solves these problems.

• Journal of Korea Multimedia Society
• /
• v.6 no.2
• /
• pp.288-300
• /
• 2003

As the importance of information security gets recognized seriously, ciphers technology gets used more. Particularly, since public key ciphers are easier to control the key than symmetric key ciphers and also digital signature is easily implemented, public key ciphers are increased used. Nowadays, public key infrastructure is established and operated to use efficiently and securely the public key ciphers. In the public key infrastructure, the user registers at the certificate authority to generate the private key and public key pair and the certificate authority issues the certificate on the public key generated. Through this certificate, key establishment between users is implemented and encryption communication becomes possible. But, control function of session key established in the public key infrastructure is not provided. In this thesis, the certificate issuing protocol to support the key recovery of the session key established during the wireless authentication and key establishment is proposed.

• ETRI Journal
• /
• v.35 no.5
• /
• pp.889-899
• /
• 2013

Wireless sensor networks (WSNs) are used for many real-time applications. User authentication is an important security service for WSNs to ensure only legitimate users can access the sensor data within the network. In 2012, Yoo and others proposed a security-performance-balanced user authentication scheme for WSNs, which is an enhancement of existing schemes. In this paper, we show that Yoo and others' scheme has security flaws, and it is not efficient for real WSNs. In addition, this paper proposes a new strong authentication scheme with user privacy for WSNs. The proposed scheme not only achieves end-party mutual authentication (that is, between the user and the sensor node) but also establishes a dynamic session key. The proposed scheme preserves the security features of Yoo and others' scheme and other existing schemes and provides more practical security services. Additionally, the efficiency of the proposed scheme is more appropriate for real-world WSNs applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1467-1480
• /
• 2016

This paper proposes "A Black Hole Detection Protocol Design based on a Mutual Authentication Scheme on VANET." It consists of the Mutual Authentication Scheme (MAS) that processes a Mutual Authentication by transferring messages among a Gateway Node, a Sensor Node, and a User Node and the Black Hole Detection Protocol (BHDP) which detects a Non-Authentication Node by using the Session Key computed in the MAS and a Black Hole by using the Broadcasting Table. Therefore, the MAS can reduce the operation count of hash functions more than the existing scheme and protect a privacy from an eavesdropping attack and an information exposure by hashing a nonce and user's ID and password. In addition, the MAS prevents a replay attack by using the randomly generated nonce and the time stamp. The BHDP improves Packet Delivery ratio and Throughput more than the AODV with Black hole by 4.79% and 38.28Kbps. Also, it improves Packet Delivery ratio and Throughput more than the IDSAODV by 1.53% and 10.45Kbps. Hence it makes VANET more safe and reliable.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.27-43
• /
• 2005

EAP provides authentication for each entity based on IEEE Std 802.1x Wireless lAN and RADIUS/DIAMETER protocol, and it uses certificate, dual scheme(e.g., password and token) with the authentication method. The password-based authentication scheme for authenticated key exchange is the most widely-used user authentication method due to various advantages, such as human-memorable simplicity, convenience, mobility, A specific hardware device is also unnecessary, This paper discusses user authentication via public networks and proposes the Split Password-based Authenticated Key Exchange (SPAKE), which is ideal for both authenticating users and exchanging session keys when using a subsequent secure communication over untrusted network, And then we provides EAP authentication framework EAP-SPAKE by using it.