• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.1
• /
• pp.7-18
• /
• 2016

Several authentication methods have been developed to make use of tokens in the mobile networks and smart payment systems. Token used in smart payment system is genearated in place of Primary Account Number. The use of token in each payment transaction is advantageous because the token authentication prevents enemy from intercepting credit card number over the network. Existing token authentication methods work together with the cryptogram, which is computed using the shared key that is provisioned by the token service provider. Long lifetime and repeated use of shared key cause potential brawback related to its vulnerability against the brute-force attack. This paper proposes a per-transaction shared key mechanism, where the per-transaction key is agreed between the mobile device and token service provider for each smart payment transaction. From server viewpoint, per-transaction key list is easy to handle because the per-transaction key has short lifetime below a couple of seconds and the server does not need to maintain the state for the mobile device. We analyze the optimum size of the per-transaction shared key which satisfy the requirements for transaction latency and security strength for secure payment transactions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.5
• /
• pp.2701-2722
• /
• 2017

Key generation is essential for protecting wireless networks. Based on wireless channel reciprocity, transceivers can generate shared secret keys by measuring their communicating channels. However, due to non-simultaneous measurements, asymmetric noises and other interferences, channel measurements collected by different transceivers are highly correlated but not identical and thus might have some discrepancies. Further, these discrepancies might lead to mismatches of bit sequences after quantization. The referred mismatches significantly affect the efficiency of key generation. In this paper, an efficient key generation scheme leveraging wireless channel reciprocity is proposed. To reduce the bit mismatch rate and enhance the efficiency of key generation, the involved transceivers separately apply discrete cosine transform (DCT) and inverse discrete cosine transform (IDCT) to pre-process their measurements. Then, the outputs of IDCT are quantified and encoded to establish the bit sequence. With the implementations of information reconciliation and privacy amplification, the shared secret key can be generated. Several experiments in real environments are conducted to evaluate the proposed scheme. During each experiment, the shared key is established from the received signal strength (RSS) of heterogeneous devices. The results of experiments demonstrate that the proposed scheme can efficiently generate shared secret keys between transceivers.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.1-6
• /
• 2015

The IoT(Internet of things) technology enable objects around user to be connected with each other for sharing information. To support security is the mandatory requirement in IoT because it is related to the disclosure of private information but also directly related to the human safety. However, it is difficult to apply traditional security mechanism into lightweight devices. This is owing to the fact that many IoT devices are generally resource constrained and powered by battery. PSK(Pre-Shared Key) based approach, which share secret key in advance between communication entities thereafter operate security functions, is suitable for light-weight device. That is because PSK is costly efficient than a session key establishment approach based on public key algorithm. However, how to safely set a PSK of the lightweight device in advance is a difficult issue because input/output interfaces such as keyboard or display are constrained in general lightweight devices. To solve the problem, we propose and develop a secure PSK configuration scheme for resource constrained devices in IoT.

• Journal of the Optical Society of Korea
• /
• v.18 no.5
• /
• pp.477-484
• /
• 2014

In this paper, we propose a new optical secret key sharing method based on the Diffie-Hellman key exchange protocol required in cipher system. The proposed method is optically implemented by using a free-space interconnected optical logic gate technique in order to process XOR logic operations in parallel. Also, we present a compact type of optical module which can perform the modified Diffie-Hellman key exchange for a cryptographic system. Schematically, the proposed optical configuration has an advantage of producing an open public key and a shared secret key simultaneously. Another advantage is that our proposed key exchange system uses a similarity to double key encryption techniques to enhance security strength. This can provide a higher security cryptosystem than the conventional Diffie-Hellman key exchange protocol due to the complexity of the shared secret key. Results of numerical simulation are presented to verify the proposed method and show the effectiveness in the modified Diffie-Hellman key exchange system.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2008.10b
• /
• pp.445-448
• /
• 2008

The key establishment between nodes is one of the most important issues to secure the communication in wireless sensor networks. Some researcher used the probabilistic key sharing scheme with a pre-shared key pool to reduce the number of keys and the key disclosure possibility. However, there is a potential possibility that some nodes do not have a common share in the key pool. The purpose of this paper is to devise a peer to peer key sharing protocol (PPKP) based on Quorum system and Diffie-Hellman key exchange scheme (DHS). The PPKP establishes a session key by creating a shared key using the DHS and then scrambles it based on Quorum system to secure that. The protocol reduces the number of necessary keys than the previous schemes and could solve the non-common key sharing possibility problem in the probabilistic schemes.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.10c
• /
• pp.483-487
• /
• 2006

단말의 이동성을 지원하는 Mobile IP에서 MN이 홈 네트워크에서 먼 곳으로 이동하는 경우, 매번 BU 시그널링을 하게 되면 Registration latency가 길어져, 이로 인해 불필요한 네트워크 트래픽을 유발한다. 따라서 계층을 두어 지역적인 이동성을 관리하는 MAP을 도입한 HMIPv6가 제안되었다. HMIPv6는 지역적인 LCoA와 외부에 노출되는 RCoA를 가진다. Mobile IP 환경에서의 BU메시지 취약성은 보안이슈가 되어왔으며, HMIPv6은 두 개의 CoA를 가지므로 보안위협은 배가된다. 본 논문에서는 Static Shared Key를 사용하여 HMIPv6의 LCoA BU 시그널링 관련 메시지의 인증을 제안함으로써 Mobile WG에서 제기된 BU 시그널링의 보안 취약성을 개선하였다.

• The KIPS Transactions:PartC
• /
• v.12C no.2 s.98
• /
• pp.183-190
• /
• 2005

In this thesis, first, we propose I-frame encryption techniques of video data for video data itself encryption and propose license agent that processing user's certification and decryption in client system automatically when user execute encrypted video data in system server. License agent runs user's certification, encryption and decryption of video data based on PID(Public Key Infrastructure) using shared key-pool when execute of video data. Also, compose duplex buffer control and propose real time decryption method using efficient buffer scheduling to reduce much playing delay times that happen processing decryption when execute of videoa data of high-capacity.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4585-4602
• /
• 2016

A novel key sharing fuzzy vault scheme is proposed based on the classic fuzzy vault and the Diffie-Hellman key exchange protocol. In this proposed scheme, two users cooperatively build their fuzzy vault for their shared key using their own biometrics. Either of the users can use their own biometrics to unlock the fuzzy vault with the help of the other to get their shared key without risk of disclosure of their biometrics. Thus, they can unlock the fuzzy vault cooperatively. The security of our scheme is based on the security of the classic fuzzy vault scheme, one-way hash function and the discrete logarithm problem in a given finite group.

• Proceedings of the IEEK Conference
• /
• 2008.06a
• /
• pp.169-170
• /
• 2008

To achieve secure communication in current ZigBee networks, encrypted messages using security keys need to be shared among devices. A link key shared by two devices is used for unicast communications, where the master key is the starting point for establishing a link key. The ZigBee protocol has some limitations in end-to-end key establishment, which are discussed and an improved end-to-end key establishment scheme is presented.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.139-150
• /
• 2009

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.