• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.5
• /
• pp.1687-1707
• /
• 2022

With the development of multiuser online meetings, more group-oriented technologies and applications for instance collaborative work are becoming increasingly important. Authenticated Group Key Agreement (AGKA) schemes provide a shared group key for users with after their identities are confirmed to guarantee the confidentiality and integrity of group communications. On the basis of the Public Key Cryptography (PKC) system used, AGKA can be classified as Public Key Infrastructure-based, Identity-based, and Certificateless. Because the latter type can solve the certificate management overhead and the key escrow problems of the first two types, Certificateless-AGKA (CL-AGKA) protocols have become a popular area of research. However, most CL-AGKA protocols are vulnerable to Public Key Replacement Attacks (PKRA) due to the lack of public key authentication. In the present work, we present a CL-AGKA scheme that can resist PKRA in order to solve impersonation attacks caused by those attacks. Beyond security, improving scheme efficiency is another direction for AGKA research. To reduce the communication and computation cost, we present a scheme with only one round of information interaction and construct a CL-AGKA scheme replacing the bilinear pairing with elliptic curve cryptography. Therefore, our scheme has good applicability to communication environments with limited bandwidth and computing capabilities.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.4
• /
• pp.1839-1848
• /
• 2012

Recently, smartphone communications using Wi-Fi channel are increasing rapidly to provide diverse internet services. The WPA security protocol was used for data protection between user and wireless AP. However, WPA-PSK protocol was known to be weak to the dictionary attack. In this paper, we proposed a secure WPA-PSK protocol to resist the dictionary attack. Since the proposed method was designed to generate a strong encryption key which is combined the Diffie-Hellman key agreement scheme with secrecy property of PSK(Pre-Shared Key), we can protect the Wi-Fi channel from Man-In-The-Middle attack and Rogue AP impersonation attack.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.11
• /
• pp.35-44
• /
• 2005

In Mobile IP protocol, because a mobile node still uses its home IP address even though it moves to foreign network from home network, authentication among mobile node, foreign network and home network is critical issue. Many researches about this issue have been based on shared secret, for example mobile node and home agent authenticate each other with pre-shared symmetry key. And they missed several security issues such as replay attack. Although public key scheme could be applied to this issue easily, since the public key cryptography is computationally complicated, it still has the problem that it is not practical to realistic environment. In this paper, we describe several security issues in Mobile IP protocol. And we propose new Mobile IP authentication protocol that is applicable to realistic environment using public key algorithm based on certificate. It has scalability for mobile nodes and is applicable to the original Mobile IP protocol without any change. Finally we prove security of the proposed protocol and that it might not affect performance of the original Mobile IP protocol.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.16 no.3
• /
• pp.13-19
• /
• 2016

The PSK (Pre-shared Secret Key) based method is appropriate for the IoT environment consisting of lightweight devices since this method requires less computing time and energy than the method to configure the session key based on the public key algorithm. A fundamental prerequisite for the PSK based method is that PSK should have been configured between the communication entities safely in advance. However, in case of a small sensor or actuator, no input and output interface such as keyboard and monitor required for configuration exists, so it is more difficult to configure PSK for such lightweight devices safely in the IoT environment than the previous Internet devices. Especially, normal users lack expertise in security so they face difficulty in configuration. Therefore, the default value configured at the time of manufacturing at factories is used or the device installer configures PSK in most cases. In such case, it is a matter for consideration whether all installers and manufacturers can be trusted or not. In order to solve such problem, this paper proposes a secure bootstrapping scheme, which utilizes the NFC (Near Field Communication) as an OOB (Out-Of-Band) channel, for lightweight devices with limited resources.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.4
• /
• pp.1406-1423
• /
• 2014

Multi-mode device which combines multiple access technologies into a device will offer more cost-effective solution than a sole access implementation. Its concurrent multipath transfer (CMT) technology can transmit media flows over multiple end-to-end paths simultaneously, which is essential to select at least two paths from all available paths. At real networks, different paths are likely to overlap each other and even share bottleneck, which can weaken the path diversity gained through CMT. Spurred by this observation, it is necessary to select multiple independent paths as much as possible to avoid underlying shared bottleneck between topologically joint paths. Recent research in this context has shown that different paths with shared bottleneck can weaken the path diversity gained through CMT. In our earlier work, a grouping-based multipath selection (GMS) mechanism is introduced and developed. However, how to estimating the selection is still to be resolved. In this paper, we firstly introduce a Selection Correctness Index (SCI) to evaluate the correctness of selection results in actual CMT experiment. Therefore, this metric is helpful to discuss and validate the accuracy of the output paths. From extensive experiments with a realized prototype, the proposed scheme provides better evaluation tool and criterion in various network conditions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.27-38
• /
• 2003

Most password-authenticated key exchange schemes in the literature provide an authenticated key exchange between a client and a server based on a pre-shared password. With a rapid change in modem communication environments, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. In this paper we propose a new framework which provides a password-authenticated ky exchange between clients based only on their two different Passwords without my Pre-shared secret, so called Client-to-Client Password-Authenticated Key Exchange(C2C-PAKE). Security notions and types of possible attacks are newly defined according to the new framework We prove our scheme is secure against all types of attacks considered in the paper. Two secure C2C-PAKE schemes are suggested, one in a cross-realm setting and the other in a single-sorrel setting.

• Journal of Information Processing Systems
• /
• v.2 no.1
• /
• pp.48-51
• /
• 2006

To achieve security in wireless sensor networks (WSN), it is important to be able to encrypt messages sent among sensor nodes. We propose a new cryptographic key management protocol, which is based on the clustering scheme but does not depend on the probabilistic key. The protocol can increase the efficiency to manage keys since, before distributing the keys by bootstrap, the use of public keys shared among nodes can eliminate the processes to send or to receive keys among the sensors. Also, to find any compromised nodes safely on the network, it solves safety problems by applying the functions of a lightweight attack-detection mechanism.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.3
• /
• pp.956-970
• /
• 2015

In this paper, we study the design of network coding for the generalized transmit scheme in multiple input multiple output Y channel, where K users wish to exchange specified and shared information with each other within two slots. Signal space alignment at each user and the relay is carefully constructed to ensure that the signals from the same user pair are grouped together. The cross-pair interference can be canceled during both multiple accessing channel phase and broadcasting channel phase. The proposed signal processing scheme achieves the degrees of freedom of ${\eta}(K)=K^2$ with fewer user antennas.

• ETRI Journal
• /
• v.37 no.3
• /
• pp.512-522
• /
• 2015

Recent developments in identity-based cryptography (IBC) have provided new solutions to problems related to the security of mobile ad hoc networks (MANETs). Although many proposals to solve problems related to the security of MANETs are suggested by the research community, there is no one solution that fits all. The interdependency cycle between secure routing and security services makes the use of IBC in MANETs very challenging. In this paper, two novel methods are proposed to eliminate the need for this cycle. One of these methods utilizes a key pool to secure routes for the distribution of cryptographic materials, while the other adopts a pairing-based key agreement method. Furthermore, our proposed methods utilize threshold cryptography for shared secret and private key generation to eliminate the "single point of failure" and distribute cryptographic services among network nodes. These characteristics guarantee high levels of availability and scalability for the proposed methods. To illustrate the effectiveness and capabilities of the proposed methods, they are simulated and compared against the performance of existing methods.

• Journal of KIISE:Computer Systems and Theory
• /
• v.26 no.1
• /
• pp.33-42
• /
• 1999

지금까지의 bitonic sorting 에 대한 연구는 N 개의 key를 정렬하기 위해서는 N/2(or N)개의 프로세서가 필요하였다. 여기서는 프로세서의 수가 정렬하고자 하는 key 수에 독립적이고 또한 N/2개 이하인 경우를 고려하였다. 따라서 본 연구에서는 공유 메모리 병렬 컴퓨터 환경에서 N 개의 Key를 고정도니 수의 프로세서를 사용하여 O(log2N) 시간에 정렬 할 수 있는 두 종류의 범용 bitonic sorting 알고리즘을 구현하였다. 첫째로, VITURAL-GPBS 알고리즘은 하나의 프로세서를 사용하여 여러 개의 프로세서가 하는 역할을 모방하므로써 정렬을 수행하도록 하였다. 둘째로, VIRTUAL-GPBS 알고리즘보다 좀 더 효율적이고 빠른 FAST-GPBS 알고리즘을 소개하였다. 두 알고리즘의 주요 차이점은 FAST-GPBS 알고리즘에서는 각각의 프로세서에 배정된 여러 개의 key를 각 프로세서 내에서 가장 빠른 순차 정렬 알고리즘을 사용하면서 먼저 지역적으로 정렬을 함으로써 VIRTUAL-GPBS 보다 효율이 50% 이상 향상된 정렬을 수행할 수 있도록 하였다. FAST-GPBS 알고리즘은 compare-exchange 대신 merge-split 작업을 함으로써 컴퓨터의 사용 효율을 향상시킬 수 있다.