• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 2003년도 하계학술대회논문집
• /
• pp.126-132
• /
• 2003

본 논문에서는 PAK(Password-Authenticated Key Exchange)와 PAK-R 프로토콜 기반으로 세가지 형태의 MTI(Matsumoto, Takashima, Imai) 키 일치 프로토콜을 적용하여, 안전한 보안성 요구 조건을 만족하면서 다양한 시스템에 적용할 수 있는, 패스워드-인증 키 분배 프로토콜을 소개하고자 한다. PAK 패스워드-인증 키 프로토콜은 통신 주체의 짧은 길이의 패스워드를 이용하여 통신 주체의 식별 및 상호 인증 후, 크기가 긴 세션키를 분배하기 위한 프로토콜이다. 또한 PAK는 이미 안전한 보안성이 증명되었고,［8,9,10］이를 이용한 많은 패스워드 기반의 인증 키 분배 프로토콜이 소개되었다. 본 논문은 이미 안정성 검증이 된 키 분배 프로토콜을 이용하여 새로운 PAK 프로토콜을 제안하며, credential의 이용성을 보장하기 위한 다양한 응용에 적용될 수 있다.

• Journal of information and communication convergence engineering
• /
• 제7권3호
• /
• pp.340-344
• /
• 2009

Multi-server password authentication schemes enable remote users to obtain service from multiple servers with single password without separately registering to each server. In 2007, Hu-Niu-Yang proposed an improved efficient password authenticated key agreement scheme for multi-server architecture based on Chang-Lee's scheme proposed in 2004. This scheme is claimed to be more efficient and is able to overcome a few existing deficiencies in Chang-Lee's scheme. However, we find false claim of forward secrecy property and some potential threats such as offline dictionary attack, key-compromise attack, and poor reparability in their scheme. In this paper, we will discuss these issues in depth.

• Journal of applied mathematics & informatics
• /
• 제24권1_2호
• /
• pp.461-470
• /
• 2007

In CRYPTO 1995, Bellare, $Gu\'{e}rin$, and Rogaway proposed a very efficient message authentication scheme. This scheme is secure against adaptive chosen message attacks, under the assumption that its underlying primitive is a pseudorandom function. This article studies how to weaken that assumption. For an adaptive chosen message attack, we take into account two scenarios. On the one hand, the adversary intercepts the authenticated messages corresponding to messages chosen adaptively by herself, so the verifier does not receive them. On the other hand, the adversary can only eavesdrop the authenticated messages corresponding to messages chosen adaptively by herself, so the verifier receives them. We modify the original scheme. In the first scenario, our scheme is secure if the underlying primitive is a pseudorandom function. In the second scenario, our scheme is still secure under a weaker assumption that the underlying primitive is an indistinguishable-uniform function.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제5권3호
• /
• pp.607-625
• /
• 2011

Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권5호
• /
• pp.1904-1919
• /
• 2015

Deniable authentication protocol allows a sender to deny his/her involvement after the protocol run and a receiver can identify the true source of a given message. Meanwhile, the receiver has no ability to convince any third party of the fact that the message was sent by the specific sender. However, most of the proposed protocols didn't achieve confidentiality of the transmitted message. But, in some special application scenarios such as e-mail system, electronic voting and Internet negotiations, not only the property of deniable authentication but also message confidentiality are needed. To settle this problem, in this paper, we present a non-interactive identity-based deniable authenticated encryption (IBDAE) scheme using pairings. We give the security model and formal proof of the presented IBDAE scheme in the random oracle model under bilinear Diffie-Hellman (BDH) assumption.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권2호
• /
• pp.935-949
• /
• 2016

In this paper, we present a novel authenticated group key distribution scheme for large and dynamic multicast groups without employing traditional symmetric and asymmetric cryptographic operations. The security of our scheme is mainly based on the basic theories for solving linear equations. In our scheme, a large group is divided into many subgroups, where each subgroup is managed by a subgroup key manager (SGKM) and a group key generation center (GKGC) further manages all SGKMs. The group key is generated by the GKGC and then propagated to all group members through the SGKMs, such that only authorized group members can recover the group key but unauthorized users cannot. In addition, all authorized group members can verify the authenticity of group keys by a public one-way function. The analysis results show that our scheme is secure and efficient, and especially it is very appropriate for secure multicast communications in large and dynamic client-server networks.

• 정보보호학회논문지
• /
• 제26권3호
• /
• pp.609-612
• /
• 2016

인증된 키 교환 프로토콜에서 두 참여자는 주고받은 공통된 값과 공통의 세션 키를 이용하여 해시 기반 인증자(hash-based authenticator)를 만들고 이를 통해 참여자들의 인증을 유도한다. 본 짧은 논문에서는 이러한 해시 기반 인증자의 입력을 부주의하게 설계하면 전체적인 프로토콜의 안전성을 보장하지 않을 수 있음을, Tsai 기타 등등이 2013년에 제안한 프로토콜을 통해, 보인다.

• Journal of Information Processing Systems
• /
• 제7권1호
• /
• pp.159-172
• /
• 2011

A designated verifier signature is a special type of digital signature, which convinces a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party. A strong designated verifier signature scheme enhances the privacy of the signer such that no one but the designated verifier can verify the signer's signatures. In this paper we present two generic frame works for constructing strong designated verifier signature schemes from any secure ring signature scheme and any deniable one-pass authenticated key exchange protocol, respectively. Compared with similar protocols, the instantiations of our construction achieve improved efficiency.

• Journal of Communications and Networks
• /
• 제18권2호
• /
• pp.190-200
• /
• 2016

In this paper, we consider some aspects of binding properties that bind an anonymous user with messages. According to whether all the messages or some part of the messages are bound with an anonymous user, the protocol is said to satisfy the full binding property or the partial binding property, respectively. We propose methods to combine binding properties and anonymity-based authenticated key agreement protocols. Our protocol with the full binding property guarantees that while no participant's identity is revealed, a participant completes a key agreement protocol confirming that all the received messages came from the other participant. Our main idea is to use an anonymous signature scheme with a signer-controlled yet partially enforced linkability. Our protocols can be modified to provide additional properties, such as revocable anonymity. We formally prove that the constructed protocols are secure.

• 한국정보처리학회:학술대회논문집
• /
• 한국정보처리학회 2003년도 추계학술발표논문집 (하)
• /
• pp.1759-1762
• /
• 2003

최근 키 분배 프로토콜과는 다르게 하드웨어에 암호키를 저장하여 사용하는 것과 달리, 사용자가 기억할 수 있는 길이의 패스워드(password)를 사용해 서버와의 인증과 키 교환을 동시에 수행하는 패스워드 기반 키 분배 프로토콜이 제안되고 있다. 본 논문에서는 이러한 패스워드 기반의 키 분배 프로토콜 중 BPKA(Balanced Password-authenticated Key Agreement)에 속하는 DH-EKE(Diffie-Hellman Encrypted Key Exchange), PAK(Password-Authenticated Key exchange), SPEKE(Simple Password Exponential Key Exchange) 프로토콜을 비교 분석하고, 이를 바탕으로 기존의 BPKA 프로토콜에 비해 적은 연산량을 가지면서 사용자와 서버가 각기 다른 정보를 갖는 패스워드-검증자 기반 프로토콜을 제안한다. 본 논문에서 제안하는 패스워드 기반 키 분배 프로토콜의 안전성 분석을 위해 Active Impersonation 과 Forward Secrecy, Off-line dictionary attack, Man-in-the -middle Attack 등의 공격모델을 적용하였다.