• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1212-1228
• /
• 2016

Secure communication is an important aspect of today's interconnected environments and it can be achieved by the use of cryptographic algorithms and protocols. However, many existing cryptographic mechanisms are tightly integrated into communication protocols. Issues emerge when security vulnerabilities are discovered in cryptographic mechanisms because their replacement would eventually require replacing deployed protocols. The concept of cryptographic agility is the solution to these issues because it allows dynamic switching of cryptographic algorithms and keys prior to and during the communication. Most of today's secure protocols implement cryptographic agility (IPsec, SSL/TLS, SSH), but cryptographic agility mechanisms cannot be used in a standalone manner. In order to deal with the aforementioned limitations, we propose a lightweight cryptographically agile agreement model, which is formally verified. We also present a solution in the Agile Cryptographic Agreement Protocol (ACAP) that can be adapted on various network layers, architectures and devices. The proposed solution is able to provide existing and new communication protocols with secure communication prerequisites in a straightforward way without adding substantial communication overhead. Furthermore, it can be used between previously unknown parties in an opportunistic environment. The proposed model is formally verified, followed by a comprehensive discussion about security considerations. A prototype implementation of the proposed model is demonstrated and evaluated.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.17-27
• /
• 2021

Non-abelian group based cryptosystems are a latest research inspiration, since they offer better security due to their non-abelian properties. In this paper, we propose a novel approach to non-abelian group based public-key cryptographic protocols using semidirect products of finite groups. An intractable problem of determining automorphisms and generating elements of a group is introduced as the underlying mathematical problem for the suggested protocols. Then, we show that the difficult problem of determining paths and cycles of Cayley graphs including Hamiltonian paths and cycles could be reduced to this intractable problem. The applicability of Hamiltonian paths, and in fact any random path in Cayley graphs in the above cryptographic schemes and an application of the same concept to two previous cryptographic protocols based on a Generalized Discrete Logarithm Problem is discussed. Moreover, an alternative method of improving the security is also presented.

• Review of KIISC
• /
• v.12 no.2
• /
• pp.62-76
• /
• 2002

Incautiously designed and informally verified cryptographic protocols are error-prone and can allow an adversary to have the ideal starting point for various kinds of attacks. The flaws resulting from these protocols can be subtle and hard to find. Accordingly we need formal methods for systematic design and verification of cryptographic protocols. This paper surveys the state-of-the-art and proposes a practical developing method that will be implemented in the future study.

• The KIPS Transactions:PartC
• /
• v.9C no.6
• /
• pp.799-808
• /
• 2002

According to the wide-spread of information transmission system over network, the use of cryptographic system to provide the integrity of transmitted message over network is increasing and the importance of that is emphasized. Because the security of the cryptographic system totally relies on the key, key management is a essential part of cryptographic system. A number of key agreement protocols have been proposed to far, but their rigorous security analysis is still open. In this paper, we analyze the features of Diffie-Hellman based standard key agreement protocols and provide the security analysis of those protocols against several kinds of active attacks.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.369-372
• /
• 2002

An anonymous authentication scheme allows a user to identify himself as a member of a group of users in a secure and anonymous way. It seems to be crucial and indispensable components in English auction, electronic voting and open procurement, which are getting very popular business areas in E-commerce. First, we briefly describe the previous anonymous authentication protocols how to work and what cryptographic techniques adopted to increase performance and achieve anonymity. Second, we compare those protocols from the viewpoint of the communication and computation complexity and the specific cryptographic techniques used in their protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.193-200
• /
• 2022

Unknown cryptographic communication protocols may have advantage of guaranteeing personal and data privacy, but when used for malicious purposes, it is almost impossible to identify and respond to using existing network security equipment. In particular, there is a limit to manually analyzing a huge amount of traffic in real time. Therefore, in this paper, we attempt to identify packets of unknown cryptographic communication protocols and separate fields comprising a packet by using machine learning techniques. Using sequential patterns analysis, hierarchical clustering, and Pearson's correlation coefficient, we found that the structure of packets can be automatically analyzed even for an unknown cryptographic communication protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6B
• /
• pp.219-232
• /
• 2008

A novel idea of protocol security analysis is presented based on trusted freshness. The idea has been implemented not only by hand but also by a belief muitisets formalism for automation. The key of the security analysis based on trusted freshness is a freshness principle: for each participant of a cryptographic protocol, the security of the protocol depends only on the sent or received one-way transformation of a message, which includes a trusted freshness. The manual security analysis method and the belief multisets formalism are all established on the basis of the freshness principle. Security analysis based on trusted freshness can efficiently distinguish whether a message is fresh or not, and the analysis results suggest the correctness of a protocol convincingly or the way to construct attacks intuitively from the absence of security properties. Furthermore, the security analysis based on trusted freshness is independent of the idealization of a protocol, the concrete formalization of attackers' possible behaviors, and the formalization of concurrent runs of protocols.

• Proceedings of the KIEE Conference
• /
• 2004.11c
• /
• pp.123-125
• /
• 2004

The importance for Internet security has being increased and the Internet Protocol Security (IPSec) standard, which incorporates cryptographic algorithms, has been developed as one solution to this problem. IPSec provides security services in IP-Layer using IP Authentication Header (AH) and IP Encapsulation Security Payload (ESP). In this paper, we propose IPSec cryptographic processor design based AMBA architecture. Our design which is comprised Rijndael cryptographic algorithm and HAMC-SHA-1 authentication algorithm supports the cryptographic requirements of IP AH, IP ESP, and any combination of these two protocols. Also, our IPSec cryptographic processor operates as AMBA AHB Slave. We designed IPSec cryptographic processor using Xilinx ISE 5.2i and VHDL, and implemented our design using Xilinx's FPGA Vertex XCV600E.

• International journal of advanced smart convergence
• /
• v.13 no.2
• /
• pp.69-79
• /
• 2024

AI technology is a central focus of the 4th Industrial Revolution. However, compared to some existing non-artificial intelligence technologies, new AI adversarial attacks have become possible in learning data management, input data management, and other areas. These attacks, which exploit weaknesses in AI encryption technology, are not only emerging as social issues but are also expected to have a significant negative impact on existing IT and convergence industries. This paper examines various cases of AI adversarial attacks developed recently, categorizes them into five groups, and provides a foundational document for developing security guidelines to verify their safety. The findings of this study confirm AI adversarial attacks that can be applied to various types of cryptographic modules (such as hardware cryptographic modules, software cryptographic modules, firmware cryptographic modules, hybrid software cryptographic modules, hybrid firmware cryptographic modules, etc.) incorporating AI technology. The aim is to offer a foundational document for the development of standardized protocols, believed to play a crucial role in rejuvenating the information security industry in the future.

• Journal of Internet Computing and Services
• /
• v.6 no.5
• /
• pp.11-25
• /
• 2005

In MIPv6 environment, an important design consideration for public key based binding update protocols is to minimize asymmetric cryptographic operations in mobile nodes with constraint computational power, such as PDAs and cellular phones, For that, public key based protocols such as CAM-DH. SUCV and Deng-Zhou-Bao's approach provides an optimization to offload asymmetric cryptographic operations of a mobile node to its home agent. However, such protocols have some problems in providing the optimization. Especially, CAM-DH with this optimization does not unload all asymmetric cryptographic operations from the mobile node, while resulting in the home agent's vulnerability to denial of service attacks. In this paper, we improve the drawbacks of CAM-DH. Furthermore, we adopt Aura's two hash-based CGA scheme to increase the cost of brute-force attacks searching for hash collisions in the CGA method. The comparison of our protocol with other public key based protocols shows that our protocol can minimize the MN's computation overhead, in addition to providing better manageability and stronger security than other protocols.