• 제목/요약/키워드: key management protocol

검색결과 301건 처리시간 0.023초

안전한 멀티캐스트 키분배 프로토콜 (A Secure Multicast Key Distribution Protocol)

  • 조현호;박영호;이경현
    • 한국정보통신학회:학술대회논문집
    • /
    • 한국해양정보통신학회 2001년도 춘계종합학술대회
    • /
    • pp.152-156
    • /
    • 2001
  • 인터넷의 활성화에 힘입어 멀티캐스트 응용을 위한 다양한 연구가 진행되어져오고 있다. 본 논문에서는 OFT(One-way Function Trees)를 사용한 안전한 멀티캐스트 키분배 프로토콜을 제안한다. 제안하는 프로토콜은 DKMP(Distributed Key Management Protocol)방식과 CKMF(Centralized Key Management Protocol)방식 각각의 특성 및 장점을 살린 혼합 방식으로, DKMP의 특성인 그룹 키 생성시 모든 멤버의 참여를 보장하는 측면과 CKMP의 특성인 키 관리 및 프로토콜 설계의 용이성을 고려하여 설계하였다. 또한 제안된 프로토콜은 그룹 비밀키 생성시 해쉬 함수와 비트단위 XOR 연산만을 이용하기 때문에 멤버들의 연산 오버헤드를 줄일 수 있어, 멤버의 가입 및 탈퇴가 빈번히 발생하는 동적인 환경에 효율적으로 활용될 수 있다.

  • PDF

안전한 멀티캐스트 통신을 위한 효율적인 그룹키 관리 프로토콜 (Effective group key management protocol for secure multicast communication)

  • 이현종;김진철;오영환
    • 한국통신학회논문지
    • /
    • 제28권7C호
    • /
    • pp.733-742
    • /
    • 2003
  • 유니캐스트와는 달리 멀티캐스트 환경에는 상당히 많은 전송 링크가 존재하기 때문에 그 만큼 보안을 위협하는 요소들이 많이 존재한다. 따라서 안전한 멀티캐스트 통신을 위해서는 멀티캐스트 트래픽을 보호하는 메커니즘이 필수적이고 이러한 메커니즘의 핵심적인 요소 기술은 그룹키를 효율적으로 그룹 구성원들에게 분배하는 것이다. 멀티캐스트 환경에서 보안성을 제공하기 위해 최근가지 진행되어 오고 있는 연구들은 대부분 그룹키 분배에 관련된 것들이다. 본 논문에서는 멀티캐스트 환경에서 키 서버의 트래픽 집중을 효율적으로 분산시킬 수 있는 그룹키 관리 구조를 제안하였다. 제안한 프로토콜은 분산된 키 관리 구조와 서브 그룹 단위로 그룹키를 갱신한다. 시뮬레이션을 통하여 제안한 멀티캐스트 그룹키 관리 프로토콜을 기존의 연구들과 비교한 결과 가입 및 탈퇴 지연시간과 데이터 전송 지연 시간 측면에서 향상된 성능을 나타냄을 알 수 있었다.

Efficient Certificateless Authenticated Asymmetric Group Key Agreement Protocol

  • Wei, Guiyi;Yang, Xianbo;Shao, Jun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제6권12호
    • /
    • pp.3352-3365
    • /
    • 2012
  • Group key agreement (GKA) is a cryptographic primitive allowing two or more users to negotiate a shared session key over public networks. Wu et al. recently introduced the concept of asymmetric GKA that allows a group of users to negotiate a common public key, while each user only needs to hold his/her respective private key. However, Wu et al.'s protocol can not resist active attacks, such as fabrication. To solve this problem, Zhang et al. proposed an authenticated asymmetric GKA protocol, where each user is authenticated during the negotiation process, so it can resist active attacks. Whereas, Zhang et al.'s protocol needs a partially trusted certificate authority to issue certificates, which brings a heavy certificate management burden. To eliminate such cost, Zhang et al. constructed another protocol in identity-based setting. Unfortunately, it suffers from the so-called key escrow problem. In this paper, we propose the certificateless authenticated asymmetric group key agreement protocol which does not have certificate management burden and key escrow problem. Besides, our protocol achieves known-key security, unknown key-share security, key-compromise impersonation security, and key control security. Our simulation based on the pairing-based cryptography (PBC) library shows that this protocol is efficient and practical.

Key Establishment and Pairing Management Protocol for Downloadable Conditional Access System Host Devices

  • Koo, Han-Seung;Kwon, O-Hyung;Lee, Soo-In
    • ETRI Journal
    • /
    • 제32권2호
    • /
    • pp.204-213
    • /
    • 2010
  • In this paper, we investigate the possible security threats to downloadable conditional access system (DCAS) host devices. We then propose a DCAS secure micro (SM) and transport processor (TP) security protocol that counters identified security threats using a secure key establishment and pairing management scheme. The proposed protocol not only resists disclosed SM ID and TP ID threats and indirect connection between TA and TP threats, but also meets some desirable security attributes such as known key secrecy, perfect forward secrecy, key compromised impersonation, unknown key-share, and key control.

Authentication and Key Agreement Protocol for Secure End-to-End Communications on Mobile Networks

  • Park, Jeong-Hyun;Kim, Jin-Suk;Kim, Hae-Kyu;Yang, Jeong-Mo;Yoo, Seung-Jae
    • 한국지능시스템학회:학술대회논문집
    • /
    • 한국퍼지및지능시스템학회 2003년도 ISIS 2003
    • /
    • pp.256-259
    • /
    • 2003
  • This paper presents mutual authentication scheme between user and network on mobile communications using public key scheme based on counter, and simultaneously shows key agreement between user and user using random number for secure communications. This is also a range of possible solutions to authentication and key agreement problem-authentication and key agreement protocol based on nonce and count, and secure end-to-end protocol based on the function Y=f(.)$\^$1/, C$\^$i/ is count of user I, and f(.) is one way function.

  • PDF

무선 센서 네트워크망에서의 효율적인 키 관리 프로토콜 분석 (Analyses of Key Management Protocol for Wireless Sensor Networks in Wireless Sensor Networks)

  • 김정태
    • 한국정보통신학회:학술대회논문집
    • /
    • 한국해양정보통신학회 2005년도 추계종합학술대회
    • /
    • pp.799-802
    • /
    • 2005
  • In this paper, we analyses of Key Management Protocol for Wireless Sensor Networks in Wireless Sensor Networks. Wireless sensor networks have a wide spectrum of civil military application that call for security, target surveillance in hostile environments. Typical sensors possess limited computation, energy, and memory resources; therefore the use of vastly resource consuming security mechanism is not possible. In this paper, we propose a cryptography key management protocol, which is based on identity based symmetric keying.

  • PDF

Cross-Realm 환경에서 패스워드기반 키교환 프로토콜 (Password-Based Key Exchange Protocols for Cross-Realm)

  • 이영숙
    • 디지털산업정보학회논문지
    • /
    • 제5권4호
    • /
    • pp.139-150
    • /
    • 2009
  • Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

Key Distribution for Heterogeneous Public-Key Cryptosystems

  • Lv, Xixiang;Yi, Mu;Hui, Li
    • Journal of Communications and Networks
    • /
    • 제15권5호
    • /
    • pp.464-468
    • /
    • 2013
  • The widespread use of cryptographic technologies is complicated by inconsistencies and duplication in the key management systems supporting their applications. The proliferation of key management systems or protocols also results in higher operational and infrastructure costs, and fails in interoperability. Thus, it is essential to realize key management interoperability between different and heterogeneous cryptosystems. This paper presents a practical and separable key management system for heterogeneous public-key cryptosystems. We achieve the interoperability between different cryptosystems via cryptography approaches rather than communication protocols. With our scheme, each client can freely use any kind of cryptosystemthat it likes. The proposed scheme has two advantages over the key management interoperability protocol introduced by the organization for the advancement of structured information standards. One is that all the related operations do not involve the communication protocol and thus no special restrictions are taken on the client devices. The other is that the proposed scheme does not suffer from single-point fault and bottleneck problems.

EPON MAC 계층의 안전한 데이터 전송을 위한 인증 및 키관리 프로토콜 (An Authentication and Key Management Protocol for Secure Data Exchange in EPON MAC Layer)

  • 강인곤;이도훈;이봉주;김영천
    • 한국통신학회논문지
    • /
    • 제28권1B호
    • /
    • pp.1-10
    • /
    • 2003
  • IEEE 802 3ah에서 표준화가 진행되고 있는 EPON은 하나의 OLT와 다수의 ONU가 수동소자에 의해 트리 구조로 연결되므로 도청, 위장, 가용성 등의 보안 위협을 포함한다 본 논문에서는 EPON에서 보안 위협으로부터 망을 보호하고 안전한 데이터 전송을 보장하기 위해 MAC 계층에서 인증 및 비밀성 서비스를 제공하는 보안 프로토콜을 설계하였다. 설계된 보안 프로토콜은 효율적인 키관리를 위하여 공개키 기반 인증 및 키관리 프로토콜을 이용하며, 비밀성 서비스를 위하여 최근 표준화된 AES의 Rijndael 알고리즘을 채택하였다. 제안된 인증 및 키관리 프로토콜은 인증과 공개키 교환을 동시에 수행하며, 공개 난수를 전송하여 공통의 암호키를 생성하는 안전한 프로토콜이다. 키관리의 구현을 위하여 인증 및 공개키 교환 절차, 세션키 변경 절차, 키복구 절차 등을 제안하였다. 제안된 프로토콜을 검증하기 위하여 알려진 세션키, 전향적 비밀성, 미지키 공유, 키손상 위장 등의 안전성을 분석하였다.

Efficient and Security Enhanced Evolved Packet System Authentication and Key Agreement Protocol

  • Shi, Shanyu;Choi, Seungwon
    • 디지털산업정보학회논문지
    • /
    • 제13권1호
    • /
    • pp.87-101
    • /
    • 2017
  • As people increasingly rely on mobile networks in modern society, mobile communication security is becoming more and more important. In the Long Term Evolution/System Architecture Evolution (LTE/SAE) architecture, the 3rd Generation Partnership (3GPP) team has also developed the improved Evolved Packet System Authentication and Key Agreement (EPS AKA) protocol based on the 3rd Generation Authentication and Key Agreement (3G AKA) protocol in order to provide mutual authentication and secure communication between the user and the network. Unfortunately, the EPS AKA also has several vulnerabilities such as sending the International Mobile Subscriber Identity (IMSI) in plain text (which leads to disclosure of user identity and further causes location and tracing of the user, Mobility Management Entity (MME) attack), man-in-middle attack, etc. Hence, in this paper, we analyze the EPS AKA protocol and point out its deficiencies and then propose an Efficient and Security Enhanced Authentication and Key agreement (ESE-EPS AKA) protocol based on hybrid of Dynamic Pseudonym Mechanism (DPM) and Public Key Infrastructure (PKI) retaining the original framework and the infrastructure of the LTE network. Then, our evaluation proves that the proposed new ESE-EPS AKA protocol is relatively more efficient, secure and satisfies some of the security requirements such as confidentiality, integrity and authentication.