• Journal of Internet Computing and Services
• /
• v.7 no.1
• /
• pp.59-64
• /
• 2006

Harn al proposed a GKRS(Global Key Recovery System) that combines the functions of the key recovery authorities and the public key certification authorities(CA), Among other features, user dominance(i.e, a user is allowed to select his own public-private key pair and especially a public element for verifying the validity of the public-private key pair)is proposed by [1] for wide acceptance of GKRS. In this paper, we attack the RSA version of GKRS by showing that its user-dominance feature and the corresponding key verification scheme employed by the CA allow for fraud by users against CA. We propose more secure GKPS than original GKPS, The proposed system makes the probability of user fraud negligible small.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.8
• /
• pp.5294-5302
• /
• 2014

The development of public-key-based technique that enables a variety of services(E-government, e-banking, e-payment, etc.) evaluated as having complete safety. On the other hand, vulnerabilities(e.g, heartbleed bug, etc.) are constantly being discovered. In this paper, a public key infrastructure to verify the safety and reliability, the collision rate using OpenSSL key pair was analyzed. the experiment was performed using the following procedure. Openssl was used to create five private certification agencies, and each of the private certificate authority certificates to create 2 million, generating a total of 10 million by the certificate of the key pair conflicts analysis. The results revealed 35,000 in 1 million, 0.35% chance of a public key, a private key conflict occurred. This is sufficient in various fields(E-payment, Security Server, etc.). A future public-key-based technique to remove the threat of a random number generator, large minority issues, in-depth study of selection will be needed.

• Journal of Korea Multimedia Society
• /
• v.6 no.2
• /
• pp.288-300
• /
• 2003

As the importance of information security gets recognized seriously, ciphers technology gets used more. Particularly, since public key ciphers are easier to control the key than symmetric key ciphers and also digital signature is easily implemented, public key ciphers are increased used. Nowadays, public key infrastructure is established and operated to use efficiently and securely the public key ciphers. In the public key infrastructure, the user registers at the certificate authority to generate the private key and public key pair and the certificate authority issues the certificate on the public key generated. Through this certificate, key establishment between users is implemented and encryption communication becomes possible. But, control function of session key established in the public key infrastructure is not provided. In this thesis, the certificate issuing protocol to support the key recovery of the session key established during the wireless authentication and key establishment is proposed.

• Journal of Korea Multimedia Society
• /
• v.7 no.7
• /
• pp.922-933
• /
• 2004

In recent years, peer-to-peer network have a greate deal of attention for distributed computing or collaborative application, and work of ID-based public key systems have been focusing on the area of cryptography. In this paper, we propose ID-based group key management protocols for secure communication in autonomous peer group. Each member obtains his public/private key pair derived from his identification string from Private Key Generator. No central server participates in group key management protocol instead, all group members share the burden of group key management by the collaboration of themselves, so that our scheme avoids the single point of failure problem. In addition, our scheme considers the nature of dynamic peer group such as frequent joining and leaving of a member.

• Journal of Arbitration Studies
• /
• v.9 no.1
• /
• pp.367-390
• /
• 1999

The basic requirements for conducting electronic commerce include confidentiality, integrity, authentication and authorization. Cryptographic algorithms, make possible use of powerful authentication and encryption methods. Cryptographic techniques offer essential types of services for electronic commerce : authentication, non-repudiation. The oldest form of key-based cryptography is called secret-key or symmetric encryption. Public-key systems offer some advantages. The public key pair can be rapidly distributed. We don't have to send a copy of your public key to all the respondents. Fast cryptographic algorithms for generating message digests are known as one-way hash function. In order to use public-key cryptography, we need to generate a public key and a private key. We could use e-mail to send public key to all the correspondents. A better, trusted way of distributing public keys is to use a certification authority. A certification authority will accept our public key, along with some proof of identity, and serve as a repository of digital certificates. The digital certificate acts like an electronic driver's license. The Korea government is trying to set up the Public Key Infrastructure for certificate authorities. Both governments and the international business community must involve archiving keys with trusted third parties within a key management infrastructure. The archived keys would be managed, secured by governments under due process of law and strict accountability. It is important that all the nations continue efforts to develop an escrowed key in frastructure based on voluntary use and international standards and agreements.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.781-793
• /
• 2014

A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.3-10
• /
• 2013

Several identity-based and authenticated key agreement protocols have been proposed. It remains at issue to design secure identity based and authenticated key agreement protocols. In this paper, we propose a one round authenticated group key agreement protocol which uses one more key pair as well as the public key and private key of typical IBE(Identity-Based Encryption) system. The proposed protocol modified Shi et al.'s protocol and He et al.'s protocol. The public and private keys and the signature process of our protocol are simpler than them of their protocols. Our protocol is secure and more efficient than their protocols in communication and computation costs.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.4
• /
• pp.200-206
• /
• 2014

Accountable Internet Protocol (AIP) is one of the future Internet architectures to provide accountability concept by using the self-certifying address that is derived by the public key of the host. In AIP, when a host sends a packet, a domain that is located between the source and the destination hosts discards the packet in order to verify the source IP address. Therefore, performance degradation can occur due to packet discard especially when there is asymmetric route. In this paper, we propose the improved AIP mechanism to verify the source IP address without discarding the packet by including the timestamp, public key value and the signature for protecting from forfeiting the source address. Security safety of the proposed mechanism is evaluated and the proposed mechanism can provide the more robust security as well as reducing the latency due to discarding packets.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.200-202
• /
• 2017

To improve the security of OAuth 2.0 access token transportation and satisfy the challenge of resources constraint caused by the bearer token access mechanism of the OAuth 2.0, we proposed an extensional client authentication scheme that is based on the Proof-of-Possession (PoP) token mechanism. By improving the integrity of PoP token, we bind a PoP key of a public/private key pair to the PoP token. The authorization server and the resource server can authenticate the identity of the client by verifying whether the client has the possession of the PoP token. If the client can prove that it has a PoP key that matches the PoP token, then the identity of the client can be authenticated. This experimental evaluation can confirm that this scheme effectively dealing with the issue of client identity authentication and reduce resources consumption.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.5-15
• /
• 2015

Electronic transactions have been increasing with the development of the high-speed Internet and wireless communication. However, in recent years financial corporations and mobile carriers were attacked by hackers. And large numbers of privacy information have been leaked. In particular, in the case of credit card information can be misused in the online transaction, and the damage of this given to cardholder. To prevent these problems, it has been proposed to use a virtual card number instead of the actual card number. But it has security vulnerability and requires additional security infrastructure. In this paper, we analyzed the proposed virtual card number schemes. and we propose a new virtual credit card number scheme. In the newly proposed scheme, cardholder generates a key pair (public key/private key) and pre-register public key to the issuer. then, cardholder can pay no additional security infrastructure while still efficiently satisfy the security requirements.