• Title/Summary/Keyword: session private key

Search Result 32, Processing Time 0.025 seconds

Specification and Analysis of Key Recovery System using ECTPN (ECTPN을 이용한 키복구 시스템의 명세 및 분석)

  • Go, Jeong-Ho;Gang, Sang-Seung;Jeon, Eun-A;Lee, Gang-Su
    • The Transactions of the Korea Information Processing Society
    • /
    • v.7 no.6
    • /
    • pp.1874-1885
    • /
    • 2000
  • When a receiver of ciphertext message can not decrypt a message because he has lost his private-key, the private-key of receiver and session-key of the message should be recovered. In this paper, we developed an Encapsulation based Key Recovery System (EKRS). EKRS is a new key encapsulation based key recovery system which is characterized by secretly choice of KRA, randomized target keys. n-way recovery type, and useful for commercial key recovery. EKRS is formally specified by a pictorial model, an Extended Cryptographic Timed Petri Net (ECTPN). Secure information flow and reachability of a session-key are verified by using reachability graph of ECTPN. EKRS, executing over a Public Key Infrastructure, can be used as a security solution in Web based applications such as CALS, EC an EDI.

  • PDF

Secure Key Exchange Protocols against Leakage of Long-tenn Private Keys for Financial Security Servers (금융 보안 서버의 개인키 유출 사고에 안전한 키 교환 프로토콜)

  • Kim, Seon-Jong;Kwon, Jeong-Ok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.3
    • /
    • pp.119-131
    • /
    • 2009
  • The world's widely used key exchange protocols are open cryptographic communication protocols, such as TLS/SSL, whereas in the financial field in Korea, key exchange protocols developed by industrial classification group have been used that are based on PKI(Public Key Infrastructure) which is suitable for the financial environments of Korea. However, the key exchange protocols are not only vulnerable to client impersonation attacks and known-key attacks, but also do not provide forward secrecy. Especially, an attacker with the private keys of the financial security server can easily get an old session-key that can decrypt the encrypted messages between the clients and the server. The exposure of the server's private keys by internal management problems, etc, results in a huge problem, such as exposure of a lot of private information and financial information of clients. In this paper, we analyze the weaknesses of the cryptographic communication protocols in use in Korea. We then propose two key exchange protocols which reduce the replacement cost of protocols and are also secure against client impersonation attacks and session-key and private key reveal attacks. The forward secrecy of the second protocol is reduced to the HDH(Hash Diffie-Hellman) problem.

A Design of Interdependent Multi Session Authentication Scheme for Secure Cloud Service (안전한 클라우드 서비스를 위한 상호의존적 다중세션 인증 기법 설계)

  • Song, Jun Ho;Choi, Do Hyun;Park, Jung Oh
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.10 no.3
    • /
    • pp.181-196
    • /
    • 2014
  • Cloud computer technology currently provides diverse services based on a comprehensive environment ranging from hardware to solution, network and service. While the target of services has been extended from institutions and corporations to personal infrastructure and issues were made about security problems involved with protection of private information, measures on additional security demands for such service characteristics are insufficient. This paper proposes a multi-session authentication technique based on the characteristics of SaaS (Software as a Service) among cloud services. With no reliable authentication authority, the proposed technique reinforced communication sessions by performing key agreement protocol safe against key exposure and multi-channel session authentication, providing high efficiency of performance through key renewal using optimzied key table. Each formed sessions have resistance against deprivation of individual confirmation and service authority. Suggested confirmation technique that uses these features is expected to provide safe computing service in clouding environment.

Efficient Offered Contents Using Broadcast Encryption (브로드캐스트 암호화를 이용한 효율적인 컨텐츠 제공)

  • 이덕규;이임영
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.65-70
    • /
    • 2004
  • The method of broadcast encryption has been applied to the transmission of digital information such as multimedia, software, and paid TV on the open network. In this broadcast encryption method, only previously authorized users can gain access to digital information. When broadcast message is transmitted, authorized users can first decode the session key using the previously given private key and get digital information using this session key. This way, users retrieve a message or a session key using the key transmitted by broadcasters. For their part, broadcasters need to generate and distribute keys. Broadcasters should also carry out efficient key renewal when users subscribe or un-subscriber. In this paper use a broadcast, and present the DRM model, using that look into the requirement about the contents and apply also the concept of a broadcast encryption. We offer the authority to copy as the number of reproduction to want to the user, and the low so that we were convenient because we used.

  • PDF

A Method for Detecting the Exposure of an OCSP Responder's Session Private Key in D-OCSP-KIS (D-OCSP-KIS에서 OCSP Responder의 세션 개인키의 노출을 검출하는 방법)

  • Lee, Young-Gyo;Nam, Jung-Hyun;Kim, Jee-Yeon;Kim, Seung-Joo;Won, Dong-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.4
    • /
    • pp.83-92
    • /
    • 2005
  • D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number or OCSP Responder's certificate but also criers the certificate status validation about OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one day), she can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on I-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of an OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS.

Certificate Issuing Protocol Supporting WAKE-KR (WAKE-KR을 지원하는 인증서 발행 프로토콜)

  • 이용호;이임영
    • Journal of Korea Multimedia Society
    • /
    • v.6 no.2
    • /
    • pp.288-300
    • /
    • 2003
  • As the importance of information security gets recognized seriously, ciphers technology gets used more. Particularly, since public key ciphers are easier to control the key than symmetric key ciphers and also digital signature is easily implemented, public key ciphers are increased used. Nowadays, public key infrastructure is established and operated to use efficiently and securely the public key ciphers. In the public key infrastructure, the user registers at the certificate authority to generate the private key and public key pair and the certificate authority issues the certificate on the public key generated. Through this certificate, key establishment between users is implemented and encryption communication becomes possible. But, control function of session key established in the public key infrastructure is not provided. In this thesis, the certificate issuing protocol to support the key recovery of the session key established during the wireless authentication and key establishment is proposed.

  • PDF

Session Key Agreement Protocol for IoT Home Devices using Shadow Passwords (그림자 패스워드를 사용한 IoT 홈 디바이스 사이의 세션키 공유 프로토콜)

  • Jung, Seok Won
    • Journal of Internet of Things and Convergence
    • /
    • v.6 no.2
    • /
    • pp.93-100
    • /
    • 2020
  • Although various home services are developed as increasing the number of home devices with wire and wireless connection, privacy infringement and private information leakage are occurred by unauthorized remote connection. It is almost caused by without of device authentication and protection of transmission data. In this paper, the devices' secret value are stored in a safe memory of a smartphone. A smartphone processes device authentication. In order to prevent leakage of a device's password, a shadow password multiplied a password by the private key is stored in a device. It is proposed mutual authentication between a smartphone and a device, and session key agreement for devices using recovered passwords on SRP. The proposed protocol is resistant to eavesdropping, a reply attack, impersonation attack.

Security Gateway Extension Mechanism for Session Recovery in Virtual Private Network (가상 사설망에서의 세션 복구 서비스를 위한 Security Gateway 확장 메커니즘)

  • Kim, Jeong-Beom;Lee, Yun-Jung;Park, Nam-Sub;Kim, Tai-Yun
    • Journal of KIISE:Information Networking
    • /
    • v.29 no.1
    • /
    • pp.77-85
    • /
    • 2002
  • The surge in use of networks has recently increased demands for cryptography. Cryptography, however, can cause various problems because of difficulty of key management. A lot of researchers have been concentrating on the key recovery technique to eliminate the reverse effect of using these kinds of security and to promote positive aspects of using it. They have suggested many key recovery techniques up to the present. we propose a mechanism as a solution, which are employed to reduce the time needed to reconnect SG and the host in Host-to-Gateway in VPNs supporting IPsec, in case they are disconnected. This new mechanism using KRFSH stores information at each session in advance so that users can recall the session information when needed to rebuild the tunnel between SG and the host in a VPN. As a result, the mechanism built into SG will solve the problems above in host-to-gateway VPNs using IPsec.

B2B Collaborative Commerce - e-Hub Exchanges -

  • Chong, Michael-H.
    • Proceedings of the CALSEC Conference
    • /
    • 2001.02a
    • /
    • pp.11-30
    • /
    • 2001
  • Session Agenda ㆍ E-Business Economy - B2B · What is C-Commerce? - Marketplace or Businessplace? ㆍ C-Commerce Business Models - Horizontal, Industry, Private ㆍ C-Commerce via Exchange Solution Models - Marketplace Exchange - Supply Chain Exchange - Product Development Exchange ㆍ Integration is key... NOT Functionality(omitted)

  • PDF

A study on advanced Kerberos Authentication between Realms based on PKINIT (PKINIT기반의 향상된 Kerberos 인증에 관한 연구)

  • 신광철;정진욱
    • Journal of the Korea Computer Industry Society
    • /
    • v.2 no.12
    • /
    • pp.1541-1548
    • /
    • 2001
  • In this paper, We propose a new Kerberos certification mechanism that improve certification service based on PKINIT that announce in IETF CAT Working Group. Certification between area connected by chain through PKINIT that use X.509 and DS/DNS mutually for service. In order to provide regional services used private key and public key, X.509 of PKINIT is employed on session part and Kerberos's private key on actual authentication part. New mechanism be reduced communication overload doing to simplify certification formality between Client and remote KDC by KDC's certificate use to get ticket in remote sacred ground and remote KDC's reaffirmation process omitted.

  • PDF