• Journal of information and communication convergence engineering
• /
• v.9 no.4
• /
• pp.431-434
• /
• 2011

Password-based user-authentication schemes have been widely used when users access a server to avail internet services. Multiserver password-authentication schemes enable remote users to obtain service from multiple servers without separately registering with each server. In 2008, Jia-Lun Tsai proposed an improved and efficient password-authenticated key agreement scheme for a multiserver architecture based on Chang-Lee's scheme proposed in 2004. However, we found that Tsai's scheme does not provide forward secrecy and is weak to insider impersonation and denial of service attacks. In this article, we describe the drawbacks of Tsai's scheme and provide a countermeasure to satisfy the forward secrecy property.

• Journal of the Korea Society of Computer and Information
• /
• v.14 no.1
• /
• pp.107-115
• /
• 2009

The cryptological key which is used in WiMAX environment is used at regular intervals by mobile nodes (laptop computer, PDA, cell-phone) which is in the range of base station coverage. But it is very weak at local attack like man-in-the-middle when the mobile node is off the range of base station or enters into the range to communicate with base station because the communication section is activated wirelessly. This paper proposes a distribution key building protocol which can reuse security key used by nodes to reduce cryptological security attack danger and communication overhead which occurs when mobile node tries to communicate with base station. The proposed distribution key establishing protocol can reduce overhead which occurs between base station and mobile node through key reusing which occurs during the communication process and also, makes security better than IEEE 802.16 standard by creating shared key which is required for inter-certification through the random number which node itself creates.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.5
• /
• pp.297-301
• /
• 2013

Key agreement protocols allow multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. Since Joux first published the pairing-based one round tripartite key agreement protocol, many authenticated protocols have been proposed. Unfortunately, many of them have been broken while others have been shown to be deficient in some desirable security attributes. In 2004, Cheng et al. presented two protocols aimed at strengthening Shim's certificate-based and Zhang et al.'s tripartite identity-based protocols. This paper reports that 1) In Cheng et al.'s identity-based protocol, an adversary can extract long-term private keys of all the parties involved; and 2) Cheng et al.'s certification-based protocol is weak against key integrity attacks. This paper suggests possible remedies for the security flaws in both protocols and then presents a modified Cheng et al.'s identity-based, one-round tripartite protocol that is more secure than the original protocol.

• Journal of Korea Multimedia Society
• /
• v.8 no.4
• /
• pp.525-535
• /
• 2005

A password-based authenticated tripartite key exchange protocol based on A. Joux's protocol was proposed. By using encryption scheme with shared password, we can resolve man-in-the-middle attack and lack of authentication problems. We also suggested a scheme to avoid the offline dictionary attack to which symmetric encryption schemes are vulnerable. The proposed protocol does not require a trusted party which is required in certificate or identity based authentication schemes. Therefore in a ad hoc network which is difficult to install network infrastructure, the proposed protocol would be very useful. The proposed protocol is more efficient in computation aspect than any existing password-based authenticated tripartite key exchange protocols. When it is used as a base line protocol of tree based group key exchange protocol, the computational weak points of the proposed protocol are compensated.

• Journal of the Semiconductor & Display Technology
• /
• v.12 no.2
• /
• pp.51-56
• /
• 2013

Even if transmissions through normal channel between ubiquitous devices and terminal readers are encrypted, any extra sources of information retrieved from encrypting module can be exploited to figure out the key parameters, so called side channel attack. Since side channel attacks are based on statistical methods, making side channel signal weak or complex is the proper solution to prevent the attack. Among many countermeasures, shielding the electromagnetic signal and adding noise to the EM signal were examined by applying different thicknesses of thin films of ferroelectric (BTO) and conductors (copper and gold). As a test vehicle, chip antenna was utilized to see the change in radiation characteristics: return loss and gain. As a result, the ferroelectric BTO showed no recognizable effect on both shielding and adding noise. Cu thin film showed increasing shielding effect with thickness. Nanometer Au exhibited possibility in adding noise by widening of bandwidth and red shifting of resonating frequencies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.25-30
• /
• 2010

Block Cipher SEED which was developed by KISA are not only Korea national standard algorithm of TTA but also one of standard 128-bit block ciphers of ISO/IEC. Since SEED had been developed, many analyses were tried but there was no distinguishing cryptanalysis except the 7-round differential attack in 2002. The attack used the 6-round differential characteristic with probability $2^{-124}$ and analyzed the 7-round SEED with $2^{127}$ chosen plaintexts. In this paper, we propose a new 6-round differential characteristic with probability $2^{-110}$ and analyze the 7-round SEED with $2^{113}$ chosen plaintexts.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.497-508
• /
• 2004

The existing wireless LAN standard IEEE802.11b has many vulnerabilities from security point of view. The authentication mechanisms in IEEE802.11b have many vulnerabilities. As a result to complement the weak of IEEE802.11b authentication, the IEEE802.1x had been developed in the sense of providing strong user authentication with appropriate mechanism. But this mechanism does not perform AP authentication and there are also some weak points. And in confidentiality and message Integrity case, WEP is weak from key stream reuse attack, IV reuse attack and so on. For that reason, in this paper we propose secure wireless LAN system. Our system provides strong user authentication, confidentiality, and message integrity based on existing IEEE802.1x framework and TLS.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.2
• /
• pp.238-245
• /
• 2011

We suggest a DES key expansion algorithm which is strong enough to overcome Differential Cryptanalysis(DC) and Linear Cryptanalysis(LC). Checking the weak points of DES, we found that the opened S box provide all information on the various kinds of attack. Using the key expansion we redesigned the S box which is not open to anybody who has no key. DC and LC can not be applied to the suggested algorithm without the redesigned S box information. With the computer experiments we show that the efficiency of this algorithm is almost the same as that of DES with respect to the crypto speed.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.11
• /
• pp.5639-5653
• /
• 2016

Security models for key exchange protocols have been researched for years, however, lots of them only focus on what secret can be compromised but they do not differentiate the timing of secrets compromise, such as the extended Canetti-Krawczyk (eCK) model. In this paper, we propose a new security model for key exchange protocols which can not only consider what keys can be compromised as well as when they are compromised. The proposed security model is important to the security proof of the key exchange protocols with forward secrecy (either weak forward secrecy (wFS) or strong forward secrecy (sFS)). In addition, a new kind of key compromise impersonation (KCI) attacks which is called strong key compromise impersonation (sKCI) attack is proposed. Finally, we provide a new one-round key exchange protocol called mOT+ based on mOT protocol. The security of the mOT+ is given in the new model. It can provide the properties of sKCI-resilience and sFS and it is secure even if the ephemeral key reveal query is considered.

• Journal of Internet Computing and Services
• /
• v.17 no.3
• /
• pp.1-10
• /
• 2016

Information and network technology become the rapid development, so various online services supplied by multimedia systems are provided through the Internet. Because of intrinsic open characteristic on Internet, network systems need to provide the data protection and the secure authentication. So various researchers including Das, An, and Li&Hwang proposed the biometric-based user authentication scheme but they has some security weakness. To solve their problem, Li et al. proposed new scheme using fuzzy extraction, but it is weak on off-line password attack, authentication without biometrics, denial-of-service and insider attack. So, we proposed security enhanced user authentication scheme with key agreement to address the security problem of authentication schemes.