• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1992.11a
• /
• pp.41-54
• /
• 1992

본 논문에서는 정보를 효율적으로 저장, 관리, 전송할 수 있는 기능을 담당하는 분산 디렉토리 시스템（X. 500시리즈）의 모델과 MHS와의 연계 방안을 알아 보고, 이 시스템에서의 인증 방식 중의 하나인 상세 인증（strong authentication）의 문제점과 그 해결 방안을 제시하였다. 또한 X. 509 권고안에서의 디지털 서명을 생성하는 구체적인 방법으로 특정 성질을 갖는 공개키 암호 방식인 RSA를 이용하였으나 본 논문에서는 ElGamal 방식을 분산 디렉토리 시스템에 적용시킴으로써 RSA 방식이 아닌 다른 방식도 X. 509에 적용 가능하다는 것을 보였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.2C
• /
• pp.342-347
• /
• 2004

An ID certificate is digitally signed by a certificate authority for authentication and an attribute certificate is digitally signed by an attribute certificate authority for authorization. In many applications in web, there should be a mechanism to bind attributes to proper identities. The dependencies between them should be maintained. So we analyzed some known binding methods, selective revocation methods and cryptographic binding methods. And we proposed a binding mechanism using one-time attribute certificates in order to solve their problems.

• Review of KIISC
• /
• v.4 no.2
• /
• pp.23-39
• /
• 1994

본 논문은 예전의 방법들에서 일어나고 있는 수행 속도 문제점들을 향상하기 위하여 병렬 처리를 이용하여 난수를 발생하는 방법중에서 가장 보편적이고 빠른 방법으로 알려진 저차 합동 다항식에 기초한 새로운 고속 디지탈 서명방식에 대한 병렬 알고리즘을 제안한다. 새로운 디지탈 서명 방식은 비밀키로써 큰 소수 p,q를 이용하여, 공개 정보로써 n=$p^2$ * q를 이용한다. 난수는 서명을 생성할때 이용되며, 서명을 검증하기 위하여 부등식을 이용하며 병렬 알고리즘을 이용하여 서명을 생성하는 처리속도의 향상된 성능을 위하여 전처리와 디지탈 서명을 구축하는 계산방법의 새로운 병렬 알고리즘을 작성하였다. 본 논문에서 새로 제안한 서명방식에 대한 병렬 알고기즘을 검증하고 비도를 산출할 것이며, 시뮬레이션을 통하여 예전의 방식들과 비교 분석한다. 본 논문은 공개키를 이용한 병렬 암호와 시스템과 신호 처리에 대한 병렬 알고리즘으로 응용될 수 있을 것이며, 병렬과 분산 처리 환경하에서 개발되는 정보서비스 특히 메세지 처리 시스템 서비시, 전자교환 서비스 등의 디지탈 서명에 유용될 수 있을 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.3
• /
• pp.95-104
• /
• 1997

In this paper, we introduce Kerberos and Yaksha of an authentication scheme and propose an effectively interactive authentication scheme which improved on Kerberos and Yaksha with the public key cryptosystem in distributed systems. Also, we compare and analyse a representative Kerberos and Yakaha authentication scheme with it.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.15 no.7
• /
• pp.545-552
• /
• 1990

This paper is concerned with the file protection in the file transfer systems. In the existing file transfer systems, passwords are used in the protection but do not provide any data protection and can only provide some protection against unauthorized access. Even provided with this protection, we cannot be free form computer hackers. In order to achieve higher standards of protection for our privacy (protection for data themselves, authentication of senders...) analternative technical system should be developed in using of pulic key cryptography by choosing the public key method (RSA public key) in the file transfer. A new system suggested in the paper can achieve some higher standards of protection for our privacy. We a result thie system will be easily applied to various document handling systems as in the data base.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.2
• /
• pp.328-332
• /
• 2006

Efficient finite field operation in the elliptic curve (EC) public key cryptography algorithm, which attracts much of latest issues in the applications in information security, is very important. Traditional serial finite multipliers root from Mastrovito's serial multiplication architecture. In this paper, we adopt the polynomial basis and propose a new finite field multiplier, inducing numerical expressions which can be applied to exhibit 3 times as much performance as the Mastrovito's. We described the proposed multiplier with HDL to verify and evaluate as a proper hardware IP. HDL-implemented serial GF (Galois field) multiplier showed 3 times as fast speed as the traditional serial multiplier's adding only partial-sum block in the hardware. So far, there have been grossly 3 types of studies on GF($2^m$) multiplier architecture, such as serial multiplication, array multiplication, and hybrid multiplication. In this paper, we propose a novel approach on developing serial multiplier architecture based on Mastrovito's, by modifying the numerical formula of the polynomial-basis serial multiplication. The proposed multiplier architecture was described and implemented in HDL so that the novel architecture was simulated and verified in the level of hardware as well as software.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.955-958
• /
• 2006

초고속인터넷이 널리 보급되면서 최근 메신저 서비스(Messenger Service)를 이용하는 사용자가 폭발적으로 증가하고, 해킹 기술의 발달로 인하여 메신저를 통하여 전달되는 메시지들이 악의의 사용자에게 쉽게 노출될 수 있는 가증서도 커지고 있다. 본 논문에서는 인스턴트 메신저의 안전한 통신을 위해 인증서를 이용한 인스턴트 메신저 프로토콜에 대해 설계하였다. 또한 메신저 서비스에서의 메시지 보안을 구현함에 있어서 공개키 암호 알고리즘의 연산수행시간을 단축하기 위해 ElGamal 방식의 ECC(Elliptic Curve Cryptography) 알고리즘을 사용하고, 사용자 그룹 단위의 암호화를 위해 그룹별로 타원곡선과 그 위에 있는 임의의 점을 선택하여 다른 그룹과 구별하였다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.852-855
• /
• 2005

This paper introduces a case study of designing a cryptographic processor dedicated to VPN/SSL system. The designed processor supports not only block cipher algorithm, including 3DES, AES, and SEED, but also 163 bit ECC public key crypto algorithm. Moreover, we adopted PCI Master interface in the design, which guarantees fast computation of cryptographic algorithm prevalent in general information security systems.

• The KIPS Transactions:PartC
• /
• v.9C no.3
• /
• pp.313-322
• /
• 2002

In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Ggroup. Did to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/BNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos' symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. Excluded random number ($K_{rand}$) generation and duplex encryption progress to confirm Client. A Design of Kerberos system that have effect and simplification of certification formality that reduce Overload on communication.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1597-1605
• /
• 2015

Password authenticated key exchange (PAKE) is a protocol that a client stores its password to a server, authenticates itself using its password and shares a session key with the server. In multi-server PAKE, a client splits its password and stores them to several servers separately. Unless all the servers are compromised, client's password will not be disclosed in the multi-server setting. In attribute-based encryption (ABE), a sender encrypts a message M using a set of attributes and then a receiver decrypts it using the same set of attributes. In this paper, we introduce multi-server PAKE protocol that utilizes a set of attributes of ABE as a client's password. In the protocol, the client and servers do not need to create additional public/private key pairs because the password is used as a set of public keys. Also, the client and the servers exchange only one round-trip message per server. The protocol is secure against dictionary attacks. We prove our system is secure in a proposed threat model. Finally we show feasibility through evaluating the execution time of the protocol.