• Title/Summary/Keyword: Authenticated encryption algorithm

Search Result 17, Processing Time 0.023 seconds

An Authenticated Encryption Scheme without Block Encryption Algorithms (블록 암호 알고리즘을 사용하지 않는 인증 암호화 방법)

  • Lee, Mun-Kyu;Kim, Dong-Kyue;Park, Kunsun
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.29 no.5
    • /
    • pp.284-290
    • /
    • 2002
  • We propose a new authenticated encryption scheme that does not require any block encryption algorithm. Our scheme is based on the Horster-Michels-Petersen authenticated encryption scheme, and it uses a technique in the Bae~Deng signcryption scheme so that the sender's signature can be verified by an arbitrary third party. Since our scheme does not use any block encryption algorithm, we can reduce the code size in its implementation. The computation and communication costs of the proposed scheme are almost the same as those of the Bao-Deng scheme that uses a block encryption algorithm. Our scheme also satisfies all the security properties such as confidentiality, authenticity and nonrepudiation.

Cryptanalysis of the Authentication in ACORN

  • Shi, Tairong;Guan, Jie
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.8
    • /
    • pp.4060-4075
    • /
    • 2019
  • ACORN is an authenticated encryption algorithm proposed as a candidate in the currently ongoing CAESAR competition. ACORN has a good performance on security and efficiency which has been a third-round candidate. This paper mainly concentrates on the security of ACORN under the forgery attack and the non-repudiation of ACORN. Firstly, we analyze the differential properties of the feedback function in ACRON are analyzed. By taking advantage of these properties, the forgery attacks on round-reduced ACORN are proposed with a success probability higher than $2^{-128}$ when the number of finalization rounds is less than 87. Moreover, the non-repudiation of ACRON in the nonce-reuse setting is analyzed. The known collision can be used to deny the authenticated message with probability $2^{-120}$. This paper demonstrates that ACORN cannot generate the non-repudiation completely. We believe it is an undesirable property indeed.

Dragon-MAC: Securing Wireless Sensor Network with Authenticated Encryption (Dragon-MAC: 인증 암호를 이용한 효율적인 무선센서네크워크 보안)

  • Lim, Shu-Yun;Pu, Chuan-Chin;Lim, Hyo-Taek;Lee, Hoon-Jae
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.11 no.8
    • /
    • pp.1519-1527
    • /
    • 2007
  • In order to combat the security threats that sensor networks are exposed to, a cryptography protocol is implemented at sensor nodes for point-to-point encryption between nodes. Given that nodes have limited resources, symmetric cryptography that is proven to be efficient for low power devices is implemented. Data protection is integrated into a sensor's packet by the means of symmetric encryption with the Dragon stream cipher and incorporating the newly designed Dragon-MAC Message Authentication Code. The proposed algorithm was designed to employ some of the data already computed by the underlying Dragon stream cipher for the purpose of minimizing the computational cost of the operations required by the MAC algorithm. In view that Dragon is a word based stream cipher with a fast key stream generation, it is very suitable for a constrained environment. Our protocol regarded the entity authentication and message authentication through the implementation of authenticated encryption scheme in wireless sensor nodes.

Invited Speech at ICSS 2007 Generation of Session, Authentication, and Encryption Keys for CDMA2000 1x EV-DO Air Interface Standard

  • Rhee, Man-Young
    • Review of KIISC
    • /
    • v.17 no.2
    • /
    • pp.9-23
    • /
    • 2007
  • The air interface supports a security layer which provides the key exchange protocol, authentication protocol, and encryption protocol. The authentication is performed on the encryption protocol packet. The authentication protocol header or trailer may contain the digital signature that is used to authenticate a portion of the authentication protocol packet that is authenticated. The encryption protocol may add a trailer to hide the actual length of the plaintext of padding to be used by the encryption algorithm. The encryption protocol header may contain variables such as the initialization vector (IV) to be used by the encryption protocol. It is our aim to firstly compute the session key created from the D H key exchange algorithm, and thereof the authenticating key and the encryption key being generated from the session key.

Image Authentication Using Only Partial Phase Information from a Double-Random-Phase-Encrypted Image in the Fresnel Domain

  • Zheng, Jiecai;Li, Xueqing
    • Journal of the Optical Society of Korea
    • /
    • v.19 no.3
    • /
    • pp.241-247
    • /
    • 2015
  • The double-random phase encryption (DRPE) algorithm is a robust technique for image encryption, due to its high speed and encoding a primary image to stationary white noise. Recently it was reported that DRPE in the Fresnel domain can achieve a better avalanche effect than that in Fourier domain, which means DRPE in the Fresnel domain is much safer, to some extent. Consequently, a method based on DRPE in the Fresnel domain would be a good choice. In this paper we present an image-authentication method which uses only partial phase information from a double-random-phase-encrypted image in the Fresnel domain. In this method, only part of the phase information of an image encrypted with DRPE in the Fresnel domain needs to be kept, while other information like amplitude values can be eliminated. Then, with the correct phase keys (we do not consider wavelength and distance as keys here) and a nonlinear correlation algorithm, the encrypted image can be authenticated. Experimental results demonstrate that the encrypted images can be successfully authenticated with this partial phase plus nonlinear correlation technique.

A Cryptographic Processor Supporting ARIA/AES-based GCM Authenticated Encryption (ARIA/AES 기반 GCM 인증암호를 지원하는 암호 프로세서)

  • Sung, Byung-Yoon;Kim, Ki-Bbeum;Shin, Kyung-Wook
    • Journal of IKEEE
    • /
    • v.22 no.2
    • /
    • pp.233-241
    • /
    • 2018
  • This paper describes a lightweight implementation of a cryptographic processor supporting GCM (Galois/Counter Mode) authenticated encryption (AE) that is based on the two block cipher algorithms of ARIA and AES. It also provides five modes of operation (ECB, CBC, OFB, CFB, CTR) for confidentiality as well as the key lengths of 128-bit and 256-bit. The ARIA and AES are integrated into a single hardware structure, which is based on their algorithm characteristics, and a $128{\times}12-b$ partially parallel GF (Galois field) multiplier is adopted to efficiently perform concurrent processing of CTR encryption and GHASH operation to achieve overall performance optimization. The hardware operation of the ARIA/AES-GCM AE processor was verified by FPGA implementation, and it occupied 60,800 gate equivalents (GEs) with a 180 nm CMOS cell library. The estimated throughput with the maximum clock frequency of 95 MHz are 1,105 Mbps and 810 Mbps in AES mode, 935 Mbps and 715 Mbps in ARIA mode, and 138~184 Mbps in GCM AE mode according to the key length.

An Efficient Multi-Layer Encryption Framework with Authentication for EHR in Mobile Crowd Computing

  • kumar, Rethina;Ganapathy, Gopinath;Kang, GeonUk
    • International journal of advanced smart convergence
    • /
    • v.8 no.2
    • /
    • pp.204-210
    • /
    • 2019
  • Mobile Crowd Computing is one of the most efficient and effective way to collect the Electronic health records and they are very intelligent in processing them. Mobile Crowd Computing can handle, analyze and process the huge volumes of Electronic Health Records (EHR) from the high-performance Cloud Environment. Electronic Health Records are very sensitive, so they need to be secured, authenticated and processed efficiently. However, security, privacy and authentication of Electronic health records(EHR) and Patient health records(PHR) in the Mobile Crowd Computing Environment have become a critical issue that restricts many healthcare services from using Crowd Computing services .Our proposed Efficient Multi-layer Encryption Framework(MLEF) applies a set of multiple security Algorithms to provide access control over integrity, confidentiality, privacy and authentication with cost efficient to the Electronic health records(HER)and Patient health records(PHR). Our system provides the efficient way to create an environment that is capable of capturing, storing, searching, sharing, analyzing and authenticating electronic healthcare records efficiently to provide right intervention to the right patient at the right time in the Mobile Crowd Computing Environment.

A Study on the Design of a Secure Client-Sever System (Secure 클라이언트-서버 시스템 설계에 관한 연구)

  • 이상렬
    • Journal of the Korea Society of Computer and Information
    • /
    • v.3 no.4
    • /
    • pp.91-96
    • /
    • 1998
  • In this paper we designed a secure client-server system to be able to protect messages between client and server using cryptography We authenticated each other using a asymmetric encryption algorithm on the logon procedure and minimized the time to encrypt and decrypt messages using a symmetric encryption algorithm on exchanging messages. We proved that it is possible to make a digital signature on our secure client-server system. And we suggested the efficient key management method to generate and distribute cryptograpic key securely.

  • PDF

A Dynamic Key Lifetime Change Algorithm for Performance Improvement of Virtual Private Networks (가상사설망의 성능개선을 위한 동적 키 재생성 주기 변경 알고리즘)

  • HAN, Jong-Hoon;LEE, Jung Woo;PARK, Sung Han
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.42 no.10 s.340
    • /
    • pp.31-38
    • /
    • 2005
  • Ipsec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the internet. Internet Key Exchange (IKE) is a protocol that is used to negotiate and provide authenticated keying materials in a protected manner for Security Associations (SAs). In this paper, we propose a dynamic key lifetime change algorithm for performance enhancement of virtual private networks using IPSec. The proposed algorithm changes the key lifetime according to the number of secure tunnels. The proposed algorithm is implemented with Linux 2.4.18 and FreeS/WAN 1.99. The system employing our proposed algorithm performs better than the original version in terms of network performance and security.

Development of CAN network intrusion detection algorithm to prevent external hacking (외부 해킹 방지를 위한 CAN 네트워크 침입 검출 알고리즘 개발)

  • Kim, Hyun-Hee;Shin, Eun Hye;Lee, Kyung-Chang;Hwang, Yeong-Yeun
    • Journal of the Korean Society of Industry Convergence
    • /
    • v.20 no.2
    • /
    • pp.177-186
    • /
    • 2017
  • With the latest developments in ICT(Information Communication Technology) technology, research on Intelligent Car, Connected Car that support autonomous driving or services is actively underway. It is true that the number of inputs linked to external connections is likely to be exposed to a malicious intrusion. I studied possible security issues that may occur within the Connected Car. A variety of security issues may arise in the use of CAN, the most typical internal network of vehicles. The data can be encrypted by encrypting the entire data within the CAN network system to resolve the security issues, but can be time-consuming and time-consuming, and can cause the authentication process to be carried out in the event of a certification procedure. To resolve this problem, CAN network system can be used to authenticate nodes in the network to perform a unique authentication of nodes using nodes in the network to authenticate nodes in the nodes and By encoding the ID, identifying the identity of the data, changing the identity of the ID and decryption algorithm, and identifying the cipher and certification techniques of the external invader, the encryption and authentication techniques could be detected by detecting and verifying the external intruder. Add a monitoring node to the CAN network to resolve this. Share a unique ID that can be authenticated using the server that performs the initial certification of nodes within the network and encrypt IDs to secure data. By detecting external invaders, designing encryption and authentication techniques was designed to detect external intrusion and certification techniques, enabling them to detect external intrusions.