• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.4
• /
• pp.139-150
• /
• 2009

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.49-55
• /
• 2004

We propose a new authenticated quantum key distribution protocol. Using Greenberger-Home-Zeilinger(GHZ) state, the users of our protocol can authenticate each other and share a secret key. In our protocol, the shared key is not revealed to the honest arbitrator, which Provides the additional secrecy. Our Protocol not only guarantees secrecy as the other quantum key distribution protocols, but also the users authenticates each other. In practice, our new protocol can be easily implemented because it only uses basic quantum operations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.935-949
• /
• 2016

In this paper, we present a novel authenticated group key distribution scheme for large and dynamic multicast groups without employing traditional symmetric and asymmetric cryptographic operations. The security of our scheme is mainly based on the basic theories for solving linear equations. In our scheme, a large group is divided into many subgroups, where each subgroup is managed by a subgroup key manager (SGKM) and a group key generation center (GKGC) further manages all SGKMs. The group key is generated by the GKGC and then propagated to all group members through the SGKMs, such that only authorized group members can recover the group key but unauthorized users cannot. In addition, all authorized group members can verify the authenticity of group keys by a public one-way function. The analysis results show that our scheme is secure and efficient, and especially it is very appropriate for secure multicast communications in large and dynamic client-server networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.43-54
• /
• 1997

In this paper, we introduce a secure and minimal protocol for authenticated key distribution over the CDMA mobile communication network. The CDMA mobile communication network has been developed the security protocol that provides a means for user authentication and subsequent protection of user traffic. However, this model has no security assumptions for the intermediate, fixed networks. To avoiding these drawbacks, we introduce a minimal authenticated key distribution protocol. This protocol provides the security of the intermediate and fixed network in mobile environment, and maintains the confidentiality of user identification and the minimum size of information flow compared with the existing protocols.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.11
• /
• pp.2769-2792
• /
• 2013

In this paper, we propose an authenticated key agreement scheme, TinyIBAK, based on the identity-based cryptography and bilinear paring, for large scale sensor networks. We prove the security of our proposal in the random oracle model. According to the formal security validation using AVISPA, the proposed scheme is strongly secure against the passive and active attacks, such as replay, man-in-the middle and node compromise attacks, etc. We implemented our proposal for TinyOS-2.1, analyzed the memory occupation, and evaluated the time and energy performance on the MICAz motes using the Avrora toolkits. Moreover, we deployed our proposal within the TOSSIM simulation framework, and investigated the effect of node density on the performance of our scheme. Experimental results indicate that our proposal consumes an acceptable amount of resources, and is feasible for infrequent key distribution and rekeying in large scale sensor networks. Compared with other ID-based key agreement approaches, TinyIBAK is much more efficient or comparable in performance but provides rekeying. Compared with the traditional key pre-distribution schemes, TinyIBAK achieves significant improvements in terms of security strength, key connectivity, scalability, communication and storage overhead, and enables efficient secure rekeying.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.3-17
• /
• 2007

Receiver access control scheme is proposed to protect multicast distribution tree from DoS(Denial-of Service) attack induced by unauthorized use of IGMP(Internet group management protocol), by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP(Content Provider), NSP(Network Service Provider), and group members.

• International Journal of Contents
• /
• v.8 no.3
• /
• pp.79-82
• /
• 2012

In digital contents distribution environments, a user authentication is an important security primitive to allow only authenticated user to use right services by checking the validity of membership. For example, in Internet Protocol Television (IPTV) environments, it is required to provide an access control according to the policy of content provider. Remote user authentication and key agreement scheme is used to validate the contents accessibility of a user. We propose a novel user authentication scheme using smart cards providing a secure access to multimedia contents service. Each user is authenticated using a subset of attributes which are issued in the registration phase without revealing individual's identity. Our scheme provides the anonymous authentication and the various permissions according to the combination of attributes which are assigned to each user. In spite of more functionality, the result of performance analysis shows that the computation and communication cost is very low. Using this scheme, the security of contents distribution environments in the client-server model can be significantly improved.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.3C
• /
• pp.220-225
• /
• 2002

Mobile IP aims to support mobility within the Internet. This paper concerned with the security aspect of Mobile IP. We show that current registration protocol has a possible replay attack despite the use of authenticated registration message and replay protection. We propose a public-key based registration protocol that also distributes a session-key distribution protocol in AAA. Proposed protocol provides authentication of mobile node and session-key distribution simultaneously. It also provides non-repudiation of service request.

• The Journal of the Korea Contents Association
• /
• v.4 no.3
• /
• pp.53-60
• /
• 2004

In this paper we present user authentication and key distribution using threshold PKC(Public Key Cryptosystem), which is secure against the dictionary attack. The n servers hold a t-out-of-n sharing of the dealer's secret key. When the server authenticate a user, at least f of them cooperate they can reconstruct password verifier.

• Journal of Internet Computing and Services
• /
• v.6 no.3
• /
• pp.17-30
• /
• 2005

A PAK(Password-Authenticated Key Exchange) protocol is used as a protocol to provide both the mutual authentication and allow the communication entities to share the session key for the subsequent secure communication, using the human-memorable portable short-length password, In this paper, we propose distributed key exchange protocols applicable to a smartcard using the MTI(Matsumoto, Takashima, Imai) key distribution protocol and PAK protocol. If only one server keeps the password verification data which is used for password authentication protocol. then It could easily be compromised by an attacker, called the server-compromised attack, which results in impersonating either a user or a server, Therefore, these password verification data should be distributed among the many server using the secret sharing scheme, The Object of this paper Is to present a password-based key exchange protocol which is to allow user authentication and session key distribution, using the private key in a smartcard and a password typed by a user. Moreover, to avoid the server-compromised attack, we propose the distributee key exchange protocols using the MTI key distribution protocol, And we present the security analysis of the proposed key exchange protocol and compare the proposed protocols with the existing protocols.