• Title/Summary/Keyword: Credential Server

Search Result 7, Processing Time 0.024 seconds

A Vulnerability Analysis of Multi-Context RFID Mutual Authentication Protocol (다중 컨텍스트 RFID 상호 인증 프로토콜의 보안 취약점 분석)

  • Kim, Young-Back;Kim, Sung-Soo;Chung, Kyung-Ho;Kim, Soo-Yong;Yun, Tae-Jin;Ahn, Kwang-Seon
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.10
    • /
    • pp.71-80
    • /
    • 2013
  • In this paper, we analyze the security vulnerability through the several attack scenarios for the MCR-MAP(Multi-Context RFID Mutual Authentication Protocol) proposed by Ahn et al. And we propose the secure mutual authentication protocol that improved a prior MCR-MAP. The suggested protocol uses the ID of the legal tag and the timestamp generated by the server, when the tag tries to authenticate. And when the tag creates the credential, we create the new secret key computing the XOR operation between the secret key shared with the server and the tag timestamp generated by the server. As a result, the proposed protocol provides the secure mutual authentication and then is safe to spoofing attack. Also it provides forward-secrecy and then is safe to offline brute-burst attack. In this paper, we compare and verify the security vulnerability of the prior and the proposed protocol through the security analysis.

(A Key Roaming Protocol with a New Password Hardening Scheme) (새로운 패스워드 강화 기법을 이용한 키 로밍 프로토콜)

  • 정현철;김승호
    • Journal of KIISE:Information Networking
    • /
    • v.30 no.3
    • /
    • pp.387-396
    • /
    • 2003
  • In this paper, we present more efficient Protocol than that of Ford and Kaliski. We use RSA in the roaming protocol and it Plays decisive role to reduce the total time cost. We show that our protocol is safe from various attacks. We present the performance of our protocol and verify that This protocol needs fewer secure channel like SSL than other protocols.

A STUDY ON IMPROVED PKMv2 FRAMEWORK FOR FAST MOBILITY IN 802.16e NETWORKS

  • Suh, Gi-Jun;Yun, Seung-Hwan;Yi, Ok-Yeon;Lee, Sang-Jin
    • Proceedings of the Korean Society of Broadcast Engineers Conference
    • /
    • 2009.01a
    • /
    • pp.400-403
    • /
    • 2009
  • EAP (Extensible Authentication Protocol) is often used as an authentication framework for two-party protocol which supports multiple authentication algorithms known as "EAP method". And PKMv2 in 802.16e networks use EAP as an authentication protocol. However, this framework is not efficient when the EAP peer executing handover. The reason is that the EAP peer and EAP server should re-run EAP method each time so that they authenticate each other for secure handover. This makes some delays, so faster re-authentication method is needed. In this paper, we propose a new design of the PKMv2 framework which provides fast re-authentication. This new framework and usage of the keys which used as a short-term credential bring better performance during handover process.

  • PDF

Delegated Provision of Personal Information and Storage of Provided Information on a Blockchain Ensuring Data Confidentiality (개인정보의 위임 제공 및 데이터 기밀성을 보장하는 블록체인에 제공 정보의 저장)

  • Jun-Cheol, Park
    • Smart Media Journal
    • /
    • v.11 no.10
    • /
    • pp.76-88
    • /
    • 2022
  • Personal information leakage is very harmful as it can lead to additional attacks using leaked information as well as privacy invasion, and it is primarily caused by hacking server databases of institutions that collect and store personal information. We propose a scheme that allows a service-requesting user to authorize a secure delegated transfer of his personal information to the service provider via a reliable authority and enables only the two parties of the service to retrieve the provided information stored on a blockchain ensuring data confidentiality. It thus eliminates the necessity of storing customer information in the service provider's own database. As a result, the service provider can serve customers without requiring membership registration or storing personal information in the database, so that information leakage through the server database can be completely blocked. In addition, the scheme is free from the risk of information leakage and subsequent attacks through smartphones because it does not require a user's smartphone to store any authentication credential or personal information of its owner.

Reducing Cybersecurity Risks in Cloud Computing Using A Distributed Key Mechanism

  • Altowaijri, Saleh M.
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.9
    • /
    • pp.1-10
    • /
    • 2021
  • The Internet of things (IoT) is the main advancement in data processing and communication technologies. In IoT, intelligent devices play an exciting role in wireless communication. Although, sensor nodes are low-cost devices for communication and data gathering. However, sensor nodes are more vulnerable to different security threats because these nodes have continuous access to the internet. Therefore, the multiparty security credential-based key generation mechanism provides effective security against several attacks. The key generation-based methods are implemented at sensor nodes, edge nodes, and also at server nodes for secure communication. The main challenging issue in a collaborative key generation scheme is the extensive multiplication. When the number of parties increased the multiplications are more complex. Thus, the computational cost of batch key and multiparty key-based schemes is high. This paper presents a Secure Multipart Key Distribution scheme (SMKD) that provides secure communication among the nodes by generating a multiparty secure key for communication. In this paper, we provide node authentication and session key generation mechanism among mobile nodes, head nodes, and trusted servers. We analyzed the achievements of the SMKD scheme against SPPDA, PPDAS, and PFDA schemes. Thus, the simulation environment is established by employing an NS 2. Simulation results prove that the performance of SMKD is better in terms of communication cost, computational cost, and energy consumption.

Study on Remote Data Acquisition Methods Using OAuth Protocol of Android Operating System (안드로이드 환경의 OAuth 프로토콜을 이용한 원격지 데이터 수집 방법 연구)

  • Nam, Gi-hoon;Gong, Seong-hyeon;Seok, Byoung-jin;Lee, Changhoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.1
    • /
    • pp.111-122
    • /
    • 2018
  • Using OAuth protocol, third-party applications on the Android operating system use user's credentials or access tokens that have access authority on user's resources to gain user's account and personal information from account information providers. These credentials and token information are stored in the device by the OAuth data management method provided by the Android operating system. If this information is leaked, the attacker can use the leaked credential and token data to get user's personal data without login. This feature enables the digital forensic investigator to collect data directly from the remote server of the services used by the target of investigation in terms of collecting evidence data. Evidence data collected at a remote location can be a basis for secondary warranties and provide evidence which can be very important evidence when an attacker attempts to destroy evidence, such as the removal of an application from an Android device. In this paper, we analyze the management status of OAuth tokens in various Android operating system and device environment, and show how to collect data of various third party applications using it. This paper introduces a method of expanding the scope of data acquisition by collecting remote data of the services used by the subject of investigation from the viewpoint of digital forensics.

A Proactive Authentication Using Credentials based on Chameleon Hashing in MIH Environments (MIH 환경에서 카멜레온 해쉬 기반의 인증값을 이용한 선행 인증 기법)

  • Chae, Kang-Suk;Choi, Jae-Duck;Jung, Sou-Hwan
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.35 no.5B
    • /
    • pp.840-848
    • /
    • 2010
  • This paper proposes a proactive authentication scheme using credentials based on chameleon hashing in MIH environments. There is a proactive authentication structure defined by IEEE 802.21 Security Study Group for the link access in MIH environment. Both schemes based on EAP and on PKI can be applied to such structure, but the former has caused network traffic due to the complicated authentication procedure and the latter has complex structure for managing certificates. The proposed scheme performs the proactive authentication procedure only between a mobile node and a MIH Key Holder by using credentials based on chameleon hashing. Our scheme reduces the network traffic since authentication with the server is unnecessary in MIH environment and PKI structure is not required as well. In addition, the proposed scheme provides secure PFS and PBS features owing to the authenticated Diffie-Hellman key exchange of the chameleon-based credential.