• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.161-168
• /
• 2011

In 2009, Jeon et al proposed the lightweight strong authentication and strong privacy protocol, where the tag requrires only simple bitwise operations and random number generator. JK-RFID authentication protocol provides strong security: eavesdropping, replay, spoofing, Location tracking, DoS attack and forward security. Nevertheless, this paper points out the vulnerability of the forward security and improve the process of key updating. As a result, proposes an enhanced JK-RFID authentication protocol providing forward security and verify its satisfaction. In addition, a security and an efficiency of the proposed scheme analyze. Since partial adjustments of the key updating operation in JK-RFID authentication protocol, our protocol improve the forward security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.9
• /
• pp.4609-4623
• /
• 2017

The commercialization of LTE/SAE technologies has begun a new era in which data can be transmitted at remarkably high rates. The security of the LTE/SAE network, however, remains problematic. The forward security in LTE/SAE X2 handover key management can be threatened by key compromise and de-synchronization attacks as base station in public spaces can be compromised. This study was conducted to address the lack of forward key security in X2 handover key management in scenarios in which an adversary controls a legal base station. We developed the proposed X2 handover key management by changing the parameter in the renewing step and adding a verification step. We compare the security and performance of our proposal with other similar schemes. Our enhancement scheme ensures forward separation security accompanied by favorable signal and computation load performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.147-157
• /
• 2003

We often use cryptographic systems on small devices such as mobile phones, smart cards and so on. But such devices are delicate against the tlreat of key exposure of secret keys. To reduce the damage caused by exposure of secret keys stored on such devices, the concept of forward security is introduced. In this Paper, we present a new forward secure signature scheme based on Gap Diffie-Hellman groups. Our scheme achieves security against chosen-message attacks under the computational Diffie-Hellman assumption in the random oracle model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1502-1522
• /
• 2019

Leakage of secret keys may be the most devastating problem in public key cryptosystems because it means that all security guarantees are missing. The forward security mechanism allows users to update secret keys frequently without updating public keys. Meanwhile, it ensures that an attacker is unable to derive a user's secret keys for any past time, even if it compromises the user's current secret key. Therefore, it offers an effective cryptographic approach to address the private key leakage problem. As an extension of the forward security mechanism in certificate-based public key cryptography, forward-secure certificate-based signature (FS-CBS) has many appealing merits, such as no key escrow, no secure channel and implicit authentication. Until now, there is only one FS-CBS scheme that does not employ the random oracles. Unfortunately, our cryptanalysis indicates that the scheme is subject to the security vulnerability due to the existential forgery attack from the malicious CA. Our attack demonstrates that a CA can destroy its existential unforgeability by implanting trapdoors in system parameters without knowing the target user's secret key. Therefore, it is fair to say that to design a FS-CBS scheme secure against malicious CAs without lying random oracles is still an unsolved issue. To address this problem, we put forward an enhanced FS-CBS scheme without random oracles. Our FS-CBS scheme not only fixes the security weakness in the original scheme, but also significantly optimizes the scheme efficiency. In the standard model, we formally prove its security under the complexity assumption of the square computational Diffie-Hellman problem. In addition, the comparison with the original FS-CBS scheme shows that our scheme offers stronger security guarantee and enjoys better performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.531-546
• /
• 2015

A non-interactive key exchange protocol provides an efficiency of overall system by eliminating additional communication. However, traditional non-interactive key exchange protocols without updating a private key fail to provide forward secrecy, since there is no usage of ephemeral key for randomness of session key. In 2012, Sang et al. proposed a certificateless non-interactive key exchange(CL-NIKE) protocol, but they do not prove the security of the protocol and it does not provide forward secrecy. In this paper, we propose a new CL-NIKE protocol and it's security model. Then we prove the proposed protocol is secure under the security model based on DBDH(Decision Bilinear Diffie-Hellman) assumption. Moreover, we propose a CL-NIKE protocol with forward secrecy which updates user's private key by using multilinear map and prove it's security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.11
• /
• pp.5639-5653
• /
• 2016

Security models for key exchange protocols have been researched for years, however, lots of them only focus on what secret can be compromised but they do not differentiate the timing of secrets compromise, such as the extended Canetti-Krawczyk (eCK) model. In this paper, we propose a new security model for key exchange protocols which can not only consider what keys can be compromised as well as when they are compromised. The proposed security model is important to the security proof of the key exchange protocols with forward secrecy (either weak forward secrecy (wFS) or strong forward secrecy (sFS)). In addition, a new kind of key compromise impersonation (KCI) attacks which is called strong key compromise impersonation (sKCI) attack is proposed. Finally, we provide a new one-round key exchange protocol called mOT+ based on mOT protocol. The security of the mOT+ is given in the new model. It can provide the properties of sKCI-resilience and sFS and it is secure even if the ephemeral key reveal query is considered.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.8
• /
• pp.1982-1997
• /
• 2012

Authenticated multiple key agreement protocols not only allow participants to agree the multiple session keys within one run of the protocol but also ensure the authenticity of the other party. In 2011, Dehkordi et al. proposed an identity-based authenticated multiple key agreement protocol. In this paper, we demonstrate that Dehkordi et al.'s protocol is vulnerable to impersonation attacks. Furthermore, we have found that their protocol cannot provide perfect forward security or mutual security. Then we propose an identity-based authenticated multiple key agreement protocol which removes the weaknesses of the Dehkordi et al.'s protocol. Compared with the multiple key agreement protocols in the literature, the proposed protocol is more efficient and holds stronger security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.27-38
• /
• 2007

One of the most important security issues of e-mail service is user privacy. Currently, various security protocols, like PGP(pretty Good Privacy), S/MIME(Secure/Multipurpose Internet Mail Extension), have been proposed. These protocols, however, do not provide forward secrecy. Recently, some security protocols that provide forward secrecy were proposed. But all of them require changes to the current e-mail infrastructure. Moreover, contrary to authors' intention, some of them do not actually provide perfect forward secrecy. In this paper, we propose a new practical e-mail security protocol. The proposed protocol provides perfect forward secrecy and uses a practical e-mail model that dose not require any changes to existing e-mail servers. It encrypts and authenticates messages efficiently using elliptic curve based signcryption scheme. In addition, we provide a way to send secure group e-mails.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.3-11
• /
• 2009

Forward secrecy in an e-mail system means that the compromising of the long-term secret keys of the mail users and mail servers does not affect the confidentiality of the previous e-mail messages. Previous forward-secure e-mail protocols used the certified public keys of the users and thus needed PKI(Public Key Infrastructure). In this paper, we propose a password-based authenticated e-mail protocol providing forward secrecy. The proposed protocol does not require certified public keys and is sufficiently efficient to be executed on resource-restricted mobile devices.

• ETRI Journal
• /
• v.37 no.3
• /
• pp.573-583
• /
• 2015

We introduce the idea of a forward-secure undetachable digital signature (FS-UDS) in this paper, which enables mobile agents to generate undetachable digital signatures with forward security of the original signer's signing key. The definition and security notion of an FS-UDS scheme are given. Then, the construction of a concrete FS-UDS scheme is proposed; and the proof of security for the proposed scheme is also provided. In the proposed scheme, mobile agents need not carry the signing key when they generate digital signatures on behalf of the original signer, so the signing key will not be compromised. At the same time, the encrypted function is combined with the original signer's requirement; therefore, misuse of the signing algorithm can be prevented. Furthermore, in the case where a hacker has accessed the signing key of the original signer, he/she is not able to forge a signature for any time period prior to when the key was obtained.