• Journal of Convergence for Information Technology
• /
• v.11 no.11
• /
• pp.66-74
• /
• 2021

With the development of the Internet, user authentication technology that proves me online is improving. Existing ID methods pose a threat of personal information leakage if the service provider manages personal information and security is weak, and the information subject is to the service provider. In this study, as online identification technology develops, we propose a DID-based self-authentication model to prevent the threat of leakage of personal information from a centralized format and strengthen sovereignty. The proposed model allows users to directly manage personal information and strengthen their sovereignty over information topics through VC issued by the issuing agency. As a research method, a self-authentication model that guarantees security and integrity is presented using a decentralized identifier method based on distributed ledger technology, and the security of the attack method is analyzed. Because it authenticates through DID Auth using public key encryption algorithms, it is safe from sniffing, man in the middle attack, and the proposed model can replace real identity card.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.5
• /
• pp.899-905
• /
• 2009

IPTV service is one of the representatives for the integration of broadcasting industry and communication industry, which also can meet users' various demands and provide efficient service. As the increasing number of IPTV users and contents servers, it is necessary to provide the safety authority system to prevent the illegal audio-visual, incorrect audio-visual authority, and illegal authority control. This thesis puts forward PKI(public Key Infrastructure) as the foundation key production mechanism. Through this mechanism, the key can be transferred safely to users and authenticate the ID of users and contents servers. In a word, our system can provide safe and efficient service for mutual authentication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.5
• /
• pp.23-36
• /
• 2010

Signcryption is a cryptographic primitive which offers authentication and confidentiality simultaneously with a cost lower than signing and encrypting the message independently. We propose a new cryptographic notion called Identity-based online/offline signcryption. The notion of online/offline scheme can be divided into two phases, the first phase is performed offline prior to the arrival of a message to be signed or encrypted and the second phase is performed online phase after knowing the message and the public key of recipient. The Online phase does not require any heavy computations such as pairings or exponents. It is particularly suitable for power-constrained devices such as smart cards. In this paper, we propose ID-based signcryption scheme and ID-based online/offline signcryption scheme where the confidentiality and authenticity are simultaneously required to enable a secure and trustable communication environment. To our best knowledge, this is the first ID-based online/offline signcryption scheme that can be proven secure in the standard model.

• The KIPS Transactions:PartC
• /
• v.14C no.6
• /
• pp.463-470
• /
• 2007

Revocation is one of the main difficulties faced in implementing Public Key Infrastructures(PHs). Boneh, Ding and Tsudik first introduced a mediated cryptography for obtaining immediate revocation of RSA keys used in PKIs. Their method is based on the idea that each user's private key can be split into two random shares, one of which is given to the user and the other to an online security mediator(SEM). Thus any signature or decryption must be performed as a cooperation between a user and his/her associated SEM and revocation is achieved by instructing the mediator SEM to stop cooperating the user. Recently, Libert and Quisquater showed that the fast revocation method using a SEcurity Mediator(SEM) in a mRSA can be applied to the Boneh-Franklin identify based encryption and GDH signature schemes. In this paper we propose a mediated identity based signature(mIBS) with batch verification which apply the SEM architecture to an identity based signature. Libert's GDH siganture scheme is not forward secure even though forward security is an important and desirable feature for signature schemes. We propose an efficient key udating mediated signature scheme, mKUS based on mIBS and analyze its security and efficiency.

• Information and Communications Magazine
• /
• v.23 no.10
• /
• pp.63-75
• /
• 2006

통신 서비스 제공기반이 All-IP 멀티서비스 네트워크로 변화함에 따라 서비스 중심적 인프라 구축을 위한 가입자 프로파일의 관리 문제가 주요 이슈로 대두되고 있다. 또한 휴대형 단말의 기능 확대와 이동 애플리케이션의 증가에 따라 네트워크에서 요구되는 제어와 관리 도메인의 역할이 점차 강조되고, 유무선 통합 서비스 제공을 위한 서비스 간의 다양한 형태의 연동과 결합을 위한 백엔드 인프라의 통합이 논의 되고 있다. 이러한 배경하에서 차세대 유무선통합망의 구조 및 서비스 특성을 조망하고, 유무선통합망에서의 통합 ID와 개인화 서비스, 셀프 프로비저닝, Context-Aware 서비스 등의 지원을 위한 네트워크 인텔리전스 역할을 위한 핵심요소로 인식되고 있는 통합 가입자 프로파일에 대한 정의와 구조, 구축 전략 미 KT의 통합프로파일 구축 현황 등을 기술한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.5
• /
• pp.73-92
• /
• 2005

Joux's tripartite key agreement protocol is one of the most prominent developments in the area of key agreement. Although certificate-based and ID-based authentication schemes have been proposed to provide authentication for Joux's protocol, no provably secure password-based one round tripartite key agreement protocol has been proposed yet. We propose a secure one round password-based tripartite key agreement protocol that builds on Joux's protocol and adapts PAK-EC scheme for password-based authentication, and present a proof of its security.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.7
• /
• pp.1501-1509
• /
• 2011

Current identity management 1.0 model, which is service provider-centric and isolated, has several problems such as low usability, high cost structure, difficulty in privacy protection, and lack of trust infrastructure. Though various SSO-based identity management 2.0 models including Passport/Live ID, Liberty Alliance/SAML, CardSpace, and OpenID have been recently developed in order to overcome those problems, they are not widely accepted in real Internet environment so as to replace the existing identity management 1.0 model. This paper firstly analyzes the widely-known identity 2.0 models in a comparative way, and then presents a perspective on the development direction of identity management 3.0 model for future Internet.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.11 no.6
• /
• pp.303-310
• /
• 2011

Recently, many user authentication schemes using smart cards have been proposed to improve the security weaknesses in user authentication process. In 2009, Wang et al. proposed a more effective and secure dynamic ID-based remote user authentication scheme to improve the security weakness of Das et al.'s scheme, and asserted that the improved scheme is secure against independent of password in authentication phase and provides mutual authentication between the user and the remote server. However, in this paper, we analyze the security of Wang et al. scheme and demonstrate that Wang et al.'s scheme is vulnerable to the man-in-the-middle attack and the off-line password guessing attack. In addition, we show that Wang et al. scheme also fails to provide mutual authentication. Accordingly, we propose an improved scheme to overcome these security weakness even if the secrete information stored in the smart card is revealed. Our proposed scheme can withstand the user impersonation attack, the server masquerading attack and off-line password guessing attack. Furthermore, this improved scheme provides the mutual authentication and is more effective than Wang et al.'s scheme in term of the computational complexities.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1692-1706
• /
• 2004

Recently, there are rapid development of information and communication and rapid growth of e-business users. Therefore we try to solve security problem on the internet environment which charges from wire internet to wireless internet or wire/wireless internet. Since the wireless mobile environment is limited, researches such as small size, end-to-end and privacy security are performed by many people. Wireless e-business adopts credit card WPP protocol and AIP protocol proposed by ASPeCT. WAP, one of the protocol used by WPP has weakness of leaking out information from WG which conned wire and wireless communication. certification chain based AIP protocol requires a lot of computation time and user IDs are known to others. We propose a Micro-Payment protocol based on credit card. Our protocol use the encryption techniques of the public key with ID to ensure the secret of transaction in the step of session key generation. IDs are generated using ECC based Weil Paring. We also use the certification with hidden electronic sign to transmit the payment result. The proposed protocol solves the privacy protection and Non-repudiation p개blem. We solve not only the safety and efficiency problem but also independent of specific wireless platform. The protocol requires the certification organization attent the certification process of payment. Therefore, other domain provide also receive an efficient and safe service.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.8S
• /
• pp.2774-2782
• /
• 2000

Release 99 UMTS/GPRS는 Mobile IP 서비스를 제공하기 위한 방안으로서 단계별로 3가지 망 구조를 제안하고 있다. 1단계 망 구조에서 GGSN(Gateway GPRS Support Node)과 FA(Foreign Agent)간 인터페이스는 구현사항으로 기술하고 있으며, GGSN과 FA를 동일 플랫폼에서 구현하는 경우와 별도 플랫폼에서 구현하는 경우를 둘 다 고려하고 있다. 그러나 후자의 경우에 필요한 인터페이스는 표준화 대상에서 제외하고 있다. 따라서 GGSN과 FA를 별도의 플랫폼에서 구현하기 위해서 proprietary한 인터페이스 새로이 정의되어야 한다. 이를 위해 본 논문에서는 GGSN과 FA간 새로운 Gi+ 인터페이스를 정의하고, 이를 실현하기 위해 기본적으로 필요한 데이터 트래픽 프로토콜 구조와 신호 프로토콜 구조를 제안하였다. 그리고 GPRS의 GTP(GPRS Tunneling Protocol)ID를 세션 구별자로 사용하고, Gi+ 세션을 관리하기 위해 GGSN에 단말의 상태 관리 모델을 적용하는 SIAM(Session Identifier Adaptation Mechanism)을 설계 하였다. SIAM의 장점은 GGSN과FA 사이에 Mobile IP 신호 전송은 UDP를, 그리고 데이터 트래픽 전송은 IP-in-IP를 사용할 수 있게 함으로서 Gi+ 인터페이스 구현의 용이성을 제공한다.