• Title/Summary/Keyword: Key-binding scheme

Search Result 10, Processing Time 0.03 seconds

Anonymity-Based Authenticated Key Agreement with Full Binding Property

  • Hwang, Jung Yeon;Eom, Sungwook;Chang, Ku-Young;Lee, Pil Joong;Nyang, DaeHun
    • Journal of Communications and Networks
    • /
    • v.18 no.2
    • /
    • pp.190-200
    • /
    • 2016
  • In this paper, we consider some aspects of binding properties that bind an anonymous user with messages. According to whether all the messages or some part of the messages are bound with an anonymous user, the protocol is said to satisfy the full binding property or the partial binding property, respectively. We propose methods to combine binding properties and anonymity-based authenticated key agreement protocols. Our protocol with the full binding property guarantees that while no participant's identity is revealed, a participant completes a key agreement protocol confirming that all the received messages came from the other participant. Our main idea is to use an anonymous signature scheme with a signer-controlled yet partially enforced linkability. Our protocols can be modified to provide additional properties, such as revocable anonymity. We formally prove that the constructed protocols are secure.

A Mobility Management Scheme based on the Mobility Pattern of Mobile Networks (이동 네트워크의 이동 패턴에 기반을 둔 이동성 관리 기법)

  • Yang, Sun-Ok;Kim, Sung-Suk
    • Journal of KIISE:Information Networking
    • /
    • v.35 no.4
    • /
    • pp.345-354
    • /
    • 2008
  • Recently, small-scale mobile network which is composed of many mobile devices in a man becomes popular. Also, Examples of large-scale mobile network can be thought access networks deployed on public transportation such as ships, trains and buses. To provide seamless mobility for mobile nodes in this mobile network, binding update messages must be exchanged frequently. However, it incurs network overhead increasingly and decreases energy efficiency of mobile router. If we try to reduce the number of the messages to cope with the problem, it may happen the security -related problems conversely Thus, mobile router needs a effective algorithm to update location information with low cost and to cover security problems. In this paper, mobility management scheme based on mobile router's mobility pattern is proposed. Whenever each mobile router leaves a visiting network, it records related information as moving log. And then it periodically computes mean resident time for all visited network, and saves them in the profile. If each mobile router moves into the visited network hereafter, the number of binding update messages can be reduced since current resident time may be expected based on the profile. At this time, of course, security problems can happen. The problems, however, are solved using key credit, which just sends some keys once. Through extensive experiments, bandwidth usages are measured to compare binding update messages in proposed scheme with that in existing scheme. From the results, we can reduce about 65% of mobility-management-related messages especially when mobile router stays more than 50 minutes in a network. Namely, the proposed scheme improves network usage and energy usage of mobile router by decreasing the number of messages and authorization procedure.

Authentication Mechanism for Secure Fast Handover in HMIPv6 (HMIPv6 환경에서의 안전한 Fast Handover를 위한 인증 메커니즘)

  • Kim, Min-Kyoung;Kang, Hyun-Sun;Park, Chang-Seop
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.3
    • /
    • pp.91-100
    • /
    • 2007
  • In this paper, We design and propose a protocol for supporting secure and efficient mobility in integrating fast handover and HMIPv6. In the proposed protocol which is AAA-based HMIPv6, if the MN enters the MAP domain for the first time, then it performs an Initial Local Binding Update for authentication. We propose a secure Fast Handover method using the ticket provided by MAP, which includes the secret key for authentication. Also, we analyze and compare security properties of our proposed scheme with those of other scheme using various attack scenario.

An Improved Protocol for the Secure Mobile IPv6 Binding Updates (안전한 모바일 IPv6 바인딩 갱신을 위한 개선된 프로토콜)

  • You, Il-Sun;Won, You-Seuk;Cho, Kyung-San
    • The KIPS Transactions:PartC
    • /
    • v.11C no.5
    • /
    • pp.605-612
    • /
    • 2004
  • In MIPv6, unauthenticated binding updates expose the involved MN and CN to various security attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we pro-pose a novel protocol for the secure binding updates in MIPv6, which can resolve the drawbacks of the Deng-Zhou-Bao's protocol [2], by adopt-ing Aura's CGA scheme with two hashes [9]. Aura's scheme enables our protocol to achieve stronger security than other CGA-based protocols without a trusted CA, resulting in less cost of verifying the HA's public key than the Deng-Zhou-Bao's protocol. Through the comparison of our protocol with other protocols such as the Deng-Zhou-Bao's protocol, CAM-DH and SUCV, we show that our protocol can provide better performance and manageability in addition to stronger security than other approaches.

A Handover Authentication Scheme initiated by Mobile Node for Heterogeneous FMIPv6 Mobile Networks (이기종 FMIPv6 기반의 이동 망에서 이동 노드 주도형 핸드오버 인증 기법)

  • Choi, Jae-Duck;Jung, Sou-Hwan
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.2
    • /
    • pp.103-114
    • /
    • 2007
  • The existing handover authentication schemes have authentication delay and overhead of the authentication server since they have been separately studied handover authentication at the link layer and the network layer. This paper proposes a handover authentication scheme initiated by Mobile Node on FMIPv6 based mobile access networks. The main idea of the paper is to generate a session key at the mobile node side, and transfer it to the next Access Router through the authentication server. Also, the scheme has a hierarchical key management at access router. There are two advantages of the scheme. First, the generated session key can be utilized for protecting the binding update messages and also for access authentication. Second, hierarchical key management at the access router reduced the handover delay time. The security aspects on the against PFS, PBS, and DoS attack of proposed scheme are discussed.

Cryptographic Key Generation Method Using Biometrics and Multiple Classification Model (생체 정보와 다중 분류 모델을 이용한 암호학적 키 생성 방법)

  • Lee, Hyeonseok;Kim, Hyejin;Nyang, DaeHun;Lee, KyungHee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.6
    • /
    • pp.1427-1437
    • /
    • 2018
  • While biometric authentication system has been in general use, research is ongoing to apply biometric data to public key infrastructure. It is a significant task to generate a cryptographic key from biometrics in setting up a public key of Bio-PKI. Methods for generating the key by quantization of feature vector can cause data loss and degrade the performance of key extraction. In this paper, we suggest a new method for generating a cryptographic key from classification results of biometric data using multiple classifying models. Our proposal does not cause data loss of feature vector so it showed better performance in key extraction. Also, it uses the multiple models to generate key blocks which produce sufficient length of the key.

A Study on Secure Binding Update Protocol Supporting Mobile Nodes with Constraint Computational Power in Mobile IPv6 Environment (모바일 IPv6 환경에서 제한된 계산 능력을 갖는 모바일 노드를 지원하는 바인딩 갱신 인증 프로토콜에 관한 연구)

  • Choi, Sung-Kyo;You, Il-Sun
    • Journal of Internet Computing and Services
    • /
    • v.6 no.5
    • /
    • pp.11-25
    • /
    • 2005
  • In MIPv6 environment, an important design consideration for public key based binding update protocols is to minimize asymmetric cryptographic operations in mobile nodes with constraint computational power, such as PDAs and cellular phones, For that, public key based protocols such as CAM-DH. SUCV and Deng-Zhou-Bao's approach provides an optimization to offload asymmetric cryptographic operations of a mobile node to its home agent. However, such protocols have some problems in providing the optimization. Especially, CAM-DH with this optimization does not unload all asymmetric cryptographic operations from the mobile node, while resulting in the home agent's vulnerability to denial of service attacks. In this paper, we improve the drawbacks of CAM-DH. Furthermore, we adopt Aura's two hash-based CGA scheme to increase the cost of brute-force attacks searching for hash collisions in the CGA method. The comparison of our protocol with other public key based protocols shows that our protocol can minimize the MN's computation overhead, in addition to providing better manageability and stronger security than other protocols.

  • PDF

Authentication of Fast Handovers for Mobile IPv6 using Return Routability (Return Routability를 이용한 Fast Handovers for Mobile IPv6 인증기법)

  • Shin, Tea-Il;Mun, Young-Song
    • Journal of Internet Computing and Services
    • /
    • v.9 no.1
    • /
    • pp.1-8
    • /
    • 2008
  • IETF has proposed Fast Handovers for Mobile IPv6 (FMIPv6) for efficient mobility management, FMIPv6 has no solutions to protect binding updates. Previous researches have mainly concentrated on using AAA, public cerificates or cryptographic algorithms to secure binding updates. However the approaches need a particular infrastructure or a heavy processing cost to setup secure associations for handovers. Proposed scheem provides authentication for FMIPv6 without infrasturcture and costly cryptographic algorithms by extending Return Routability Protocol. Also proposed scheme is oble to be used for various existing handover mechanisms in IPv6 network.

  • PDF

Authentication Method based on AAA to Traverse the VPN Gateway in Mobile IPv4 (Mobile IPv4에서 VPN 게이트웨이 통과를 위한 AAA 기반의 인증 방법)

  • Kim, Mi-Young;Mun, Young-Song
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.32 no.4B
    • /
    • pp.191-199
    • /
    • 2007
  • Mobile node has to register its current location to Home Agent when it moves to another network while away from home. However, the registration procedure cannot be completed successfully when Home Agent is protected by the VPN gateway which guards MN's home network and discards the unauthorized packets incoming from outside as a lack of security association(SA) between the Care-of address and security policy of the home network so that the binding registration message without SA is discarded smoothly by the VPN gateway. This paper presents the authentication and key exchange scheme using the AAA infrastructure for a user in Internet to access the home network behind the VPN gateway. By defining the role of authentication and tunnel processing for each agent or relay entity, this paper presents the procedure to register the current location to its Home Agent with secure manner. Performance result shows cost improvement up to 40% comparing with existing scheme in terms of the packet loss cost, the property of mobility and traffic.

An Evaluation of the Private Security Industry Regulations in Queensland : A Critique (호주 민간시큐리티 산업의 비판적 고찰 : 퀸즐랜드주를 중심으로)

  • Kim, Dae-Woon;Jung, Yook-Sang
    • Korean Security Journal
    • /
    • no.44
    • /
    • pp.7-35
    • /
    • 2015
  • The objective of this article is to inform and document the contemporary development of the private security industry in Queensland Australia, a premier holiday destination that provide entertainment for the larger region. The purpose of this review is to examine the comtemporary development of mandated licensing regimes regulating the industry, and the necessary reform agenda. The overall aim is threefold: first, to chart the main outcomes of the two-wave of reforms since the mid-'90s; second, to examine the effectiveness of changes in modes of regulation; and third, to identify the criteria that can be considered a best practice based on Button(2012) and Prenzler and Sarre's(2014) criteria. The survey of the Queensland regulatory regime has demonstrated that, despite the federal-guided reforms, there remain key areas where further initiatives remain pending, markedly case-by-case utilisation of more proactive strategies such as on-site alcohol/drug testing, psychological evaluations, and checks on close associates; lack of binding training arrangement for technical services providers; and targeted auditing of licensed premises and the vicinity of venues by the Office of Fair Trading, a licensing authority. The study has highlighted the need for more determined responses and active engagements in these priority areas. This study of the development of the licensing regimes in Queensland Australia provides useful insights for other jurisdictions including South Korea on how to better manage licensing system, including the measures required to assure an adequate level of professional competence in the industry. It should be noted that implementing a consistency in delivery mode and assessment in training was the strategic imperative for the Australian authority to intervene in the industry as part of stimulating police-private partnerships. Of particular note, competency elements have conventionally been given a low priority in South Korea, as exemplified through the lack of government-sponsored certificate; this is an area South Korean policymakers must assume an active role in implementing accredited scheme, via consulting transnational templates, including Australian qualifications framework.

  • PDF