• ETRI Journal
• /
• v.45 no.6
• /
• pp.1090-1102
• /
• 2023

Authenticated multiple key agreement (AMKA) protocols provide participants with multiple session keys after one round of authentication. Many schemes use Diffie-Hellman or authenticated key agreement schemes that rely on hard integer factorizations that are vulnerable to quantum algorithms. Lattice cryptography provides quantum resistance to authenticated key agreement protocols, but the certificate always incurs excessive public key infrastructure management overhead. Thus, a lightweight lattice-based secure system is needed that removes this overhead. To answer this need, we provide a two-party lattice- and identity-based AMKA scheme based on bilateral short integer or computational bilateral inhomogeneous small integer solutions, and we provide a security proof based on the random oracle model. Compared with existing AMKA protocols, our new protocol has higher efficiency and stronger security.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.394-400
• /
• 2013

WoT (Web of Things) was proposed to realize intelligent thing to thing communications using WEB standard technology. It is difficult to adapt security protocols suited for existing Internet communications into WoT directly because WoT includes LLN(Low-power, Lossy Network) and resource constrained sensor devices. Recently, IETF standard group propose to use DTLS protocol for supporting security services in WoT environments. However, DTLS protocol is not an efficient solution for supporting end to end security in WoT since it introduces complex handshaking procedures and high communication overheads. We, therefore, divide WoT environment into two areas- one is DTLS enabled area and the other is an area using lightweight security scheme in order to improve them. Then we propose a mutual authentication scheme and a session key distribution scheme for the second area. The proposed system utilizes a smart device as a mobile gateway and WoT proxy. In the proposed authentication scheme, we modify the ISO 9798 standard to reduce both communication overhead and computing time of cryptographic primitives. In addition, our scheme is able to defend against replay attacks, spoofing attacks, select plaintext/ciphertext attacks, and DoS attacks, etc.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.4
• /
• pp.1926-1934
• /
• 2013

M2M (Machine-to-Machine Communication) refers to technologies that allow wired and wireless systems to communicate with other devices with similar capabilities. M2M has special features which consist of low electricity consumption, cheap expenses, WAN, WLAN and others. Therefore, it can communicate via a network. Also, it can handle itself without a person's management. However, it has a wireless-communicate weakness because of the machine-communicate request, and also it is difficult to administrate and control each other. So In this Paper, It suggests the safety protocol between Device, Gateway and Network Domain in M2M environment. Proposed protocol is based on ID-Based encryption's certificate and creates session key between the Access Server and the Core Server in the Network Domain. It uses that session key for sending and receiving data in mutual, and adds key renewal protocol so it will automatically update discern result. a comparative analysis of the existing M2M communication technologies and PKI-based certificate technology is compared with the proposed protocol efficiency and safety.

• The KIPS Transactions:PartC
• /
• v.14C no.1 s.111
• /
• pp.55-64
• /
• 2007

Behind the popularity of VoIP in these days, it may present significant security challenges in privacy and accounting. Authentication and message encryption are considered to be essential mechanisms in VoIP to be comparable to PSTN. SIP is responsible for setting up a secure call in VoIP. SIP employs TLS, DTLS or IPSec combined with TCP, UDP or SCTP as a security protocol in VoIP. These security mechanisms may introduce additional overheads into the SIP performance. However, this overhead has not been understood in detail by the community. In this paper we present the effect of the security protocol on the performance of SIP by comparing the call setup delays among security protocols. We implement a simulation of the various combinations of three security protocols and three transport layer protocols suggested for SIP. UDP with any combination of security protocols performs a lot better than the combination of TCP. TLS over SCTP may impose higher impact on the performance in average because TLS might have to open secure channels as the same number of streams in SCTP. The reasons for differences in the SIP performances are given.

• The Journal of the Korea Contents Association
• /
• v.15 no.5
• /
• pp.27-35
• /
• 2015

Depending on the smart device user growth and development of communication technology, the area about working environment was extended without constraints of time and places. It is introducing to work using user's devices and this environment is called 'BYOD(Bring Your On Device)'. But it is vulnerable to security threat that happened in existing wireless environment and its security threat issue which is caused by inside information leak by an inside job and lost or stolen terminal which is caused by careless user is getting heated. So we studied about access control protocol by user rights under the BYOD situation make a session key based on the user information. We make a session key based on the user information and user device information, after that we design an access control protocol. The protocol we suggest can protect from attack under the BYOD situation and wireless communication situation and also safety and security requirement from inside information leak because it controls user rights.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.81-92
• /
• 2009

Recently, there is a drastic increase in users interested in real-time multimedia services in the WLAN environment, as the demand of IEEE 802.11 WLAN-based services increases. However, the handoff delay based on 802.11i security policy is not acceptable for the seamless real-time multimedia services provided to MS frequently moving in the WLAN environment, and there is a possibility of DoS attacks against session key derivation process and handoff mechanism. In this paper, a secure and efficient handoff mechanism in the centralized WLAN environment is introduced to solve the security problems. The 4-way Handshake for both mutual authentication and session key derivation is replaced by the 2-way Reassociation process.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.389-395
• /
• 2014

In a biometric signature scheme, a user's biometric key is used to sign the document. It also requires the user be authenticated with biometric recognition method, prior to signing the document. Because the biometric recognition is launched every time the signature session started, it is not suitable for electronic commerce applications such as shopping malls where large number of documents to sign are required. Therefore, to commercialize biometric based signature schemes, the new proxy signature scheme is needed to ease the burden of the signer. In the proxy signature scheme, the signer can delegate signing activities to trustful third parties. In this study, the biometric based signature delegation method is proposed. The proposed scheme is suitable for applications where a lot of signing are required. It is consisted of biometric key generation, PKI based mutual authentication, signature generation and verification protocols.

• Journal of KIISE:Information Networking
• /
• v.36 no.6
• /
• pp.552-557
• /
• 2009

One-time passwords are used just once and discarded, which makes it more secure than the repeatedly used conventional passwords. This paper proposes a challenge-response based one-time password generator on a user's mobile phone always carried with the user. The generator can provide an additional authentication for a user to issue a money transfer request within his Internet banking session on a PC. A currently used device for Internet banking generates a password that changes every 30 seconds or so, which allows a man-in-the-middle to use it for stealing money within the 30 seconds. Unlike such a device, the proposed generator resists against the man-in-the-middle attack by a novel challenge-response scheme, provides better accessability and protection against stolen devices. As the currently used devices do, it prevents any unauthorized transfer even if the victim's all other credentials are revealed through his PC infected with spyware such as a keyboard logger.

• Journal of KIISE:Information Networking
• /
• v.37 no.3
• /
• pp.187-197
• /
• 2010

The fusion stream of recent broadcasting and communication make multimedia content served in the area of broadcasting into IPTV service which transmits it through high-speed internet, cable TV net and satellite net in realtime. However, as the digital broadcasting service is extended to various media, the security of IPTV service content provided to users by service provider is not fully supported by CAS(Conditional Access System) provided by existing broadcasting system. This paper proposes interactive certification protocol which can efficiently distinguish the receiving-qualification of user between Set-Top Box and Smart Card which are parts of configurations for IPTV system. The proposed protocol uses hash function to make Set-Top Box transmit receiving-qualification about the channel fee which user pays more properly than existing protocol. Also, the proposed protocol uses session key generated between receiver and smart card through inter certification process and encrypts EMM not the service to be used by anyone illegally.

• The Journal of the Korea Contents Association
• /
• v.10 no.3
• /
• pp.32-43
• /
• 2010

IPTV is an emerging technology that combines both broadcasting and tele-communication technologies, and provides various multi-media contents to the service subscribers. In general, IPTV broadcasters transmit scrambled signals (multi-media contents) to the paying subscribers, and the users within the acknowledged network descramble the signals using the smart-card. That is, users are verified through communication between STB (Set-Top Box) and smart-card. In 2004, Jiang et al. proposed a secure protocol regarding the verification process. The method has been modified and enhanced by several following research works. However, all the methods that have been proposed so far required modular exponentiation operations which may raise the smart-card costs. In this paper, we propose a new efficient mutual authentication and session-key establishment protocol using only hash functions and exclusive-or operations, and show that the proposed protocol is still secure under various security attacks.