• Journal of Korea Society of Digital Industry and Information Management
• /
• v.6 no.2
• /
• pp.55-69
• /
• 2010

This article proposed the authentication protocol for peer-to-peer resource sharing community. The proposed protocol does not require a priori information for generating and exchanging authentication key. Also this protocol can provide the delicate access control by allowing the user(authenticator) to assign the trust level to the authentication supplicant, which can be used to decide if the resource providing node will accept the resource sharing request from a resource requesting node. Trust Relationship Chaining provides the environment where trust levels (included in the trust table) of nodes in the resource sharing community are propagated among nodes when trust tables are exchanged between two nodes engaged in mutual authentication process and authentication refresh so that any two nodes which are not directly mutual-authenticated can assign the trust level each other for the access control for resource sharing. In the proposed protocol a node can implements the authentication refresh continuously to verify the effectiveness of authentication after mutual authentication so that the authentication of new node or authentication revocation(effectiveness cancellation) of the departed node can be propagated to the all the nodes in RSC and eventually safe resource sharing community is configured.

• Journal of Information Technology Services
• /
• v.12 no.1
• /
• pp.259-270
• /
• 2013

Identity authentication sharing technologies which allow many service providers to share the result of identity authentication of an identity provider receive high attention as alternatives for current problematic identity authentications in the next-generation Internet environment, since they can provide crucial advantages including high usability, cost effectiveness of service providers, and privacy protection. However, in order for the identity authentication sharing technologies to be widely deployed in global Internet scale, the interoperability problem among different identity authentication sharing protocols and the trustworthiness issue among the participating identity providers, service providers, and users should be resolved in advance. This paper firstly analyzes current status of the protocol interoperability issue and existing trust frameworks for identity authentication sharing. And then, based on the result of analysis, this paper proposes a next generation identity authentication sharing architecture for global Internet.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.10
• /
• pp.2199-2206
• /
• 2012

Identity authentication sharing technology which allows many service providers to share the result of identity authentication of an identity provider provides several important advantages including high usability achieved by avoiding repeated registration of identity information to service providers and single sign-on, cost effectiveness of service providers achieved by outsourcing identity authentication services from identity providers, and privacy protection achieved by exposing identity information only to a limited number of controlled identity providers. However, in order for the identity authentication sharing technologies to be widely deployed in global Internet scale, the trustworthiness issue among the participating identity providers, service providers, and users should be resolved in advance. This paper firstly analyzes existing trust frameworks for identity authentication sharing. And then, based on the result of analysis, this paper proposes a dynamic and open trust framework for identity authentication sharing.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.3
• /
• pp.259-272
• /
• 2004

This paper suggests a new security architecture for facilitating secure OSGi service platform environment. The security architecture includes 1) user authentication mechanism, 2) bundle authentication mechanism, 3) key sharing mechanism, and 4) authorization mechanism. The user authentication mechanism supplies SSO(single sign-on) functions which are useful for safe and easy user authentications. The bundle authentication mechanism utilizes both PKI-based and MAC-based digital signatures for efficiently authenticating service bundles. The key sharing mechanism, which is performed during bootstrapping phase of a service gateway, supplies a safe way for sharing secret keys that are required for authentication mechanisms. Finally, the authorization mechanism suggests distributed authorization among service providers and an operator by establishing their own security policies. The main contributions of the parer are twofold. First, we examine several security requirements of current OSGi specification when its security functions can be applied in real OSGi environments. Second, we describe the ways to resolve the problems by means of designing and implementing concrete security mechanisms.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.7
• /
• pp.3116-3133
• /
• 2020

Based on the teleportation by quantum walk, a quantum secret sharing scheme with credible authentication is proposed. Using the Hash function and quantum local operation, combined with the two-step quantum walks circuit on the line, the identity authentication and the teleportation of the secret information in distribution phase are realized. Participants collaborate honestly to recover secret information based on particle measurement results, preventing untrusted agents and external attacks from obtaining useful information. Due to the application of quantum walk, the sender does not need to prepare the necessary entangled state in advance, simply encodes the information to be sent in the coin state, and applies the conditional shift operator between the coin space and the position space to produce the entangled state necessary for quantum teleportation. Security analysis shows that the protocol can effectively resist intercept/resend attacks, entanglement attacks, participant attacks, and impersonation attacks. In addition, the quantum walk circuit used has been implemented in many different physical systems and experiments, so this quantum secret sharing scheme may be achievable in the future.

• The KIPS Transactions:PartA
• /
• v.11A no.6
• /
• pp.451-458
• /
• 2004

The previous studies focussed on the security problem and the fast re-authentication mechanism during handoffs in a single wireless LAN system. When the multiple wireless LAN systems share their network infrastructure one another, we propose an authentication mechanism allowing the subscriber to Perform the authentication procedure with the authentication server of its own wireless LAN system even in areas of other wireless LAN systems as well as in areas of its own wireless LAN system. In the proposed mechanism, the access point or the authentication server of other wireless LAN systems plays a role of the authentication agent between the subscriber and the authentication server of the subscriber's wireless LAN system. The proposed authentication mechanism is designed on the basis of the 802.1X and EAP-MD5 protocols.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.9
• /
• pp.73-78
• /
• 2016

In 2014, Wuu et al. proposed a group key management scheme based on (2,2) secret sharing. They asserted that their scheme satisfies security requirements and mutual authentication. But this paper pointed out that their scheme does not satisfy mutual authentication and impersonating attack. In this paper, we describe the reasons and processes that a malicious group member can impersonate the Group Key Distributor. To fill the gaps, we discuss the problems, and propose an improved protocol.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.11
• /
• pp.2479-2487
• /
• 2009

Earlier researches on Sensor Networks preferred symmetric key-based authentication schemes in consideration of limitations in network resources. However, recent advancements in cryptographic algorithms and sensor-node manufacturing techniques have opened suggestion to public key-based solutions such as Merkle tree-based schemes. This paper proposes a new concept of public key-based authentication using Polynomial Secret Sharing that can be effectively applied to sensor networks and a detection of malicious node using the hash function. This scheme is based on exponential distributed data concept, a derivative from Shamir's (t,n) threshold scheme, in which the authentication of neighbouring nodes are done simultaneously while minimising resources of sensor nodes and providing network scalability.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.25-34
• /
• 2022

This paper proposes a secret sharing based fast node authentication technique applicable to Flying Ad-Hoc Network (FANET) that can be used to construct self-organized communication network in multi drones and drone squadrons operations. Before deployment, each node stores an exponential share, exponential secret and a portion of PUF CRP table. After being deployed in the field, in the early-stage of network formation, each node broadcasts its ID, exponential share and a hash value of PUF Response and pseudo-random number. Then each node performs a reconstruction of the exponential secret using the exponential shares transmitted from neighboring nodes. When the exponential secret is reconstructed, simultaneous authentication is completed for all nodes that have transmitted the exponential share used in the reconstruction. A node that transmits an incorrect exponential share to disturb the reconstruction of the exponential secret during the authentication process can be detected before performing the reconstruction through the verification of the hash value, and will be excluded from the reconstruction.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.298-299
• /
• 2019

In this paper, we propose a stable mutual authentication protocol between unmanned combat systems in tactical wireless networks where long distance communications are not always guaranteed due to a poor channel condition. The proposed protocol generates an authentication code using hash collision of arbitrarily selected random data. The authentication requester encrypts and transmits it to the authenticator. They performs authentication by sharing the valid authentication code. We analyze the safety of the proposed method for various attack scenarios.