• Title/Summary/Keyword: key authentication

Search Result 1,214, Processing Time 0.025 seconds

A Design of DA_UDC(Double Authentication User.Device.Cross) Module using OTA(One Time Authentication) Key in Home Network Environment (홈 네트워크 환경에서 OTA(One Time Authentication)키를 이용한 DA_UDC(Double Authentication User.Device.Cross) 모듈 설계)

  • Jeong, Eun-Hee;Lee, Byung-Kwan
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.4B
    • /
    • pp.419-427
    • /
    • 2009
  • This paper propose DA-UDC(Double Authentication User, Device, Cross) Module which solves the cost problem and the appropriation of Certificate using User Authentication, Device Authentication and Cross Authentication with OTA(One Time Authentication) Key, and which is designed not to subscribe to the service of Home network business. Home Server transmits its public key which is needed to create OTA to the user which passed the first step of authentication which verifies User ID, Device ID and Session Key. And it performs the second step of authentication process which verifies the OTA key created by a user. Whenever the OTA key of DA-UDC module is generated, the key is designed to be changed. Therefore, DA-UDC Module prevents the exposure of User and Device ID by performing the two steps of authentication and enhances the authentication security of Home Network from malicious user with OTA key. Also, DA-UDC Module is faster than the existing authentication system in processing speed because it performs authentication calculation only once. Though DA-UDC Module increases data traffic slightly because of the extra authentication key, it enhances the security more than the existing technique.

A Study on Mobile IPv4 Authentication Mechanisms

  • Lim, Jung-Muk;Lim, Hyung-Jin;Chung, Tai-Myoung
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • 2005.11a
    • /
    • pp.277-280
    • /
    • 2005
  • With the proliferation of mobile terminals, use of the Internet in mobile environments is becoming more common. To support mobility in these terminals, Mobile IPv4 is proposed and represents the standard in IPv4 environments. Authentication should be mandatory, because mobile terminals can utilize Internet services in any foreign domain. Mobile IPv4 provides symmetric key based authentication using the default HMAC-MD5. However, symmetric key based authentication creates a key distribution problem. To solve this problem, public key based authentication mechanisms have been proposed. In this paper, the performance of each of these mechanisms is evaluated. The results present that, among these mechanisms, partial certificate based authentication has superior performance, and certificate based authentication has the worst performance. Although current public key based authentication mechanisms have lower performance than symmetric key based authentication, this paper presents the possibility that public key based authentication mechanisms may be used for future mobile terminal authentication.

  • PDF

A Study on Public Key Cryptographic Authentication System Providing Key Distribution and Recovery in the Initial Authentication (초기인증에서 키 분배 및 복구를 지원하는 공개키 암호 인증시스템에 관한 연구)

  • Shin Kwang-Cheul;Cho Sung-Je
    • Journal of Internet Computing and Services
    • /
    • v.7 no.3
    • /
    • pp.83-91
    • /
    • 2006
  • In this paper, we improved a cryptography system model based on the secure initial authentication public key with PKINIT of authentication and key recovery protocol. It is applied to all fields of cryptography system using certificate. This study presents two mechanisms to authenticate between member users. The first mechanism is initial authentication and distribution of session key by public key cryptography based on certificate between entity and server, and the second mechanism is a key recovery support protocol considering loss of session key in the secure communication between application servers.

  • PDF

The Development of a One-time Password Mechanism Improving on S/KEY (S/KEY를 개선한 일회용 패스워드 메커니즘 개발)

  • 박중길
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.2
    • /
    • pp.25-36
    • /
    • 1999
  • In this paper we propose a one-time password mechanism that solves the problems of the S/KEY: the limitation of a usage and the need of storage for keys. because of using a cryptographic algorithm the proposed mechanism has no the limitation of a usage. Also because of producing the key for an authentication from a user's password it is easy to manage the authentication key and is possible to share the session key between a client and a server after the authentication process. In addition the proposed mechanism is easy to protect and manage the authentication information because of using a smart card and is adopted by the system that needs a noe-way authentication from a client to a server without the challenge of a server.

The Analysis of the TETRA Authentication Protocol (TETRA 인증 프로토콜 분석)

  • Park Yong-Seok;Ahn Jae-Hwan;Jung Chang-Ho;Ahn Joung-Chul
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.10 no.6
    • /
    • pp.1070-1075
    • /
    • 2006
  • TETRA system provides the radio authentication service which permits only authorized radio to access network. Radio authentication is the process which checks the sameness of authentication-key(K) shared between radio and authentication center by challenge-response protocol. TETRA standard authentication protocol can prevent the clone radio to copy ISSI from accessing network, but can't prevent the clone radio to copy ISSI & authentication-key. This paper analyzes authentication-key generation/delivery/infection model in TETRA authentication system and analyzes the threat of clone radio caused by authentication-key exposure. Finally we propose the new authentication protocol which prevent the clone radio to copy ISSI & authentication-key from accessing network.

Password-Based Key Exchange Protocols for Cross-Realm (Cross-Realm 환경에서 패스워드기반 키교환 프로토콜)

  • Lee, Young Sook
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.5 no.4
    • /
    • pp.139-150
    • /
    • 2009
  • Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. There have been many protocols proposed over the years for password authenticated key exchange in the three-party scenario, in which two clients attempt to establish a secret key interacting with one same authentication server. However, little has been done for password authenticated key exchange in the more general and realistic four-party setting, where two clients trying to establish a secret key are registered with different authentication servers. In fact, the recent protocol by Yeh and Sun seems to be the only password authenticated key exchange protocol in the four-party setting. But, the Yeh-Sun protocol adopts the so called "hybrid model", in which each client needs not only to remember a password shared with the server but also to store and manage the server's public key. In some sense, this hybrid approach obviates the reason for considering password authenticated protocols in the first place; it is difficult for humans to securely manage long cryptographic keys. In this work, we introduce a key agreement protocol and a key distribution protocol, respectively, that requires each client only to remember a password shared with its authentication server.

Design of a Strong Authentication Mechanism using Public-Key based on Kerberos (공개키를 이용한 커버로스 기반의 강력한 인증 메커니즘 설계)

  • 김은환;전문석
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.4
    • /
    • pp.67-76
    • /
    • 2002
  • Kerberos is designed to provide strong authentication between client and application servers which are working in distributed network environment by using symmetric-key cryptography, and supposed to trust other systems of the realm. In this paper, we design an efficient and strong authentication mechanism by introducing the public/private-key to Kerberos. In the mechanism to make a system more secure, the value of the session key is changed everytime using MAC(message authentication code) algorithm with the long-term key for user-authentication and a random number exchanged through the public key. Also, we employ a mutual authentication method, which is used on challenge-response mechanism based on digital signatures, to improve trust between realms, and present a way of reducing the number of keys by simplifying authentication steps.

One time password key exchange Authentication technique based on MANET (MANET 기반 원타임 패스워드 키교환 인증기법)

  • Lee, Cheol-Seung;Lee, Joon
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.11 no.7
    • /
    • pp.1367-1372
    • /
    • 2007
  • This paper suggests One-time Password key exchange authentication technique for a strong authentication based on MANET and through identify wireless environment security vulnerabilities, analyzes current authentication techniques. The suggested authentication technique consists of 3 steps: Routing, Registration, and Running. The Routing step sets a safe route using AODV protocol. The Registration and Running step apply the One-time password S/key and the DH-EKE based on the password, for source node authentication. In setting the Session key for safe packet transmission and data encryption, the suggested authentication technique encrypts message as H(pwd) verifiers, performs key exchange and utilizes One time password for the password possession verification and the efficiency enhancement. EKE sets end to end session key using the DH-EKE in which it expounds the identifier to hash function with the modula exponent. A safe session key exchange is possible through encryption of the H(pwd) verifier. The suggested authentication technique requires exponentiation and is applicable in the wireless network environment because it transmits data at a time for key sharing, which proves it is a strong and reliable authentication technique based on the complete MANET.

A New Roaming Authentication Framework For Wireless Communication

  • Li, Xiaowei;Zhang, Yuqing;Liu, Xuefeng;Cao, Jin;Zhao, Qianqian
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.8
    • /
    • pp.2061-2080
    • /
    • 2013
  • Roaming authentication protocol is widely used in wireless network which can enable a seamless service for the mobile users. However, the classical approach requires the home server's participation during the authentication between the mobile user and the foreign server. So the more the roaming requests are performed the heavier burden will be on the home server. In this paper, we propose a new roaming authentication framework for wireless communication without the home server's participation. The new roaming authentication protocol in the new framework takes advantage of the ID-based cryptography and provides user anonymity. It has good performance compared with the roaming authentication protocols whose authentication do not need the home server's participation in terms of security and computation costs. Moreover, a new User-to-User authentication protocol in the new framework is also present. All the authentications proposed in this paper can be regarded as a common construction and can be applied to various kinds of wireless networks such as Cellular Networks, Wireless Mesh Networks and Vehicle Networks.

Public Key Authentication using(t, n) Threshold Scheme for WSN ((t, n) 임계치 기법을 이용한 센서네트워크에서의 공개키 인증)

  • Kim, Jun-Yop;Kim, Wan-Ju;Lee, Soo-Jin
    • Journal of the Korea Institute of Military Science and Technology
    • /
    • v.11 no.5
    • /
    • pp.58-70
    • /
    • 2008
  • Earlier researches on Sensor Networks preferred symmetric key-based authentication schemes in consideration of limitations in network resources. However, recent advancements in cryptographic algorithms and sensor-node manufacturing techniques have opened suggestion to public key-based solutions such as Merkle tree-based schemes. These previous schemes, however, must perform the authentication process one-by-one in hierarchical manner and thus are not fit to be used as primary authentication methods in sensor networks which require mass of multiple authentications at any given time. This paper proposes a new concept of public key-based authentication that can be effectively applied to sensor networks. This scheme is based on exponential distributed data concept, a derivative from Shamir's (t, n) threshold scheme, in which the authentication of neighbouring nodes are done simultaneously while minimising resources of sensor nodes and providing network scalability. The performance advantages of this scheme on memory usage, communication overload and scalability compared to Merkle tree-based authentication are clearly demonstrated using performance analysis.