• Journal of information and communication convergence engineering
• /
• v.3 no.3
• /
• pp.163-166
• /
• 2005

The Key exchange protocols are very crucial tools to provide the secure communication in the broadband satellite access network. They should be required to satisfy various requirements such as security, Key confirmation, and Key freshness. In this paper, Two authenticated key exchange protocols TPEKE-E(Two Pass Encrypted Key Exchange-Exchange-Efficient) and TPEKE-S(Two Pass Encrypted Key xchange-Secure) are introduced. A basic idea of the protocols is that a password can be represented by modular addition N, and the number of possible modular addition N representing the password is $2^N$. The TPEKE-E is secure against the attacks including main-in-the-middle attack and off-line dictionary attack, and the performance is excellent so as beyond to comparison with other authenticated key exchange protocols. The TPEKE-S is a slight modification of the TPEKE-E. The TPEKE-S provides computational in feasibility for learning the password without having performed off line dictionary attack while preserving the performance of the TPEKE-E.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.4
• /
• pp.1876-1883
• /
• 2011

The TPM is a hardware chip for making a trusted environment on computing system. We previously need a command authorization process to use principal TPM commands. The command authorization is used to verify an user who knows a usage secret to TPM chip. Since the user uses a simple password to compute usage secret, an attacker can retrieve the password by evasdropping messages between user and TPM chip and applying off-line dictionary attack. In this paper, we simulate the off-line dictionary attack in real PC environment adopted a TPM chip and propose a novel countermeasure to defeat this attack. Our proposed method is very efficient due to its simplicity and adaptability without any modification of TPM command structures.

• Journal of information and communication convergence engineering
• /
• v.4 no.4
• /
• pp.166-169
• /
• 2006

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. In this paper, we present a new identification scheme: OPI(One Pass Identification). The security of OPI is based on the square root problem, and OPI is secure: against the well known attacks including pre-play attack, off-line dictionary attack and server comprise. A number of pass of OPI is one, and OPI processes the password and does not need the key. We think that OPI is excellent for the consuming time to verify the prover.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.285-292
• /
• 2009

In 2005, Lee and Chen suggested an enhanced one-time password authentication scheme which can prevent the stolen verifier attack that the Yeh-Shen-Whang's scheme has. The Lee-Chen's scheme addresses the stolen verifier attack by deriving each user's pre-shared secret SEED from the server secret. However, we investigated the weakness of the Lee-Chen's scheme and found out that it was suffering from the off-line dictionary attack on the server secret. We demonstrated that the off-line dictionary attack on the server secret can be easily tackled with only the help of the Hardware Security Modules (HSM). Moreover, we improved the scheme not to be weak to the denial of service attack and allow compromise of the past session keys even though the current password is stolen. Through the comparison between the Lee-Chen's scheme and the proposed one, we showed that the proposed one is stronger than other.

• Journal of information and communication convergence engineering
• /
• v.5 no.4
• /
• pp.346-350
• /
• 2007

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBSI(Password Based Secure Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBSI is also excellent in the aspect of the performance.

• Journal of information and communication convergence engineering
• /
• v.3 no.4
• /
• pp.213-216
• /
• 2005

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root Problem, and we would like to suggest PBI(password Based Identification), enhancing the stability, for all of the well-known attacks by now including Off-line dictionary attack, password file compromise, Server and so on. The PBI is also excellent in the aspect of the performance.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.9B
• /
• pp.931-938
• /
• 2009

Recently, Holbl et al. proposed an improvement to Peyravian-Jeffries's password-based authentication protocol to overcome some security flaws. However, Munilla et al. showed that Holbl et al.'s improvement is still vulnerable to off-line password guessing attack. In this paper, we provide a secure password-based authentication protocol which gets rid of the security flaws of Holbl et al.'s protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.97-104
• /
• 2001

In this paper, we propose Recoverable Password Based Key Exchange Protocol(RPKEP). RPKEP has user who has password, server which share the secret key information with user, and password recovery agency(PRA) which help to recover the user\`s password. Proposed protocol has some advantages that it is secure against off-line dictionary attack which is considered most important in password based key exchange protocol and suer\`s security is preserved even though user\`s secret information stored in the server is disclosed. By applying Chaum\`s blind signature scheme in the process of password recovery, even the PRA can\`t obtain any information about user\`s password.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.1
• /
• pp.139-147
• /
• 2010

A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. In 2005, Liao et al. proposed a remote user authentication scheme using a smart card, in which users can be authenticated anonymously. Recently, Yoon et al. have discovered some security flaws in Liao et al.'s authentication scheme and proposed an improved version of this scheme to fix the security flaws. In this article, we review the improved authentication scheme by Yoon et al. and provide a security analysis on the scheme. Our analysis shows that Yoon et al.'s scheme does not guarantee not only any kind of authentication, either server-to-user authentication or user-to-server authentication but also password security. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, and an off-line dictionary attack on Yoon et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Yoon et al.'s scheme.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.8
• /
• pp.1843-1848
• /
• 2010

The Key exchange protocols are very crucial tools to provide the secure communication in the broadband satellite access network. They should be required to satisfy various requirements such as security, Key confirmation, and Key freshness. In this paper, we propose Two authenticated key exchange protocols Two Pass EKE-E(Encrypted Key Exchange-Efficient) and Two Pass EKE-S(Encrypted Key Exchange-Secure) are introduced. A basic idea of the protocols is that a password can be represented by modular addition N, and the number of possible modular addition N representing the password is $2^N$ The Two Pass EKE-E is secure against the attacks including main-in-the-middle attack and off-line dictionary attack, and the performance is excellent so as beyond to comparison with other authenticated key exchange protocols. The Two Pass EKE-S is a slight modification of the Two Pass EKE-E. The Two Pass EKE-S provides computational in feasibility for learning the password without having performed off line dictionary attack while preserving the performance of the Two Pass EKE-E.