• The Journal of Society for e-Business Studies
• /
• v.12 no.1
• /
• pp.89-97
• /
• 2007

Recently, a large number of authentication schemes based on smart cards have been proposed, using the thinking of OTP (one-time password) to withstand replay attack. Unfortunately, if these schemes implement on PCs instead of smart cards, most of themcannot withstand impersonation attack and Stolen-Verifier attack since the data on PCs is easy to read and steal. In this paper, a secure authentication scheme based on a security key and a renewable token is proposed to implement on PCs. A comparison with other schemes demonstrates the proposed scheme has following merits: (1) Withstanding Stolen-Verifier attack (2) Withstanding Impersonation attack (3) Providing mutual authentication; (4) Easy to construct secure session keys.

• Journal of Information Processing Systems
• /
• v.6 no.1
• /
• pp.43-52
• /
• 2010

In the secure communication areas, three-party authenticated key exchange protocol is an important cryptographic technique. In this protocol, two clients will share a human-memorable password with a trusted server, in which two users can generate a secure session key. On the other hand the protocol should resist all types of password guessing attacks. Recently, STPKE' protocol has been proposed by Kim and Choi. An undetectable online password guessing attack on STPKE' protocol is presented in the current study. An alternative protocol to overcome undetectable online password guessing attacks is proposed. The results show that the proposed protocol can resist undetectable online password guessing attacks. Additionally, it achieves the same security level with reduced random numbers and without XOR operations. The computational efficiency is improved by $\approx$ 30% for problems of size $\approx$ 2048 bits. The proposed protocol is achieving better performance efficiency and withstands password guessing attacks. The results show that the proposed protocol is secure, efficient and practical.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1467-1480
• /
• 2016

This paper proposes "A Black Hole Detection Protocol Design based on a Mutual Authentication Scheme on VANET." It consists of the Mutual Authentication Scheme (MAS) that processes a Mutual Authentication by transferring messages among a Gateway Node, a Sensor Node, and a User Node and the Black Hole Detection Protocol (BHDP) which detects a Non-Authentication Node by using the Session Key computed in the MAS and a Black Hole by using the Broadcasting Table. Therefore, the MAS can reduce the operation count of hash functions more than the existing scheme and protect a privacy from an eavesdropping attack and an information exposure by hashing a nonce and user's ID and password. In addition, the MAS prevents a replay attack by using the randomly generated nonce and the time stamp. The BHDP improves Packet Delivery ratio and Throughput more than the AODV with Black hole by 4.79% and 38.28Kbps. Also, it improves Packet Delivery ratio and Throughput more than the IDSAODV by 1.53% and 10.45Kbps. Hence it makes VANET more safe and reliable.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.73-80
• /
• 2006

Recently, Sun et el. proposed a three-party authenticated key exchange protocol using the public key of the server and the derived verifier from the Password of a user. This paper proposes a password-based three-party authenticated key exchange protocol using smartcards. Since the proposed protocol has very low computation cost by using XOR and hash function operation instead of the public key operation, and reduces the count of message transmission to 20% compared with the protocol of Sun et el., it can execute an effective authenticated key exchange. Furthermore, the proposed protocol is safe from password guessing attack by not saving passwords in the server, and it is also safe from server compromise attack because the server cannot know the shared session key between the two users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.107-114
• /
• 2003

In this paper, we propose an efficient mutual authentication and key distribution protocol for cdma2000 packet data service which uses Mobile U access method with DIAMETER AAA(Authentication, Authorization and Accounting) infrastructure. The proposed scheme provides an efficient mutual authentication between MN(Mobile Node) and AAAH(home AAA server), and a secure session-key distribution among Mobile If entities. The proposed protocol improves the efficiency of DIAMETER AAA and satisfies the security requirements for authentication and key distribution protocol. Also, the key distributed by the proposed scheme can be used to generate keys for packet data security over 1xEV-DO wireless interface, in order to avoid a session hijacking attack for 1xEV-DO packet data service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.5
• /
• pp.37-43
• /
• 2002

This paper proposes a password-based mutual authentication and key agreement protocol, which is designed by applying ECDSA and ECDH. The proposed protocol, AKE-ECC, computes 2 times of point multiplication over ECC on each of client and server, and generates the key pairs(public key. private key) and a common session key using ECDH that is different compare to previously proposed protocol. It is against common attacks include a dictionary attack and the security of proposed protocol is based on the ECDLP, ECDH.

• International Journal of Internet, Broadcasting and Communication
• /
• v.8 no.3
• /
• pp.41-49
• /
• 2016

Recently, many biometrics-based user authentication schemes for telecare medicine information systems (TMIS) have been proposed to improve the security problems in user authentication system. In 2014, Mishra et al. proposed an improvement of Awasthi-Srivastava's biometric based authentication for TMIS which is secure against the various attacks and provide mutual authentication, efficient password change. In this paper, we discuss the security of Mishra et al.'s authentication scheme, and we have shown that Mishra et al.'s authentication scheme is still insecure against the various attacks. Also, we proposed the improved scheme to remove these security problems of Mishra et al.'s authentication scheme, even if the secret information stored in the smart card is revealed. As a result, we can see that the improved biometric based authentication scheme is secure against the insider attack, the password guessing attack, the user impersonation attack, the server masquerading attack and provides mutual authentication between the user and the telecare system.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.3
• /
• pp.1356-1366
• /
• 2011

The TPM(Trusted Platform Module) is a hardware chip to support a trusted computing environment. A rightful user needs a command authorization process in order to use principal TPM commands. To get command authorization from TPM chip, the user should perform the OIAP(Object-Independent Authorization Protocol) or OSAP(Object-Specific Authorization Protocol). Recently, Chen and Ryan alerted the vulnerability of insider attack on TPM command authorization protocol in multi-user environment and presented a countermeasure protocol SKAP(Session Key Authorization Protocol). In this paper, we simulated the possibility of insider attack on OSAP authorization protocol in real PC environment adopted a TPM chip. Furthermore, we proposed a novel countermeasure to defeat this insider attack and improve SKAP's disadvantages such as change of command suructures and need of symmetric key encryption algorithm. Our proposed protocol can prevent from insider attack by modifying of only OSAP command structure and adding of RSA encryption on user and decryption on TPM.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.5
• /
• pp.297-301
• /
• 2013

Key agreement protocols allow multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. Since Joux first published the pairing-based one round tripartite key agreement protocol, many authenticated protocols have been proposed. Unfortunately, many of them have been broken while others have been shown to be deficient in some desirable security attributes. In 2004, Cheng et al. presented two protocols aimed at strengthening Shim's certificate-based and Zhang et al.'s tripartite identity-based protocols. This paper reports that 1) In Cheng et al.'s identity-based protocol, an adversary can extract long-term private keys of all the parties involved; and 2) Cheng et al.'s certification-based protocol is weak against key integrity attacks. This paper suggests possible remedies for the security flaws in both protocols and then presents a modified Cheng et al.'s identity-based, one-round tripartite protocol that is more secure than the original protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.127-133
• /
• 2005

This paper presents a password-based key exchange protocol to guarantee secure communications for two users registered in a sever. In this protocol, the server is only responsible for the legality of the users but does not how the session key agreed between them. The protocol can resist the various attacks including server compromise attack and provide the perfect forward secrecy. The proposed protocol is efficient in terms of computation cost because of not employing the sewer's public key.