Enhanced Password-based Remote User Authentication Scheme Using Smart Cards

전일수,김현성 한국산업정보학회 2011 한국산업정보학회논문지 Vol.16 No.1

Secure and efficient authentication schemes over insecure networks have been a very important issue with the rapid development of networking technologies. Wang et al. proposed a remote user authentication scheme using smart cards. However, recently, Chen et al. pointed out that their scheme is vulnerable to the impersonation attack and the parallel session attack, and they proposed an enhanced authentication scheme. Chen et al. claimed that their scheme is secure against the various attacks. However, we have found that their scheme cannot resist the parallel attack and the stolen smart card attack. Therefore, in this paper, we show the security flaws in Chen et al.'s scheme and propose an improved remote user authentication scheme using tamper-resistant smart cards to solve the problem of Chen et al.'s scheme. We also analyze our scheme in terms of security and performance.

Enhanced Password-based Remote User Authentication Scheme Using Smart Cards

Il-Soo Jeon(전일수),Hyun-Sung Kim(김현성) 한국산업정보학회 2011 한국산업정보학회논문지 Vol.16 No.1

Secure and efficient authentication schemes over insecure networks have been a very important issue with the rapid development of networking technologies. Wang et al. proposed a remote user authentication scheme using smart cards. However, recently, Chen et al. pointed out that their scheme is vulnerable to the impersonation attack and the parallel session attack, and they proposed an enhanced authentication scheme. Chen et al. claimed that their scheme is secure against the various attacks. However, we have found that their scheme cannot resist the parallel attack and the stolen smart card attack. Therefore, in this paper, we show the security flaws in Chen et al."s scheme and propose an improved remote user authentication scheme using tamper-resistant smart cards to solve the problem of Chen et al."s scheme. We also analyze our scheme in terms of security and performance.

HS-Sign: A Security Enhanced UOV Signature Scheme Based on Hyper-Sphere

( Jiahui Chen ),( Shaohua Tang ),( Xinglin Zhang ) 한국인터넷정보학회 2017 KSII Transactions on Internet and Information Syst Vol.11 No.6

For “generic” multivariate public key cryptography (MPKC) systems, experts believe that the Unbalanced Oil-Vinegar (UOV) scheme is a feasible signature scheme with good efficiency and acceptable security. In this paper, we address two problems that are to find inversion solution of quadratic multivariate equations and find another structure with some random Oil-Oil terms for UOV, then propose a novel signature scheme based on hyper-sphere (HS-Sign for short) which directly answers these two problems. HS-Sign is characterized by its adding Oil-Oil terms and more advantages compared to UOV. On the one side, HS-Sign is based on a new inversion algorithm from hyper-sphere over finite field, and is shown to be a more secure UOV-like scheme. More precisely, according to the security analysis, HS-Sign achieves higher security level, so that it has larger security parameters choice ranges. On the other side, HS-Sign is beneficial from both the key side and computing complexity under the same security level compared to many baseline schemes. To further support our view, we have implemented 5 different attack experiments for the security analysis and we make comparison of our new scheme and the baseline schemes with simulation programs so as to show the efficiencies. The results show that HS-Sign has exponential attack complexity and HS-Sign is competitive with other signature schemes in terms of the length of the message, length of the signature, size of the public key, size of the secret key, signing time and verification time.

Robust Remote User Authentication Scheme using Smart Cards

Hyun Sung Kim,Sung Woon Lee 보안공학연구지원센터(JSE) 2010 보안공학연구논문지 Vol.7 No.5

Two user authentication schemes were recently proposed using smart cards. They do not need to maintain a verification table in registration server, which is one of the good and necessary aspect in the password based schemes. In this paper, we show that they are not secure against some attacks. Then we propose a robust remote user authentication scheme to withstand the flaws in them but preserve the same merits of them. Our scheme could be efficiently used in wireless communication applications.

Robust Remote User Authentication Schemeusing Smart Cards

김현성,이성운 보안공학연구지원센터 2010 보안공학연구논문지 Vol.7 No.5

Two user authentication schemes were recently proposed using smart cards. They do not need to maintain a verification table in registration server, which is one of the good and necessary aspect in the password based schemes. In this paper, we show that they are not secure against some attacks. Then we propose a robust remote user authentication scheme to withstand the flaws in them but preserve the same merits of them. Our scheme could be efficiently used in wireless communication applications.

다변수 이차식 기반 서명 기법 Rainbow의 공격 기법 및 보안강도 분석

조성민(Seong-Min Cho),김제인(Jane Kim),서승현(Seung-Hyun Seo) 한국정보보호학회 2021 정보보호학회논문지 Vol.31 No.3

양자적 특성을 활용한 Shor 알고리즘은 인수분해 및 이산대수 문제를 효율적으로 풀 수 있다. 이로 인해 RSA, 타원곡선(ECC: Elliptic Curve Cryptography) 등 인수분해와 이산대수 문제의 어려움에 기반하고 있는 기존 공개키 암호 시스템이 위협받고 있다. 이에 미국 국립표준기술연구소(NIST)에서는 양자 컴퓨터의 강력한 연산 능력에도 안전한 새로운 공개키 암호 체계의 표준인 양자 내성 암호(PQC: Post Quantum Cryptography)를 선정하는 공모를 진행하고 있다. 양자 내성 암호 후보군 중 다변수 이차식 기반 서명 기법은 짧은 서명 길이와 빠른 서명 및 검증으로 인해 사물인터넷(IoT) 등 제한된 자원을 갖는 기기에 적합하다. 이에 본 논문에서는 다변수 이차식 기반 서명 중 유일하게 3 라운드까지 최종 선정된 Rainbow에 대한 클래식 공격 기법과 양자적 특성을 이용한 공격 기법들을 분석하고, 현재 3라운드에 제시된 레인보우 파라미터에 대한 공격 복잡도를 계산하여 양자 내성 암호 표준화 후보 알고리즘인 레인보우 서명기법이 제공하는 보안 강도를 분석한다. Using Shor algorithm, factoring and discrete logarithm problem can be solved effectively. The public key cryptography, such as RSA and ECC, based on factoring and discrete logarithm problem can be broken in polynomial time using Shor algorithm. NIST has been conducting a PQC(Post Quantum Cryptography) standardization process to select quantum-resistant public key cryptography. The multivariate quadratic based signature scheme, which is one of the PQC candidates, is suitable for IoT devices with limited resources due to its short signature and fast sign and verify process. We analyzes classic attacks and quantum attacks for Rainbow which is the only multivatiate quadratic based signature scheme to be finalized up to the round 3. Also we compute the attack complexity for the round 3 Rainbow parameters, and analyzes the security level of Rainbow, one of the PQC standardization candidates.

BPEJTC를 이용한 광 비쥬얼 크립토그래피

이상이,이승현 대한전자공학회 2003 電子工學會論文誌-SD (Semiconductor and devices) Vol.40 No.8

비쥬얼 크립토그래피는 암호법에서 중요한 정보를 암호화하여 복수 회원에게 분산시킨 후 회원의 합의에 의하여 해독이 가능하게 하는 thresholding scheme을 디지털 시스템인 아닌 인간의 시각 시스템으로 해독이 가능하게 하였다. 그러나 표현의 한계로 인하여 몇 가지 문제점을 지니고 있었다. 이후 인간의 시각을 대신하여 레이져를 사용하는 광 비쥬얼 크립토그래피가 제안되어 광학 시스템에 암호법을 적용할 수 있게 되었다. 그러나 이 시스템은 기존의 비쥬얼 크립토그래피의 문제점을 완전히 극복하지 못함으로 인하여 또 다른 문제를 발생하였다. 이 것은 데이터 처리 시스템을 시각에서 광학으로 전환하는 과정에서 발생하였으므로 문제의 분석과 해결 역시 광학적으로 접근하는 것이 타당하다. 본 논문에서는 joint transform correlator를 이용하여 광 비쥬얼 크립토그래피에서 발생하는 잡음의 정도와 안정성을 주파수 관점에서 분석하였다. Visual cryptography made it possible to decrypt thresholding scheme with not digital system but human vision system. This method, however, has some limit in it. Optical visual cryptography was proposed which used laser instead of human eyesight. As a result, it was possible to adapt cryptography to optical system. However, it also had some difficulties because it did not overcome the existing problem of visual cryptography completely. These problems occurred in the process of transferring data processing system from visual to optics. Therefore, it is appropriate to approach these problems in terms of optics. This paper analyzes the level of noise and the security characteristics for optical visual cryptography in terms of frequency based on joint transform correlator.

A Secure Key Predistribution Scheme for WSN Using Elliptic Curve Cryptography

Kishore Rajendiran,Radha Sankararajan,Ramasamy Palaniappan 한국전자통신연구원 2011 ETRI Journal Vol.33 No.5

Security in wireless sensor networks (WSNs) is an upcoming research field which is quite different from traditional network security mechanisms. Many applications are dependent on the secure operation of a WSN, and have serious effects if the network is disrupted. Therefore, it is necessary to protect communication between sensor nodes. Key management plays an essential role in achieving security in WSNs. To achieve security, various key predistribution schemes have been proposed in the literature. A secure key management technique in WSN is a real challenging task. In this paper, a novel approach to the above problem by making use of elliptic curve cryptography (ECC) is presented. In the proposed scheme, a seed key, which is a distinct point in an elliptic curve, is assigned to each sensor node prior to its deployment. The private key ring for each sensor node is generated using the point doubling mathematical operation over the seed key. When two nodes share a common private key, then a link is established between these two nodes. By suitably choosing the value of the prime field and key ring size, the probability of two nodes sharing the same private key could be increased. The performance is evaluated in terms of connectivity and resilience against node capture. The results show that the performance is better for the proposed scheme with ECC compared to the other basic schemes.

해시 기반 서명 기법 최신 기술 동향 및 전망

박태환(Tae-hwan Park),배봉진(Bong-jin Bae),김호원(Ho-won Kim) 한국정보보호학회 2016 정보보호학회논문지 Vol.26 No.6

최근의 양자컴퓨터 기술 발전과 PQCrypto2016에서 미국 NIST의 포스트 양자 암호 표준 공모사업 발표로 인해 포스트 양자 암호에 대한 관심과 연구가 활발히 이루어지고 있다. 양자 컴퓨터와 관련된 대표적인 알고리즘인 Grover 알고리즘과 Shor 알고리즘으로 인해, 현재 사용되고 있는 다양한 대칭키 암호와 이산대수 기반의 공개키 암호의 안전성 재고가 필요한 상황에서 양자 컴퓨터에도 강인한 암호인 포스트 양자 암호 연구의 필요성이 발생하였다. 본 논문에서는 다양한 포스트 양자 암호 중 해시 기반 서명 기법의 최신 기술 동향과 전망에 대해 알아본다. In these days, there are a lot of research results on the Post-Quantum Cryptography according to developing of quantum computing technologies and the announcement of the NIST"s Post-Quantum Cryptography standard project. The key size of the existing symmetric key block ciphers are needed to increase and the security of discrete logarithm based public key cryptography can be broken by Grover"s algorithm and Shor"s algorithm. By this reason, a lot of cryptologist and mathematician research on safe cryptography against the quantum computer which is called as the Post-Quantum Cryptography. In this paper, we survey on recent technical trend on the Hash-Based Signature Scheme which is one of the Post-Quantum Cryptography and suggest the prospect of the Hash-Based Signature Scheme.

Cryptoanalysis of a Pairing-free Certificateless Signcryption Scheme

Philemon Kasyoka,Michael Kimwele,Shem Mbandu Angolo 한국통신학회 2021 ICT Express Vol.7 No.2

Signcryption is a very useful cryptographic primitive that aims to achieve authentication and confidentiality and in an efficient manner. We cryptanalyze the signcryption scheme of Luo and Ma (2019) which is claimed to be secure. Further, we propose a corresponding modification to show how their signcryption scheme can be made more secure in our proposed signcryption scheme. The security analysis is also applicable to other signcryption schemes with similar design.