An Secure Hierarchical Key Agreement Scheme for Wireless Sensor Networks

Kefei Mao,Jie Chen,Jianwei Liu 보안공학연구지원센터 2016 International Journal of Multimedia and Ubiquitous Vol.11 No.9

In Wireless Sensor Networks (WSN), a key agreement scheme is an essential task for secure communications. Recently, Lee and Kim proposed a hierarchical key agreement scheme for the fresh key establishment in WSN. This scheme achieves a secure session key agreement. In this paper, we analyze the security of the scheme and illustrate that their scheme is unconfident against the insider attack in practice. Moreover, it is also difficult to resist the replay attack in this scheme. Then, we proposed a novel scheme inspired by their scheme. The entities of our scheme include a Sink besides the sensor nodes, which interrupts the construction of the insider attack. Our scheme adopts the timestamp mechanism to resist replay attack, which could decrease the storing requirement of the sensor nodes. Thus, it is more practical and realistic. We illustrate that our proposal can provide stronger security than Lee and Kim’s scheme.

A Provably-Anonymous Authentication Scheme for Roaming Services

Junghyun Nam,Kim-Kwang Raymond Choo,Juryon Paik 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.3

In this work, we extend the widely accepted security model of Bellare, Pointcheval and Rogaway (2000) in order to prove the security of smart-card-based roaming authentication (SRA) schemes. More specifically, in this extended model, we provide formal definitions of authenticated key exchange and user anonymity for SRA schemes, in order to capture side-channel, offline dictionary, and other common attacks. We then present a new SRA scheme and prove its security in our extended model. To the best of our knowledge, our proposed scheme is the first provably-secure SRA scheme that achieves user anonymity. We conclude by demonstrating that our scheme is also computationally efficient relative to other similar published schemes without a security proof.

Analysis of Variants of the Even-Mansour scheme

HongTae Kim 한국융합보안학회 2020 융합보안 논문지 Vol.20 No.1

암호학에서 최소화에 관한 많은 연구가 이루어지고 있다. 안전한 최소의 블록암호는 이러한 연구주제 중의 하나이며, 이븐 (Even)과 맨서(Mansour)는 간단한 블록암호를 제안하였다. 이븐-맨서 스킴은 하나의 치환(permutation)과 두 개의 표백화키 (whitening key)를 갖는 일종의 블록암호이다. 이븐-맨서 스킴에 관련된 연구는 블록암호의 안전성과 설계에 대한 이해에 큰 도움을 준다. 이븐-맨서 스킴과 이의 변형된 스킴의 안전성을 분석하기 위한 많은 시도들이 제안되어 왔다. 우리는 이븐-맨서 스킴의 새로운 변형된 스킴을 제시하고 기존의 변형된 스킴을 소개한다. 우리는 이븐-맨서 스킴의 변형된 스킴의 안전성에 초 점을 맞추고 키의 크기에 따르는 안전성의 변화를 제시한다. 우리는 이븐-맨서 스킴의 변형된 스킴의 안전성을 증명하고 일반 화된 이븐-맨서 스킴이 최소의 블록암호로 적합하지 않음을 보인다. There have been many papers on minimalism of cryptography. Secure minimal block cipher is one of these topics and Even and Mansour suggested a simple block cipher. The Even-Mansour scheme is a block cipher with one permutation and two whitening keys. Studying related to the Even-Mansour scheme gives great insight into the security and design of block cipher. There have been suggested many trials to analyze the security of the Even-Mansour scheme and variants of the Even-Mansour scheme. We present a new variant of the Even-Mansour scheme and introduce a variant of the Even-Mansour scheme. We focus on the security of these variants of the Even-Mansour scheme and present variation of the security according to key size. We prove the security of a variant of the Even-Mansour scheme and show that a generalized Even-Mansour scheme is not proper for a minimal block cipher.

안전한 브로드 캐스팅을 위한 Time-Bound Hierarchical Key Management 스킴 비교 분석

김현철,구우권,이준호,이동훈 한국정보통신설비학회 2008 한국정보통신설비학회 학술대회 Vol.2008 No.1

Secure broadcasting is requirement for payment of TV systems, government or company. Hierarchical key management for access control provides efficient key management in those environment. Also, time-bound hierarchical key management technique generates different keys in each time period. In 2004, Tzeng proposed a time-bound cryptgraphic key assignment scheme for access control in a hierarchy and in 2008, Bertino et al proposed an efficient time-bound hierarchical key management scheme for secure broadcasting. Tzeng’s scheme and Bertino et al’s scheme are organized in different environment and primitive. In this paper, we analysis above two time-bound hierarchical key management scheme.

A Secure MQAM Scheme Based on Signal Constellation Hopping

( Yingxian Zhang ),( Aijun Liu ),( Xiaofei Pan ),( Zhan Ye ) 한국인터넷정보학회 2014 KSII Transactions on Internet and Information Syst Vol.8 No.7

In this paper, a secure multilevel quadrature amplitude modulation (MQAM) scheme is proposed for the physical layer security (PLS) of the wireless communications. In the proposed scheme, each transmitted symbol`s signal constellation (SC) is hopping with the control of two unique factors: amplitude distortion (AD) factor and phase hopping (PH) factor. With unknown the two factors, the eavesdropper cannot extract effective information from the received signal. We first introduce a security metric, referred to as secrecy gain, and drive a lower bound on the gain that the secrecy capacity can be improved. Then, we investigate the relationship among the secrecy gain, the signal to noise power ratios (SNRs) of the main and wiretap channels, and the secrecy capacity. Next, we analyze the security of the proposed scheme, and the results indicate that the secrecy capacity is improved by our scheme. Specifically, a positive secrecy capacity is always obtained, whether the quality of the main channel is better than that of the wiretap channel or not. Finally, the numerical results are provided to prove the analytical work, which further suggests the security of the proposed scheme..

미국법상 증권사기 관여자에 대한 민사책임

심영 한국상사법학회 2008 商事法硏究 Vol.27 No.2

In January 2008, the US Supreme Court ruled that a firm could not be held liable for a securities fraud merely because it was a business partner of a company that committed the fraud. The majority of the Supreme Court is concerned about the competitiveness of America’s capital markets. Various actors participate in various ways in the securities fraud. The main vehicle for actions against those actors is section 10(b) of the Securities Exchange Act of 1934 and the corresponding SEC Rule 10b-5 in US. The US Supreme Court held in 1994 Central Bank that there is no private right of action against parties aiding and abetting securities law violations under section 10(b). Afterwards, the investors who suffer from securities fraud have tried to establish ‘scheme liability’ in order to avoid this aiding and abetting limitation. The 2008 Stoneridge case rejects the ‘scheme liability’ theory which is based on Rule 10b-5(a) and (c) rather than (b). Korea has introduced the ‘catch-all securities antifraud provision’. This provision is very similar to the US Rule 10b-5. In order to interpret the provision appropriately, this article examines the US system and court’s interpretation and recommends the proper scope of secondary actor liability. Chapter II gives an overview of the second actor liabilities under the Securities Act of 1933 and the Securities Exchange Act of 1933. The Securities Act provides liability for misstatements or omissions in the registration statement and liability for material misstatements or omissions by sellers of securities. The Securities Exchange Act provides a private remedy for investors injured by the prohibited manipulative conduct and liability for misleading statements. Chapter III examines the federal court cases for the scope of second actors who is liable under Section 10(b) and Rule 10b-5. Before Central Bank, the federal circuits allowed the investors pursue the aiders and abettors of securities fraud. The Central Bank decision repudiated the entire aiding and abetting cause of action. Chapter IV analyzes the Stoneridge Investment Partners v. Scientific Atlanta case. The Stoneridge rejects the ‘scheme liability’ theory. The majority argues that existing remedies adequately police culpable conduct and to expand the scope of liability in private litigation would harm shareholders. It also suggests that US need to preserve competitiveness of securities markets. Chapter V gives a brief overview of the securities fraud liability and suggests some recommendation about the proper scope of secondary actor liability from the US second actor liability and its implication. In January 2008, the US Supreme Court ruled that a firm could not be held liable for a securities fraud merely because it was a business partner of a company that committed the fraud. The majority of the Supreme Court is concerned about the competitiveness of America’s capital markets. Various actors participate in various ways in the securities fraud. The main vehicle for actions against those actors is section 10(b) of the Securities Exchange Act of 1934 and the corresponding SEC Rule 10b-5 in US. The US Supreme Court held in 1994 Central Bank that there is no private right of action against parties aiding and abetting securities law violations under section 10(b). Afterwards, the investors who suffer from securities fraud have tried to establish ‘scheme liability’ in order to avoid this aiding and abetting limitation. The 2008 Stoneridge case rejects the ‘scheme liability’ theory which is based on Rule 10b-5(a) and (c) rather than (b). Korea has introduced the ‘catch-all securities antifraud provision’. This provision is very similar to the US Rule 10b-5. In order to interpret the provision appropriately, this article examines the US system and court’s interpretation and recommends the proper scope of secondary actor liability. Chapter II gives an overview of the second actor liabilities under the Securities Act of 1933 and the Securities Exchange Act of 1933. The Securities Act provides liability for misstatements or omissions in the registration statement and liability for material misstatements or omissions by sellers of securities. The Securities Exchange Act provides a private remedy for investors injured by the prohibited manipulative conduct and liability for misleading statements. Chapter III examines the federal court cases for the scope of second actors who is liable under Section 10(b) and Rule 10b-5. Before Central Bank, the federal circuits allowed the investors pursue the aiders and abettors of securities fraud. The Central Bank decision repudiated the entire aiding and abetting cause of action. Chapter IV analyzes the Stoneridge Investment Partners v. Scientific Atlanta case. The Stoneridge rejects the ‘scheme liability’ theory. The majority argues that existing remedies adequately police culpable conduct and to expand the scope of liability in private litigation would harm shareholders. It also suggests that US need to preserve competitiveness of securities markets. Chapter V gives a brief overview of the securities fraud liability and suggests some recommendation about the proper scope of secondary actor liability from the US second actor liability and its implication.

Robust Remote User Authentication Scheme using Smart Cards

Hyun Sung Kim,Sung Woon Lee 보안공학연구지원센터(JSE) 2010 보안공학연구논문지 Vol.7 No.5

Two user authentication schemes were recently proposed using smart cards. They do not need to maintain a verification table in registration server, which is one of the good and necessary aspect in the password based schemes. In this paper, we show that they are not secure against some attacks. Then we propose a robust remote user authentication scheme to withstand the flaws in them but preserve the same merits of them. Our scheme could be efficiently used in wireless communication applications.

퍼지추출 기술을 활용한 스마트 카드 기반 패스워드 인증 스킴

최윤성 (사)디지털산업정보학회 2018 디지털산업정보학회논문지 Vol.14 No.4

Lamport firstly suggested password base authentication scheme and then, similar authentication schemes have been studied. Due to the development of Internet network technology, remote user authentication using smart card has been studied. Li et al. analyzed authentication scheme of Chen et al. and then, Li et al. found out the security weakness of Chen et al.’s scheme such forward secrecy and the wrong password login problem, and proposed an a new smart card based user password authentication scheme. But Liu et al. found out that Li et al.’s scheme still had security problems such an insider attack and man-in-the-middle attack and then Liu et al. proposed an efficient and secure smart card based password authentication scheme. This paper analyzed Liu et al.’s authentication and found out that Liu et al.’s authentication has security weakness such as no perfect forward secrecy, off-line password guessing attack, smart-card loss attack, and no anonymity. And then, this paper proposed security enhanced efficient smart card based password authentication scheme using fuzzy extraction technology.

Universal Composability Notion for Functional Encryption Schemes

Rifki Sadikin,YoungHo Park,KilHoum Park,SangJae Moon 한국산업정보학회 2013 한국산업정보학회논문지 Vol.18 No.3

We have developed an ideal functionality for security requirement of functional encryption schemes. The functionality is needed when we want to show the security of a functional encryption scheme in universal composable (UC) framework. A functionality Ffewas developed to represent ideal respond of a functional encryption scheme against any polynomial time active attacker. We show that UC security notion of functional encryption scheme Ffe is as strong as fully secure functional encryption in an indistinguishable game with chosen cipher text attack. The proof used a method that showing for any environment algorithm, it can not distinguish ideal world where the attacker play with ideal functionality Ffe and real world where the attacker play a fully secure functional encryption scheme.

WTO체제와 조화를 이루는 배출권거래제도의 설계

김홍균(Hong Kyun Kim) 서울국제법연구원 2012 서울국제법연구 Vol.19 No.1

배출권거래제도(Emission Trading Scheme)를 도입하고 있는 국가의 대부분이 유럽연합(EU)에 불과하고 우리나라의 주된 경쟁 상대인 미국, 일본 등이 도입하고 있지 않은 상황에서 우리나라가 섣불리 배출권거래제도의 도입을 추진하는 것은 국가 경쟁력 차원에서 바람직하지 않을 수 있다. 그러나 국제사회로부터 우리나라가 온실가스(greenhouse gas) 감축의무 대상국에 포함되어야 한다는 압력이 가중되고 있고, 국제무대에서 우리나라가 어느 정도 기후변화 대응에 선도적인 노력을 기울일 필요가 있다는 점에서 기후변화 문제에 마냥 두손놓고 있을 수도 없다. 이러한 점을 모두 고려할 때 경쟁력 약화를 이유로 그리고 산업계의 입장에 휘둘려 배출권거래제도에 소극적이기 보다는 경쟁력을 유지하는 방향에서 전향적으로 배출권거래제도의 도입을 검토할 필요가 있다. 배출권거래제도와 같은 기후변화 대응정책의 선택이 불가피한 상황에서 배출권거래제도를 도입·시행하기 위해서는 그 제도가 효율적으로 운영될 수 있도록 정치한 설계가 필요하다. 2012년 5월 2일 국회를 통과한 「온실가스 배출권의 할당 및 거래에 관한 법률」에는 우리나라 산업의 경쟁력 저하를 해결하기 위한 조치를 발견하기 힘들고 국제통상법적 분쟁을 막기 위한 장치는 미흡한 것으로 파악되고 있다. 이에 미국 리버만 워너 법안(Lieberman-Warner Climate Security Act of 2008)에서 도입하고 있는 수입제품에 대하여 그 제품의 생산과정에서 배출된 온실가스의 양에 해당하는 배출권을 구입해서 제출하도록 하는 조치(배출권 구입 요건)는 충분히 검토할 만한 것이라고 할 수 있다. 그러나 이러한 요건은 일방적인 무역규제적인 요소를 갖추고 있기 때문에 도입 시 혹시 발생할지 모르는 통상분쟁을 막기 위한 장치를 마련하는 것이 필요하다. 배출권 구입 요건이 탄소유출(carbon leakage)의 방지, 온실가스의 감축, 기후변화의 방지를 주된 목적으로 할 경우 GATT 예외 규정에 의해 정당화될 수 있다고 판단된다. 그러나 국내 산업의 경쟁력 저하 문제를 해결하는 데에 초점이 맞추어져 있다면 이는 보호주의에 다름 아니며, 정당성이 떨어지는 일방적 조치에 불과하다. WTO체제에 부합하게 배출권 거래제도를 정치하게 설계하더라도 그 적용이 자의적(arbitrary)이고 부당한 차별(unjustifiable discrimination)을 구성할 경우에는 통상분쟁이 발생할 수 있다. 이러한 점을 고려할 때 우선 해당 조치를 시행하기 전에 외국과 먼저 충분하고 진지한 협상을 시도할 필요가 있다. 의사결정에 영향을 받는 국가의 참여, 심리 및 반론기회의 제공, 심사 및 이의절차의 제공, 승인·거부 등에 대한 서면통보, 적절한 공개 등을 보장함으로써 절차의 투명성, 공정성, 합법성, 예측가능성을 향상하는 것이 중요하다. It may not be a wise idea in terms of national competitiveness to introduce the Emission Trading Scheme into Korea when its main rival states, such as the US and Japan has not yet induced the Scheme into their countries. The only countries that have imported the Scheme are those from the European Union (EU). However, the increase of international pressure pushing Korea to mandatorily decrease the amount of greenhouse gas makes it harder for Korea to solely ignore the problem on climate change. Regarding all this, rather than condemning the Scheme and being tossed around by the industries` views, it is necessary to seek a way to introduce the Emission Trading Scheme while at the same time maintaining Korea`s national competitiveness. In order to introduce the Scheme and fully practice it as well in such a situation, there must be a delicate plan that will enable efficient operation of the Scheme. It is hard to find any measures that can solve the problem of declining competence of Korea`s industry in the current law related to the Emission Trading Scheme. The law also lacks any device that can block dispute regarding the international trade law. It would be helpful to look into the ``conditioning access to domestic markets on the purchase of GHG emission allowances`` adopted by the Lieberman-Warner Climate Security Act of 2008. However, since such buy-in requirement has an element of unilateral trade restriction, it is necessary to prepare for trade disputes through additional devices. If the buy-in requirement aims to prevent carbon leakage, reduce greenhouse gas and prevent climate change, it can be justified through the GATT Article XX`s exceptions. However, if it mainly aims to solve the problem of national competence, it can be regarded no more than a protectionism, thus it loses justification. Even if the WTO regime plans the Emission Trading Scheme quite delicately, if it forms arbitrary and unjustifiable discrimination, then it also may cause trade disputes. Regarding this, it is necessary to give serious and good faith attempts at negotiation with foreign countries before enforcing the measure. It is important for countries concerned to participate, provide opportunity to be heard and to respond, provide procedures for review or appeal, give opportunity to notify approval or denial, maintain transparency, equity, constitutionality, and predictability through appropriate level of publicity.