Your search keyword '"Won, Dongho"' showing total 47 results

1. Lightweight Hash-Based Authentication Protocol for Smart Grids.

Author

Kook, Sangjin, Kim, Keunok, Ryu, Jihyeon, Lee, Youngsook, and Won, Dongho

Subjects

NEAR field communication, SMART meters, ELECTRIC power distribution grids, CONSUMERS, MANUFACTURING processes

Abstract

Smart grids integrate information and communications technology into the processes of electricity production, transportation, and consumption, thereby enabling interactions between power suppliers and consumers to increase the efficiency of the power grid. To achieve this, smart meters (SMs) are installed in households or buildings to measure electricity usage and allow power suppliers or consumers to monitor and manage it in real time. However, SMs require a secure service to address malicious attacks during memory protection and communication processes and a lightweight communication protocol suitable for devices with computational and communication constraints. This paper proposes an authentication protocol based on a one-way hash function to address these issues. This protocol includes message authentication functions to address message tampering and uses a changing encryption key for secure communication during each transmission. The security and performance analysis of this protocol shows that it can address existing attacks and provides 105,281.67% better computational efficiency than previous methods. [ABSTRACT FROM AUTHOR]

Published

2024

2. A mechanical approach to derive identity-based protocols from Diffie–Hellman-based protocols

Author

Choo, Kim-Kwang Raymond, Nam, Junghyun, and Won, Dongho

Published

2014

3. Distributed and Federated Authentication Schemes Based on Updatable Smart Contracts.

Author

Kim, Keunok, Ryu, Jihyeon, Lee, Hakjun, Lee, Youngsook, and Won, Dongho

Subjects

CONTRACTS, IMPERSONATION, ANONYMITY, BLOCKCHAINS

Abstract

Federated authentication, such as Google ID, enables users to conveniently access multiple websites using a single login credential. Despite this convenience, securing federated authentication services requires addressing a single point of failure, which can result from using a centralized authentication server. In addition, because the same login credentials are used, anonymity and protection against user impersonation attacks must be ensured. Recently, researchers introduced distributed authentication schemes based on blockchains and smart contracts (SCs) for systems that require high availability and reliability. Data on a blockchain are immutable, and deployed SCs cannot be changed or tampered with. Nonetheless, updates may be necessary to fix programming bugs or modify business logic. Recently, methods for updating SCs to address these issues have been investigated. Therefore, this study proposes a distributed and federated authentication scheme that uses SCs to overcome a single point of failure. Additionally, an updatable SC is designed to fix programming bugs, add to the function of an SC, or modify business logic. ProVerif, which is a widely known cryptographic protocol verification tool, confirms that the proposed scheme can provide protection against various security threats, such as single point of failure, user impersonation attacks, and user anonymity, which is vital in federated authentication services. In addition, the proposed scheme exhibits a performance improvement of 71% compared with other related schemes. [ABSTRACT FROM AUTHOR]

Published

2023

4. An Improved Lightweight User Authentication Scheme for the Internet of Medical Things.

Author

Kim, Keunok, Ryu, Jihyeon, Lee, Youngsook, and Won, Dongho

Subjects

COMPUTER passwords, INTERNET of things, BODY temperature, MEDICAL records, MEDICAL personnel, SENSOR networks, BLOOD sugar

Abstract

The Internet of Medical Things (IoMT) is used in the medical ecosystem through medical IoT sensors, such as blood glucose, heart rate, temperature, and pulse sensors. To maintain a secure sensor network and a stable IoMT environment, it is important to protect the medical IoT sensors themselves and the patient medical data they collect from various security threats. Medical IoT sensors attached to the patient's body must be protected from security threats, such as being controlled by unauthorized persons or transmitting erroneous medical data. In IoMT authentication, it is necessary to be sensitive to the following attack techniques. (1) The offline password guessing attack easily predicts a healthcare administrator's password offline and allows for easy access to the healthcare worker's account. (2) Privileged-insider attacks executed through impersonation are an easy way for an attacker to gain access to a healthcare administrator's environment. Recently, previous research proposed a lightweight and anonymity preserving user authentication scheme for IoT-based healthcare. However, this scheme was vulnerable to offline password guessing, impersonation, and privileged insider attacks. These attacks expose not only the patients' medical data such as blood pressure, pulse, and body temperature but also the patients' registration number, phone number, and guardian. To overcome these weaknesses, in the present study we propose an improved lightweight user authentication scheme for the Internet of Medical Things (IoMT). In our scheme, the hash function and XOR operation are used for operation in low-spec healthcare IoT sensor. The automatic cryptographic protocol tool ProVerif confirmed the security of the proposed scheme. Finally, we show that the proposed scheme is more secure than other protocols and that it has 266.48% better performance than schemes that have been previously described in other studies. [ABSTRACT FROM AUTHOR]

Published

2023

5. A security weakness in Abdalla et al.’s generic construction of a group key exchange protocol

Author

Nam, Junghyun, Paik, Juryon, and Won, Dongho

Published

2011

6. Towards trustworthy e-voting using paper receipts

Author

Lee, Yunho, Park, Sangjoon, Mambo, Masahiro, Kim, Seungjoo, and Won, Dongho

Published

2010

7. Threat modeling of a mobile device management system for secure smart work

Author

Rhee, Keunwoo, Won, Dongho, Jang, Sang-Woon, Chae, Sooyoung, and Park, Sangwoo

Published

2013

8. Efficient secure group communications for SCADA

Author

Choi, Donghyun, Lee, Sungjin, Won, Dongho, and Kim, Seungjoo

Subjects

Systems and data security software -- Usage, Systems/data security software, Company business management, Business, Computers, Electronics, Electronics and electrical industries

Published

2010

9. Enhancement of two-factor authenticated key exchange protocols in public wireless LANs

Author

Lee, Yunho, Kim, Seungjoo, and Won, Dongho

Subjects

Wireless local area networks (Computer networks), Wireless LAN/WAN system, Wireless network, Computers, Electronics, Engineering and manufacturing industries

Abstract

To link to full-text access for this article, visit this link: http://dx.doi.org/10.1016/j.compeleceng.2009.08.007 Byline: Yunho Lee, Seungjoo Kim, Dongho Won Keywords: Authenticated key exchange; Password; Secure token; Identity protection Abstract: In 2008, Juang and Wu proposed two authenticated key exchange protocols by improving Park and Park's two-factor authenticated key exchange protocol in public wireless LANs. They pointed out that Park's protocol was vulnerable to the dictionary attack on the identity protection. The improved protocols requires fewer exchanged messages and provided more secure protection for the client's identity. In this paper, we propose two protocols require less exchanged messages than Juang's protocols. In addition to this advantage, we point out that the identity protection of Juang's protocol is computationally inefficient for the server and efficient identity protection is proposed in the second proposed protocol. Author Affiliation: The School of Information and Communication, Sungkyunkwan University, 300 Cheoncheon-dong, Suwon-si, Gyeonggi-do 440-746, Republic of Korea Article History: Received 17 April 2009; Revised 9 July 2009; Accepted 29 August 2009

Published

2010

10. Advanced key-management architecture for secure SCADA communications

Author

Choi, Donghyun, Kim, Hakman, Won, Dongho, and Kim, Seungjoo

Subjects

Electric power systems -- Design and construction, Electric power systems -- Control, Electric power systems -- Protection and preservation, Electric power systems -- Methods, Business, Computers, Electronics, Electronics and electrical industries

Abstract

Supervisory control and data-acquisition (SCADA) systems are control systems for many national infrastructures. In the past, SCADA systems were designed without security functionality because of the closed operating environment. However, the security of SCADA systems has become an issue with connection to open networks becoming more common. Any damage to the SCADA system can have a widespread negative effect to society. In this paper, we review constraints and security requirements for SCADA systems and then investigate whether the existing key-management protocols for the SCADA systems satisfy these requirements. Afterward, we propose an advanced key-management architecture fitted for secure SCADA communications. The contributions of our work are two-fold. First, our scheme supports both message broadcasting and secure communication. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal. Index Terms--Key management, power system security, supervisory control and data-acquisition (SCADA) systems.

Published

2009

11. MES-FPMIPv6: MIH-Enabled and enhanced secure Fast Proxy Mobile IPv6 handover protocol for 5G networks*^.

Author

Degefa, Fikadu, Ryu, Jihyeon, Kim, Hyoungshick, and Won, Dongho

Subjects

INTERNET protocol version 6, INTERNET protocols, INTERNET protocol address, MOBILITY management (Mobile radio), 5G networks, INTERNET security, SOCIAL networks

Abstract

Fast Proxy Mobile IPv6 (FPMIPv6) is an extension of the PMIPv6 mobility management deployed as part of the next-generation internet protocol. It allows location-independent routing of IP datagrams, based on local mobility to IPv6 hosts without involvement of stations in the IP address signaling. A mobile node keeps its IP address constant as it moves from link to link, which avoids signaling overhead and latency associated with changing IP address. Even though local mobility requirements hold, it entails security threats such as Mobile Node, Mobile Access Gateway, as well as Local Mobility Anchor impersonation that go beyond those already exist in IPv6. As mobile station keeps moving across different serving networks, its IP remains constant during handover, and location privacy may not also be preserved. Moreover, homogeneous network dependence of PMIPv6 is one of the gaps, which FPMIPv6 could not mitigate. FPMIPv6 does not support heterogeneous network handover, for which numerous researchers have proposed Media Independent Handover (MIH) enabled FPMIPv6 schemes to allow fast handover among heterogeneous networks, but in the absence of security solutions. As a comprehensive solution, we propose a new handover authentication scheme and a key agreement protocol for the 'MIH-enabled Network Only FPMIPv6' model. As one of the basic requirements, mobility management should minimize signaling overhead, handover delay and power consumption of the mobile node. The proposed scheme improves wireless link overhead (mobile node overhead) by 6-86% as cell radius, wireless failure probability and number of hop vary. The security of the proposed scheme has also been analyzed under BAN logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool and its performance has numerically been evaluated through a pre-determined performance matrix and found to be effective and preferably applicable compared with other schemes. [ABSTRACT FROM AUTHOR]

Published

2022

12. Resource-aware protocols for authenticated group key exchange in integrated wired and wireless networks

Author

Nam, Junghyun, Paik, Juryon, Kim, Ung Mo, and Won, Dongho

Published

2007

13. Security weakness in a three-party pairing-based protocol for password authenticated key exchange

Author

Nam, Junghyun, Lee, Youngsook, Kim, Seungjoo, and Won, Dongho

Published

2007

14. DDH-based group key agreement in a mobile environment

Author

Nam, Junghyun, Lee, Jinwoo, Kim, Seungjoo, and Won, Dongho

Subjects

Concrete

Abstract

To link to full-text access for this article, visit this link: http://dx.doi.org/10.1016/j.jss.2004.10.024 Byline: Junghyun Nam, Jinwoo Lee, Seungjoo Kim, Dongho Won Abstract: A group key agreement protocol is designed to efficiently implement secure multicast channels for a group of parties communicating over an untrusted, open network by allowing them to agree on a common secret key. In the past decade many problems related to group key agreement have been tackled and solved (diminished if not solved), and recently some constant-round protocols have been proven secure in concrete, realistic setting. However, all forward-secure protocols so far are still too expensive for small mobile devices. In this paper we propose a new constant-round protocol well suited for a mobile environment and prove its security under the decisional Diffie-Hellman assumption. The protocol meets simplicity, efficiency, and all the desired security properties. Author Affiliation: School of Information and Communication Engineering, Sungkyunkwan University, 300 Chunchun-dong, Jangan-gu, Suwon, Gyeonggi-do 440-746, Republic of Korea Article Note: (footnote) [star] This work was supported by Electronics and Telecommunications Research Institute (ETRI) for the third author under Contract 0201-2004-0027, and by the University IT Research Center Project for the remaining authors.

Published

2005

15. Secure Three-Factor Anonymous User Authentication Scheme for Cloud Computing Environment.

Author

Lee, Hakjun, Kang, Dongwoo, Lee, Youngsook, and Won, Dongho

Subjects

CLOUD computing, ELLIPTIC curves, INTERNET of things, INFORMATION technology

Abstract

Cloud computing provides virtualized information technology (IT) resources to ensure the workflow desired by user at any time and location; it allows users to borrow computing resources such as software, storage, and servers, as per their needs without the requirements of complicated network and server configurations. With the generalization of small embedded sensor devices and the commercialization of the Internet of Things (IoT), short- and long-range wireless network technologies are being developed rapidly, and the demand for deployment of cloud computing for IoT is increasing significantly. Cloud computing, together with IoT technology, can be used to collect and analyse large amounts of data generated from sensor devices, and easily manage heterogeneous IoT devices such as software updates, network flow control, and user management. In cloud computing, attacks on users and servers can be a serious threat to user privacy. Thus, various user authentication schemes have been proposed to prevent different types of attacks. In this paper, we discuss the security and functional weakness of the related user authentication schemes used in cloud computing and propose a new elliptic curve cryptography- (ECC-) based three-factor authentication scheme to overcome the security shortcomings of existing authentication schemes. To confirm the security of the proposed scheme, we conducted both formal and informal analyses. Finally, we compared the performance of the proposed scheme with those of related schemes to verify that the proposed scheme can be deployed in the real world. [ABSTRACT FROM AUTHOR]

Published

2021

16. Lightweight user authentication scheme for roaming service in GLOMONET with privacy preserving.

Author

Kang, Dongwoo, Lee, Hakjun, Lee, Youngsook, and Won, Dongho

Subjects

PRIVACY, HOME computer networks, INFORMATION technology

Abstract

With the development of information technology and the Internet, users can conveniently use roaming services without time and space restrictions. This roaming service is initiated by establishing a session key between a home node, which exists in a home network, and a mobile node, which exists in a foreign network. However, in the process of verifying a legitimate user and establishing a session key, various security threats and privacy exposure issues can arise. This study demonstrates that the authentication scheme for the roaming service proposed in the existing Global Mobility Network (GLOMONET) environment has several vulnerabilities and, hence, is impractical. In addition, the scheme does not satisfy the privacy of the session key or user's identity or password. Accordingly, we propose a new lightweight authentication scheme to compensate for these vulnerabilities and secure a high level of privacy, such as non-traceability. In addition, formal and informal analyses are conducted to examine the safety of the proposed scheme. Based on the results of our analyses, we prove that the proposed scheme is highly secure and applicable to the actual GLOMONET environment. [ABSTRACT FROM AUTHOR]

Published

2021

17. Efficient and Secure Biometric-Based User Authenticated Key Agreement Scheme with Anonymity.

Author

Kang, Dongwoo, Jung, Jaewook, Kim, Hyoungshick, Lee, Youngsook, and Won, Dongho

Subjects

BIOMETRIC identification, COMPUTER access control, INFORMATION & communication technologies, CRYPTOGRAPHY, COMPUTER passwords

Abstract

At present, a number of users employ an authentication protocol so as to enjoy protected electronic transactions in wireless networks. In order to establish an efficient and robust the transaction system, numerous researches have been conducted relating to authentication protocols. Recently, Kaul and Awasthi presented an user authentication and key agreement scheme, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent two kinds of attacks, including off-line password guessing attacks and user impersonation attacks. Second, user anonymity rule cannot be upheld. Third, session key can be compromised by an attacker. Fourth, there is high possibility that the time synchronization trouble occurs. Therefore, we suggest an upgraded version of the user authenticated key agreement method that provides enhanced security. Our security and performance analysis shows that compared, to other associated protocols, our method not only improves the security level but also ensures efficiency. [ABSTRACT FROM AUTHOR]

Published

2018

18. An improved anonymous authentication scheme for roaming in ubiquitous networks.

Author

Lee, Hakjun, Lee, Donghoon, Moon, Jongho, Jung, Jaewook, Kang, Dongwoo, Kim, Hyoungshick, and Won, Dongho

Subjects

SIGNALING (Psychology), INFORMATION services, COMMUNICATION of technical information, DIGITAL sociology, UBIQUITOUS computing

Abstract

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people’s lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.’s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al’s scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments. [ABSTRACT FROM AUTHOR]

Published

2018

19. Security analysis and enhanced user authentication in proxy mobile IPv6 networks.

Author

Kang, Dongwoo, Jung, Jaewook, Lee, Donghoon, Kim, Hyoungshick, and Won, Dongho

Subjects

INTERNET protocol version 6, CRYPTOGRAPHY, COMPUTER passwords, ANONYMITY, INFORMATION science

Abstract

The Proxy Mobile IPv6 (PMIPv6) is a network-based mobility management protocol that allows a Mobile Node(MN) connected to the PMIPv6 domain to move from one network to another without changing the assigned IPv6 address. The user authentication procedure in this protocol is not standardized, but many smartcard based authentication schemes have been proposed. Recently, Alizadeh et al. proposed an authentication scheme for the PMIPv6. However, it could allow an attacker to derive an encryption key that must be securely shared between MN and the Mobile Access Gate(MAG). As a result, outsider adversary can derive MN’s identity, password and session key. In this paper, we analyze Alizadeh et al.’s scheme regarding security and propose an enhanced authentication scheme that uses a dynamic identity to satisfy anonymity. Furthermore, we use BAN logic to show that our scheme can successfully generate and communicate with the inter-entity session key. [ABSTRACT FROM AUTHOR]

Published

2017

20. Security enhanced multi-factor biometric authentication scheme using bio-hash function.

Author

Choi, Younsung, Lee, Youngsook, Moon, Jongho, and Won, Dongho

Subjects

BIOMETRIC identification, WIRELESS communications, DATA protection, DATA security, TELECOMMUNICATION

Abstract

With the rapid development of personal information and wireless communication technology, user authentication schemes have been crucial to ensure that wireless communications are secure. As such, various authentication schemes with multi-factor authentication have been proposed to improve the security of electronic communications. Multi-factor authentication involves the use of passwords, smart cards, and various biometrics to provide users with the utmost privacy and data protection. Cao and Ge analyzed various authentication schemes and found that Younghwa An’s scheme was susceptible to a replay attack where an adversary masquerades as a legal server and a user masquerading attack where user anonymity is not provided, allowing an adversary to execute a password change process by intercepting the user’s ID during login. Cao and Ge improved upon Younghwa An’s scheme, but various security problems remained. This study demonstrates that Cao and Ge’s scheme is susceptible to a biometric recognition error, slow wrong password detection, off-line password attack, user impersonation attack, ID guessing attack, a DoS attack, and that their scheme cannot provide session key agreement. Then, to address all weaknesses identified in Cao and Ge’s scheme, this study proposes a security enhanced multi-factor biometric authentication scheme and provides a security analysis and formal analysis using Burrows-Abadi-Needham logic. Finally, the efficiency analysis reveals that the proposed scheme can protect against several possible types of attacks with only a slightly high computational cost. [ABSTRACT FROM AUTHOR]

Published

2017

21. An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

Author

Jung, Jaewook, Kang, Dongwoo, Lee, Donghoon, and Won, Dongho

Subjects

INFORMATION storage & retrieval systems, BIOMETRIC identification, MEDICAL records, MEDICAL care, MEDICAL communication

Abstract

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. [ABSTRACT FROM AUTHOR]

Published

2017

22. Efficient and robust user authentication scheme that achieve user anonymity with a Markov chain.

Author

Kang, Dongwoo, Jung, Jaewook, Mun, Jongho, Lee, Donghoon, Choi, Younsung, and Won, Dongho

Subjects

CELL phones, COMPUTER networks, SMART cards, COMPUTER access control, EAVESDROPPING, MARKOV processes, DATA security

Abstract

Because of the evolution of mobile devices and networks, users can now access a network at any moment, in whatever place with a smart card. User authentication using smart card is a technique in which server checks the legality of a user between insecure channel, which avoid the peril of eavesdropping. Today, the user authentication schemes are proposed several ways. As schemes are proposed and analyzed for several years, way to authentication is also diversifying such as chaotic map and elliptic curve discrete logarithm problem. Recently, new authentication scheme is proposed which uses Markov Chain. The proposed scheme is explained that can resist several hazard of security such as reflection attack, forgery attack, parallel-session attack. However, we refer that existing scheme is still insecure to protect some several security attack such as user impersonation attack, off-line password guessing attack, and so on, so the existing scheme is unsuitable for real implementation. To fix these security flaws, we recommend an efficient and robust authentication scheme, which protects all the identified flaws of existent scheme. Furthermore, our propose scheme is more efficient and covers the identified vulnerability of existing scheme; therefore, our proposed scheme is more suitable to apply real-life application. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

23. Security Analysis and Improvements of Session Key Establishment for Clustered Sensor Networks.

Author

Kim, Jiye, Moon, Jongho, Jung, Jaewook, and Won, Dongho

Subjects

WIRELESS sensor networks, CLUSTER analysis (Statistics), DATA encryption, INTERNET of things, COMPUTER network security

Abstract

WSN (wireless sensor network) is one of the main technologies in IoT (Internet of Things) applications or services. To date, several schemes have been proposed to establish a pair-wise key between two nodes in WSN, and most of them are designed to establish long-term keys used throughout the network lifetime. However, in the near future, if WSN will be used for information infrastructures in various fields such as manufacturing, distribution, or public facilities management and its life cycle can be as long as that of other common networks, it will definitely be advantageous in terms of security to encrypt messages using session keys instead of long-term keys. In this paper, we propose a session key establishment scheme for clustered sensor networks that is based on elliptic curve Diffie-Hellman (ECDH) key exchange and hash chain. The proposed scheme eliminates vulnerabilities of existing schemes for WSN and has improved security. The proposed scheme is efficient in terms of energy costs compared to related schemes. [ABSTRACT FROM AUTHOR]

Published

2016

24. Security Improvement on Biometric Based Authentication Scheme for Wireless Sensor Networks Using Fuzzy Extraction.

Author

Choi, Younsung, Lee, Youngsook, and Won, Dongho

Subjects

WIRELESS sensor networks, BIOMETRIC identification, DATA security, CRYPTOGRAPHY, FUZZY systems

Abstract

Wireless sensor networks are used to monitor physical or environmental conditions. However, authenticating a user or sensor in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication networks, resource limitation, and unattended operation. As a result, various authentication schemes have been proposed to provide secure and efficient communication. He et al. suggested a robust biometrics-based user authentication scheme, but Yoon and Kim indicated that their scheme had several security vulnerabilities. The latter then proposed an advanced biometrics-based user authentication scheme; in this paper, we analyze this advanced scheme and perform a cryptanalysis. Our analysis shows that Yoon and Kim’s scheme has various security weaknesses such as a biometric recognition error, a user verification problem, lack of anonymity and perfect forward secrecy, session key exposure by the gateway node, vulnerability to denial of service attacks, and a revocation problem. Therefore, we suggest countermeasures that can be implemented to solve these problems and then propose a security-enhanced biometrics-based user authentication scheme using fuzzy extraction that conforms to the proposed countermeasures. Finally, we conduct a security analysis for the proposed biometrics-based user authentication scheme. [ABSTRACT FROM AUTHOR]

Published

2016

25. An Improvement of Robust Biometrics-Based Authentication and Key Agreement Scheme for Multi-Server Environments Using Smart Cards.

Author

Moon, Jongho, Choi, Younsung, Jung, Jaewook, and Won, Dongho

Subjects

BIOMETRY, SMART cards, COMPUTER access control, DATA analysis, COMPUTER research

Abstract

In multi-server environments, user authentication is a very important issue because it provides the authorization that enables users to access their data and services; furthermore, remote user authentication schemes for multi-server environments have solved the problem that has arisen from user’s management of different identities and passwords. For this reason, numerous user authentication schemes that are designed for multi-server environments have been proposed over recent years. In 2015, Lu et al. improved upon Mishra et al.’s scheme, claiming that their remote user authentication scheme is more secure and practical; however, we found that Lu et al.’s scheme is still insecure and incorrect. In this paper, we demonstrate that Lu et al.’s scheme is vulnerable to outsider attack and user impersonation attack, and we propose a new biometrics-based scheme for authentication and key agreement that can be used in multi-server environments; then, we show that our proposed scheme is more secure and supports the required security properties. [ABSTRACT FROM AUTHOR]

Published

2015

26. Anonymous Authentication Scheme for Intercommunication in the Internet of Things Environments.

Author

Chung, Youngseok, Choi, Seokjin, and Won, Dongho

Subjects

COMPUTER access control, INTERCOMMUNICATION systems, INTERNET of things, INTERNET security, INTERNET users, TELECOMMUNICATION channels

Abstract

Authentication and privacy protection are important security mechanisms for keeping things safe in the Internet of Things environments. In particular, an anonymous authentication scheme is a privacy preserving authentication technique which provides both authentication and privacy preservation. An authentication scheme with anonymity in mobility networks was proposed recently. However, it was proven that it failed to provide anonymity against passive adversaries and malicious users and security against known session key attacks and side channel attacks. We propose an anonymous authentication scheme for intercommunication between the things in the Internet of Things environments. The proposed scheme provides not only anonymity and security, but also untraceability for the thing. Moreover, we only use low cost functions, such as hash functions and exclusive-OR operations in consideration of limited computing power of the thing. [ABSTRACT FROM AUTHOR]

Published

2015

27. Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation.

Author

Nam, Junghyun, Choo, Kim-Kwang Raymond, Han, Sangchul, Kim, Moonseong, Paik, Juryon, and Won, Dongho

Subjects

WIRELESS sensor networks, LIGHTWEIGHT materials, COMPUTER access control, SMART cards, COMPUTER passwords, COMPUTER users, DATA transmission systems

Abstract

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks). [ABSTRACT FROM AUTHOR]

Published

2015

28. A Secure and Lightweight Three-Factor-Based Authentication Scheme for Smart Healthcare Systems †.

Author

Ryu, Jihyeon, Kang, Dongwoo, Lee, Hakjun, Kim, Hyoungshick, and Won, Dongho

Subjects

INTERNET of things, TELEMEDICINE, MEDICAL care, PATIENT monitoring, NEAR field communication

Abstract

Internet of Things (IoT) technology has recently been integrated with various healthcare devices to monitor patients' health status and share it with their healthcare practitioners. Since healthcare data often contain personal and sensitive information, healthcare systems must provide a secure user authentication scheme. Recently, Adavoudi-Jolfaei et al. and Sharma and Kalra proposed a lightweight protocol using hash function encryption only for user authentication on wireless sensor systems. In this paper, we found some weaknesses in target schemes. We propose a novel three-factor lightweight user authentication scheme that addresses these weaknesses and verifies the security of the proposed scheme using a formal verification tool called ProVerif. In addition, our proposed scheme outperforms other proposed symmetric encryption-based schemes or elliptic curve-based schemes. [ABSTRACT FROM AUTHOR]

Published

2020

29. Revisit of Password-Authenticated Key Exchange Protocol for Healthcare Support Wireless Communication.

Author

Kim, Mijin, Moon, Jongho, Won, Dongho, and Park, Namje

Subjects

WIRELESS communications, COMPUTER passwords, SMART cities, COMPUTER password security, EXCHANGE, MEDICAL care, ACQUISITION of data, WIRELESS Internet

Abstract

Wireless communication is essential for the infrastructure of a healthcare system. This bidirectional communication is used for data collection and to control message delivery. Wireless communication is applied in industries as well as in our daily lives, e.g., smart cities; however, highly reliable communication may be more difficult in environments with low power consumption, many interferences, or IoT wireless network issues due to resource limitations. In order to solve these problems, we investigated the existing three-party password-authenticated key exchange (3PAKE) and developed an enhanced protocol. Currently, Lu et al. presented a 3PAKE protocol to improve the security flaws found in Farash and Attari's protocol. This work revisits the protocol proposed by Lu et al. and demonstrates that, in addition to other security weaknesses, the protocol does not provide user anonymity which is an important issue for healthcare environment, and is not secure against insider attacks that may cause impersonation attacks. We propose a secure biometric-based efficient password-authenticated key exchange (SBAKE) protocol in order to remove the incidences of these threats, and present an analysis regarding the security and efficiency of the SBAKE protocol for practical deployment. [ABSTRACT FROM AUTHOR]

Published

2020

30. Secure and Efficient Three-Factor Protocol for Wireless Sensor Networks.

Author

Ryu, Jihyeon, Lee, Hakjun, Kim, Hyoungshick, and Won, Dongho

Subjects

WIRELESS sensor networks, MEDICAL care, COMPUTER access control, COMPUTER security, DATA security

Abstract

Wireless sensor networks are widely used in many applications such as environmental monitoring, health care, smart grid and surveillance. Many security protocols have been proposed and intensively studied due to the inherent nature of wireless networks. In particular, Wu et al. proposed a promising authentication scheme which is sufficiently robust against various attacks. However, according to our analysis, Wu et al.'s scheme has two serious security weaknesses against malicious outsiders. First, their scheme can lead to user impersonation attacks. Second, user anonymity is not preserved in their scheme. In this paper, we present these vulnerabilities of Wu et al.'s scheme in detail. We also propose a new scheme to complement their weaknesses. We improve and speed up the vulnerability of the Wu et al. scheme. Security analysis is analyzed by Proverif and informal analysis is performed for various attacks. [ABSTRACT FROM AUTHOR]

Published

2018

31. Password-only authenticated three-party key exchange with provable security in the standard model.

Author

Nam, Junghyun, Choo, Kim-Kwang Raymond, Kim, Junghwan, Kang, Hyun-Kyu, Kim, Jinsoo, Paik, Juryon, and Won, Dongho

Abstract

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks. [ABSTRACT FROM AUTHOR]

Published

2014

32. Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

Author

Nam, Junghyun, Choo, Kim-Kwang Raymond, Paik, Juryon, and Won, Dongho

Abstract

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol. [ABSTRACT FROM AUTHOR]

Published

2014

33. Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation

Author

Dongho Won, Moonseong Kim, Juryon Paik, Sangchul Han, Junghyun Nam, Kim-Kwang Raymond Choo, Nam, Junghyun, Choo, Kim-Kwang Raymond, Han, Sangchul, Kim, Moonseong, Paik, Juryon, and Won, Dongho

Subjects

FOS: Computer and information sciences, Provable security, Computer Science - Cryptography and Security, Computer science, Health Smart Cards, lcsh:Medicine, Cryptography, Encryption, Computer Communication Networks, Humans, Elliptic curve cryptography, lcsh:Science, Computer Security, Password, Authentication, Multidisciplinary, business.industry, lcsh:R, Models, Theoretical, lcsh:Q, Smart card, business, Cryptography and Security (cs.CR), Wireless Technology, Wireless sensor network, Algorithms, Confidentiality, Research Article, Anonymity, Computer network

Abstract

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper,we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks). Refereed/Peer-reviewed

Published

2015

34. Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

Author

Kim-Kwang Raymond Choo, Dongho Won, Junghyun Nam, Juryon Paik, Sangchul Han, Nam, Junghyun, Choo, Kim-Kwang Raymond, Sangchul, Han, Paik, Juryon, and Won, Dongho

Subjects

TheoryofComputation_MISCELLANEOUS, Physics and Astronomy (miscellaneous), Computer science, General Mathematics, communication round, Oakley protocol, dictionary attack, Computer security, computer.software_genre, Key authentication, Computer Science (miscellaneous), Key-agreement protocol, Password, Cryptographic primitive, business.industry, lcsh:Mathematics, three-party key exchange, Cryptographic protocol, lcsh:QA1-939, implicit key authentication, Authenticated Key Exchange, password-only authenticated key exchange (PAKE), Chemistry (miscellaneous), Authentication protocol, symmetric encryption, business, computer, Computer network

Abstract

We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010) and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary. Refereed/Peer-reviewed

Published

2015

35. An offline dictionary attack against Abdalla and Pointcheval's key exchange in the password-only three-party setting

Author

Kim-Kwang Raymond Choo, Junghyun Nam, Dongho Won, Juryon Paik, Nam, Junghyun, Choo, Kim-Kwang Raymond, Paik, Juryon, and Won, Dongho

Subjects

Password, Dictionary attack, Computer science, business.industry, Applied Mathematics, Internet privacy, three-party key exchange, Three party, security, dictionary attack, Computer security, computer.software_genre, Computer Graphics and Computer-Aided Design, S/KEY, password-only authenticated key exchange (PAKE), Signal Processing, insider attack, Insider attack, Chosen-ciphertext attack, Electrical and Electronic Engineering, Challenge–response authentication, business, computer

Abstract

Although password-only authenticated key exchange (PAKE) in the three-party setting has been widely studied in recent years, it remains a challenging area of research. A key challenge in designing three-party PAKE protocols is to prevent insider dictionary attacks, as evidenced by the flaws discovered in many published protocols. In this letter, we revisit Abdalla and Pointcheval's three-party PAKE protocol from FC 2005 and demonstrate that this protocol, named 3PAKE, is vulnerable to a previously unpublished insider offline dictionary attack. Our attack is dependant on the composition of 3PAKE and the higher-level protocol that uses the established session key. Refereed/Peer-reviewed

Published

2015

36. Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks.

Author

Moon J, Lee D, Lee Y, and Won D

Abstract

User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.'s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme.

Published

2017

37. Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

Author

Jung J, Moon J, Lee D, and Won D

Abstract

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

Published

2017

38. An Enhanced Lightweight Anonymous Authentication Scheme for a Scalable Localization Roaming Service in Wireless Sensor Networks.

Author

Chung Y, Choi S, Lee Y, Park N, and Won D

Abstract

More security concerns and complicated requirements arise in wireless sensor networks than in wired networks, due to the vulnerability caused by their openness. To address this vulnerability, anonymous authentication is an essential security mechanism for preserving privacy and providing security. Over recent years, various anonymous authentication schemes have been proposed. Most of them reveal both strengths and weaknesses in terms of security and efficiency. Recently, Farash et al. proposed a lightweight anonymous authentication scheme in ubiquitous networks, which remedies the security faults of previous schemes. However, their scheme still suffers from certain weaknesses. In this paper, we prove that Farash et al.'s scheme fails to provide anonymity, authentication, or password replacement. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Considering the limited capability of sensor nodes, we utilize only low-cost functions, such as one-way hash functions and bit-wise exclusive-OR operations. The security and lightness of the proposed scheme mean that it can be applied to roaming service in localized domains of wireless sensor networks, to provide anonymous authentication of sensor nodes., Competing Interests: The authors declare no conflict of interest.

Published

2016

39. An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks.

Author

Jung J, Kim J, Choi Y, and Won D

Abstract

In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.'s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.'s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes.

Published

2016

40. A provably-secure ECC-based authentication scheme for wireless sensor networks.

Author

Nam J, Kim M, Paik J, Lee Y, and Won D

Abstract

A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes.

Published

2014

41. Association rule extraction from XML stream data for wireless sensor networks.

Author

Paik J, Nam J, Kim UM, and Won D

Subjects

Algorithms, Computer Communication Networks, Wireless Technology, Data Collection methods

Abstract

With the advances of wireless sensor networks, they yield massive volumes of disparate, dynamic and geographically-distributed and heterogeneous data. The data mining community has attempted to extract knowledge from the huge amount of data that they generate. However, previous mining work in WSNs has focused on supporting simple relational data structures, like one table per network, while there is a need for more complex data structures. This deficiency motivates XML, which is the current de facto format for the data exchange and modeling of a wide variety of data sources over the web, to be used in WSNs in order to encourage the interchangeability of heterogeneous types of sensors and systems. However, mining XML data for WSNs has two challenging issues: one is the endless data flow; and the other is the complex tree structure. In this paper, we present several new definitions and techniques related to association rule mining over XML data streams in WSNs. To the best of our knowledge, this work provides the first approach to mining XML stream data that generates frequent tree items without any redundancy.

Published

2014

42. Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography.

Author

Choi Y, Lee D, Kim J, Jung J, Nam J, and Won D

Abstract

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

Published

2014

43. Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

Author

Kim J, Lee D, Jeon W, Lee Y, and Won D

Abstract

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

Published

2014

44. Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

Author

Choi Y, Nam J, Lee D, Kim J, Jung J, and Won D

Subjects

Humans, Reproducibility of Results, Algorithms, Biometric Identification methods, Computer Security standards, Confidentiality standards, User-Computer Interface

Abstract

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

Published

2014

45. Password-only authenticated three-party key exchange with provable security in the standard model.

Author

Nam J, Choo KK, Kim J, Kang HK, Kim J, Paik J, and Won D

Subjects

Algorithms, Computer Security, Game Theory, Information Storage and Retrieval methods

Abstract

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Published

2014

46. On the security of a simple three-party key exchange protocol without server's public keys.

Author

Nam J, Choo KK, Park M, Paik J, and Won D

Subjects

Computer Communication Networks standards, Humans, Reproducibility of Results, User-Computer Interface, Access to Information, Algorithms, Computer Security standards, Confidentiality standards

Abstract

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

Published

2014

47. Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

Author

Nam J, Choo KK, Paik J, and Won D

Subjects

Humans, Internet, Wireless Technology, Algorithms, Computer Communication Networks, Computer Security

Abstract

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

Published

2014