Dong Hoon Lee

Efficient authentication for low-cost RFID systems

RFID (Radio Frequency Identification) technology is expected to play a critical role in identifying articles and serving the growing need to combat counterfeiting and fraud. However, the use of RFID tags may cause privacy violation of people holding an RFID tag. The main privacy concerns are information leakage of a tag, traceabiltiy of the person and impersonation of a tag. In this paper, we study authentication as a method to protect privacy, especially for low-cost RFID systems, which have much restrictions in limited computing power, low die-size, and low power requirements. Therefore, cost effective means of authentication is needed to deal with these problems effectively. We propose an authentication protocol, LCAP, which needs only two one-way hash function operations and hence is quite efficient. Leakage of information is prevented in the scheme since a tag emits its identifier only after authentication. By refreshing a identifier of a tag in each session, the scheme also provides a location privacy and can recover lost massages from many attacks such as spoofing attacks.

Off-line keyword guessing attacks on recent keyword search schemes over encrypted data

A keyword search scheme over encrypted documents allows for remote keyword search of documents by a user in possession of a trapdoor (secret key). A data supplier first uploads encrypted documents on a storage system, and then a user of the storage system searches documents containing keywords while insider (such as administrators of the storage system) and outsider attackers do not learn anything else about the documents. n nIn this paper, we firstly raise a serious vulnerability of recent keyword search schemes, which lies in the fact that keywords are chosen from much smaller space than passwords and users usually use well-known keywords for search of document. Hence this fact sufficiently gives rise to an off-line keyword guessing attack. Unfortunately, we observe that the recent public key-based keyword search schemes are susceptible to an off-line keyword guessing attack. We demonstrated that anyone (insider/outsider) can retrieve information of certain keyword from any captured query messages.

Efficient RFID authentication protocol for ubiquitous computing environment

Radio Frequency identificiation (RFID) will become an important technology in remotely object identification systems. However, the use of RFID tags may create new threats to the security and privacy of individuals holding RFID tags. These threats bring several problems which are information leakage of a tag, location trace of individuals and impersonation of a tag. Low-cost RFID systems have much restrictions such as the limited computing power, passive power mechanism and low storage space. Therefore, the cost of tag’s computation should be considered as an important factor in low-cost RFID systems. We propose an authentication protocol, OHLCAP which requires only one one-way hash function operation and hence is very efficient. Furthermore, our protocol is suitable to ubiquitous computing environment.

Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems

Radio frequency Identification (RFID) systems are used to identify remote objects equipped with RFID tags by wireless scanning without manual intervention. Recently, EPCglobal proposed the Electronic Product Code (EPC) that is a coding scheme considered to be a possible successor to bar-code with added functionalities. In RFID-based applications where RFID tags are used to identify and track tagged objects, an RFID tag emits its EPC in plaintext. This makes the tag inevitably vulnerable to cloning attacks as well as information leakage and password disclosure. In this paper, we propose a novel anti-cloning method in accordance with the EPCglobal Class-1 Generation-2 (C1G2) standard. Our method only uses functions that can be supported by the standard and abides by the communication flow of the standard. The method is also secure against threats such as information leakage and password disclosure.

EC2C-PAKA: An efficient client-to-client password-authenticated key agreement

Most password-authenticated key agreement schemes described in the literature have focused on authenticated key agreement using a shared password between a client and a server. With rapid changes in the modern communication environment such as ad hoc networks and ubiquitous computing, it is necessary to construct a secure end-to-end channel between clients. This paradigm is a quite different paradigm from the existing ones. In this paper, we study client-to-client password-authenticated key agreement (C2C-PAKA) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented a C2C-PAKA protocol under the cross-realm setting. However, the scheme was not formally treated, and subsequently found to be flawed. In addition, in this scheme, there is still opportunity for improvements both in the computation and communication aspects. We provide formal treatments for the C2C-PAKA protocol by using Bellare et al.s security model. We also suggest an efficientC2C-PAKA protocol and prove that the protocol is secure under the decisional Diffie-Hellman assumption in the ideal cipher and random oracle models.

Efficient conjunctive keyword search on encrypted data storage system

We study conjunctive keyword search scheme allowing for remote search of data containing each of several keywords on encrypted data storage system. A data supplier first uploads encrypted data on a storage system, and then a user of the storage system searches data containing keywords over encrypted data hence insider (such as an administrator of the storage system) and outsider attackers do not learn anything else about the data. Recently, Golle et al. first suggested conjunctive keyword search scheme, but the communication and storage costs linearly depend on the number of stored data in the database, hence it is not really suitable for a large scale database. n nIn this paper, we propose an efficient conjunctive keyword search scheme over encrypted data in aspects of communication and storage costs. Concretely, we reduce the storage cost of a user and the communication cost between a user and a data supplier to the constant amounts. We formally define security model for a conjunctive keyword search scheme and prove that the proposed scheme is secure under the decisional bilinear Diffie-Hellman (DBDH) assumption in the random oracle model.

N-Party encrypted diffie-hellman key exchange using different passwords

We consider the problem of password-authenticated group Diffie-Hellman key exchange among N parties, N–1 clients and a single-server, using different passwords. Most password-authenticated key exchange schemes in the literature have focused on an authenticated key exchange using a shared password between a client and a server. With a rapid change in modern communication environment such as ad-hoc networks and ubiquitous computing, it is necessary to construct a secure end-to-end channel between clients, which is a quite different paradigm from the existing ones. To achieve this end-to-end security, only a few schemes of three-party setting have been presented where two clients exchange a key using their own passwords with the help of a server. However, up until now, no formally treated and round efficient protocols which enable group members to generate a common session key with clients distinct passwords have been suggested. n nIn this paper we securely and efficiently extend three-party case to N-party case with a formal proof of security. Two provably secure N-party EKE protocols are suggested; N-party EKE-U in the unicast network and N-party EKE-M in the multicast network. The proposed N-party EKE-M is provable secure and provides forward secrecy. Especially, the scheme is of constant-round, hence scalable and practical.

ID-based authenticated key agreement for low-power mobile devices

In this paper we present an efficient ID-based authenticated key agreement (AKA) protocol by using bilinear maps, especially well suited to unbalanced computing environments : an ID-based AKA protocol for Server and Client. Particularly, considering low-power clients’ devices, we remove expensive operations such as bilinear maps from a client side. To achieve our goal we combine two notions, key agreement and ID-based authenticryption in which only designated verifier (or Sever) can verify the validity of a given transcript. We prove the security of our ID-based AKA protocols in therandom oracle model.

Efficient and provably secure client-to-client password-based key exchange protocol

We study client-to-client password-authenticated key exchange (C2C-PAKE) enabling two clients in different realms to agree on a common session key using different passwords. Byun et al. first presented C2C-PAKE schemes under the cross-realm setting. However, the schemes were not formally treated, and subsequently found to be flawed. In addition, in the schemes, there are still rooms for improvements both in computational and communicational aspects. In this paper we suggest an efficient C2C-PAKE (EC2C-PAKE) protocol, and prove that EC2C-PAKE protocol is secure under the decisional Diffie-Hellman assumption in the ideal cipher and random oracle models.

Constant-Round password-based group key generation for multi-layer ad-hoc networks

In this paper, we consider a multi-layer mobile ad-hoc network (MANET) composed of several kinds of networking units (such as ground soldiers, tanks, and unmanned aerial vehicles) with heterogeneous resources to communicate and compute. In this multi-layer MANET, we first propose a password-based authenticated group key exchange scheme with members different passwords. The proposed scheme only requires constant-round to generate a group session key under the dynamic scenario, hence it is scalable, i.e., the overhead of key generation is independent of the size of a total group. We support the proposed scheme with formal security proof. Namely, our proposed scheme is the first constant-round password-based group key exchange with different passwords for the dynamic setting of MANET.