Woo-Hun Kim

Security enhancement for password authentication schemes with smart cards

Recently, Yang-Wang-Chang proposed an improvement to Yang-Shiehs two password authentication schemes by using smart cards that can withstand a forged login attack. Yang-Wang-Changs improved schemes, however, are still susceptible such attacks. Accordingly, the current paper demonstrates the vulnerability of Yang-Wang-Changs schemes to these attacks and presents an improvements to resolve such a problem.

Efficient Password-Based Authenticated Key Agreement Protocol

In this paper, we present a new password-based authenticated key agreement protocol called PAKA, which provides mutual authentication and key agreement over an insecure channel between two parties knowing only a small password having low entropy. We then extend PAKA to a protocol called PAKA-X, in which the client uses a plaintext version of the password, while the server stores a verifier for the password, and which does not allow an adversary who compromises the server to impersonate a client without actually running a dictionary attack on the password file. The proposed protocols are secure against passive and active attacks and provide perfect forward secrecy.

Robust and simple authentication protocol for secure communication on the web

User authentication is an important part of security, along with confidentiality and integrity, for systems that allow remote access over untrustworthy networks, such as the Internet Web environment. In 2005, Chien-Wang-Yang (CWY) pointed out that Chien-Jans ROSI protocol required state synchronization between the client and the server, and then its state-synchronization property was vulnerable to the Denial of Service (DoS) attack. Furthermore, they proposed an improved protocol that conquered the weaknesses and extended its key agreement functions, and improved the servers performance. Nevertheless, CWYs improved ROSI protocol does not provide perfect forward secrecy and is vulnerable to a Denning-Sacco attack. Accordingly, the current paper demonstrates that CWYs protocol does not provide perfect forward secrecy and is susceptible to a Denning-Sacco attack. We then present an enhanced protocol to isolate such problems.

New conference key agreement protocol with user anonymity

Abstract In 2003, Yang et al. presented a conference key distribution system that was intended to provide user anonymity. Subsequently, Lin et al. pointed out a security flaw in Yang et al.s scheme based on solving linear equations and proposed a modified scheme. Accordingly, the current paper reviews the schemes proposed by Yang et al. and Lin et al., highlights the weakness in both schemes, and then proposes a new conference key agreement scheme with user anonymity.

New authentication protocol providing user anonymity in open network

User authentication is an operation whereby one user is aware of the identity of an another user involved in a protocol. In 2004, Park presented an authentication protocol providing user anonymity based on the secret-key certificate and error-correcting codes called PA protocol. In this paper, it will be argued that PA protocol is vulnerable to the man-in-the-middle attack and does not provide a sufficient level of security. Then, an improved protocol to fix this problem is proposed.

Parallizable simple authenticated key agreement protocol

Recently, Yeh and Sun proposed a simple authenticated key agreement protocol resistant to password guessing attacks called SAKA that is simple and cost-effective. And they provided a formal proof of security to show its strength against both passive and active adversaries. Compared with the previous well-known protocols, SAKA has less number of steps and less computation cost. However, considering the total execution time, SAKA is not the most efficient method, since it does not provide parties with parallel computation. In this paper, we present parallelizable simple authenticated key agreement protocol for improving the efficiency of the SAKA while maintaining provable security.

Group-oriented channel protection for mobile devices in digital multimedia broadcasting

In 2004, Huang et al. proposed a new key distribution scheme for media delivery in Pay-TV Systems based on a four-level key hierarchy. A three-key distribution scheme is proposed in Huang et al.’s paper. They use an exclusive-OR operation and a one-way hash function for key distribution in order to reduce the computational cost. One of the key distribution schemes for subscription channel protection, the group oriented key distribution scheme, however, is inefficient for the digital multimedia broadcasting (DMB) service in resource-limited mobile phones. In this paper, we show that Huang et al.’s scheme is inefficient regarding subscription channel protection. As a result, we propose an improved scheme to reduce this inefficiency by applying a two-level key hierarchy method for a resource limited device, such as the DMB service in mobile phones.

New anonymous user identification and key establishment protocol in distributed networks

Recently, Wu and Hsu showed that Lee and Chang’s anonymous user identification and key establishment protocol was insecure with regard to two attacks and proposed an improved protocol, called the WH protocol. In this paper, we show that the WH protocol is still vulnerable to an unknown-key share attack. Then, we propose an improved protocol to address this problem by applying a mutual authentication method.