Robust Key Agreement From Received Signal Strength in Stationary Wireless Networks

( Aiqing Zhang ),( Xinrong Ye ),( Jianxin Chen ),( Liang Zhou ),( Xiaodong Lin ) 한국인터넷정보학회 2016 KSII Transactions on Internet and Information Syst Vol.10 No.5

Key agreement is paramount in secure wireless communications. A promising approach to address key agreement schemes is to extract secure keys from channel characteristics. However, because channels lack randomness, it is difficult for wireless networks with stationary communicating terminals to generate robust keys. In this paper, we propose a Robust Secure Key Agreement (RSKA) scheme from Received Signal Strength (RSS) in stationary wireless networks. In order to mitigate the asymmetry in RSS measurements for communicating parties, the sender and receiver normalize RSS measurements and quantize them into q-bit sequences. They then reshape bit sequences into new l-bit sequences. These bit sequences work as key sources. Rather than extracting the key from the key sources directly, the sender randomly generates a bit sequence as a key and hides it in a promise. This is created from a polynomial constructed on the sender`s key source and key. The receiver recovers the key by reconstructing a polynomial from its key source and the promise. Our analysis shows that the shared key generated by our proposed RSKA scheme has features of high randomness and a high bit rate compared to traditional RSS-based key agreement schemes.

A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud

( Hanshu Hong ),( Zhixin Sun ),( Ximeng Liu ) 한국인터넷정보학회 2016 KSII Transactions on Internet and Information Syst Vol.10 No.5

ABE has become an effective tool for data protection in cloud computing. However, since users possessing the same attributes share the same private keys, there exist some malicious users exposing their private keys deliberately for illegal data sharing without being detected, which will threaten the security of the cloud system. Such issues remain in many current ABE schemes since the private keys are rarely associated with any user specific identifiers. In order to achieve user accountability as well as provide key exposure protection, in this paper, we propose a key-insulated ciphertext policy attribute based encryption with key exposure accountability (KI-CPABE-KEA). In our scheme, data receiver can decrypt the ciphertext if the attributes he owns match with the self-centric policy which is set by the data owner. Besides, a unique identifier is embedded into each user`s private key. If a malicious user exposes his private key for illegal data sharing, his identity can be exactly pinpointed by system manager. The key-insulation mechanism guarantees forward and backward security when key exposure happens as well as provides efficient key updating for users in the cloud system. The higher efficiency with proved security make our KI-CPABE-KEA more appropriate for secure data sharing in cloud computing.

키 유도함수를 결합한 ID 기반 3자 복수키 동의 프로토콜

이상곤 ( Sang-gon Lee ),이훈재 ( Hoon-jae Lee ) 한국인터넷정보학회 2006 인터넷정보학회논문지 Vol.7 No.3

복수키 동의 프로토콜의 목적은 단일키 동의 프로토콜의 거듭 실행에 비하여 계산량과 통신량 면에서 효율성을 얻기 위함이다. 최근에 ID 기반의 3자 복수키 동의 프로토콜들이 제안되었지만, unknown key-share 공격 혹은 impersonation 공격 등에 대한 취약함이 발견되어 모든 종류의 공격에 대하여 안전하면서 효율적인 ID 기반 인증된 3자 키 동의 프로토콜의 설계는 아직 미지의 문제로 남아있다. 본 논문에서는 단일키 동의 프로토콜과 키 유도함수를 결합한 복수키 동의 기법을 제안한다. 기존의 복수키 동의 프로토콜에 비하여 계산적 효율성을 증가시킬 수 있을 뿐 아니라, 안전성이 증명된 단일키 동의 프로토콜과 키 유도함수를 사용함으로써 안전성을 보장받을 수 있다. The purpose of the multiple key agreement protocol is to get efficiency in computational and communicational aspects compared to multiple executions of single key agreement protocol. However ID based tripartite multiple key agreement protocols have been proposed, it is reported that they can not resist unknown key-share attack or impersonation attack. How to design a secure and efficient ID-based authenticated tripartite multiple key agreement scheme to prevent all kinds of attacks remains an open problem. This paper proposes a multiple key agreement scheme combing the existing single key agreement protocol with a key derivation function. The proposed scheme can not only increase computational efficiency compared to the existing multiple key agreement protocol, but can ensure security of the proposed schemes by using a security proofed single key agreement protocol and key derivation function.

난수 재사용 기법을 이용한 다중 키 교환 프로토콜

정익래 ( Ik Rae Jeong ),이동훈 ( Dong Hoon Lee ) 한국정보처리학회 2005 정보처리학회논문지 C : 정보통신,정보보안 Vol.12 No.7

In the paper we study key agreement schemes when a party needs to establish a session key with each of several parties, thus having multiple session keys. This situation can be represented by a graph, called a key graph, where a vertex represents a party and an edge represents a relation between two parties sharing a session key. The purpose of the paper is to design a key agreement protocol forkey graphs to establish all session keys corresponding to al;l edges in a key graph simultaneously in a single session. A key agreement protocol of a key graph is a natural extension of a two-party key agreement protocol. We propose a new key exchange model for key graph which is an extension of a two-party key exchange model. Using the so-called randomness re-use technique thisch re-uses random values to make session keys for different sessions, we suggest two efficient key agreement protocols for key graphs based on the decisional Diffie-Hellman assumption, and prove their securitues in the key exchange model of key graphs. Our first cheme requires only a single round and provides key independence. Our second scheme requires two rounds and provides forward secerecy. Both are proven secure in the standard mode. The suggested protocols are the first pairwise key agreement protocols and more efficient than a simple scheme which use a two-party keyexchange for each necessary key. Suppose that a user makes a session keywith n other users, respectively. The simple scheme''s computational cost and the length ofthe transmitted messages are increased by a factor of n. The suggested protocols''s computational cost also depends on n, nut the length of the transmitted messages are constant.,

Hardware Design of Modular Round Key Generator for AES Cipher Algorithm

Chang-Soo Ha,Jin-Il Kim,Byeong-Yoon Choi 한국멀티미디어학회 2007 한국멀티미디어학회 국제학술대회 Vol.2007 No.-

Generating round key fast in AES algorithm supporting three key sizes, such as 128, 192, and 256-bit keys is a critical factor to develop high throughput AES processors. In this paper, we propose on-the-fly round key generator which can be applied to the pipelined and non-pipelined AES processor that both encryption and decryption modes must be implemented on a chip. The proposed round key generator has modular and area-and-time efficient structure which consists of two key expanders, such as key_exp_m and key_exp_s modules. The round key generator for non-pipelined AES processor with three key sizes and encryption/decryption modes has about 8-ns delay time under 0.25㎛ 2.5V CMOS standard cell library and consists of a bout 17,700 gates.

Quorum-based Key Management Scheme in Wireless Sensor Networks

( Lih-chyau Wuu ),( Chi-hsiang Hung ),( Chia-ming Chang ) 한국인터넷정보학회 2012 KSII Transactions on Internet and Information Syst Vol.6 No.9

To ensure the security of wireless sensor networks, it is important to have a robust key management scheme. In this paper, we propose a Quorum-based key management scheme. A specific sensor, called as key distribution server (KDS), generates a key matrix and establishes a quorum system from the key matrix. The quorum system is a set system of subsets that the intersection of any two subsets is non-empty. In our scheme, each sensor is assigned a subset of the quorum system as its pre-distributed keys. Whenever any two sensors need a shared key, they exchange their IDs, and then each sensor by itself finds a common key from its assigned subset. A shared key is then generated by the two sensors individually based on the common key. By our scheme, no key is needed to be refreshed as a sensor leaves the network. Upon a sensor joining the network, the KDS broadcasts a message containing the joining sensor ID. After receiving the broadcast message, each sensor updates the key which is in common with the new joining one. Only XOR and hash operations are required to be executed during key update process, and each sensor needs to update one key only. Furthermore, if multiple sensors would like to have a secure group communication, the KDS broadcasts a message containing the partial information of a group key, and then each sensor in the group by itself is able to restore the group key by using the secret sharing technique without cooperating with other sensors in the group.

키 전송 프로토콜과 키 동의 프로토콜을 혼용한 효율적인 그룹키 관리 기법 연구

송인수,이대성,김귀남 한국융합보안학회 2009 융합보안 논문지 Vol.9 No.3

네트워크와 무선 통신 기술의 발전으로 그룹기반의 통신에 대한 관심이 증가되고 있다. 그룹간의 안전한 통신을 하기 위해서는 안전한 그룹키 관리와 분배가 필요하다. 그룹키를 관리하는 방법에는 키 전송 프로토콜을 이용한 방법과 키 동의 프로토콜을 이용한 방법으로 나눌 수 있다. 키 전송 프로토콜은 중앙에 서 개체를 인증하고 키를 관리 및 분배하기 때문에 확장성과 중앙 개체의 오류로 인한 인증과 분배 기능을 하지 못하는 문제가 있다. 키 동의 프로토콜은 개체의 잦은 변동으로 인한 키 갱신의 문제와 개체 수가 많아지면 그룹키 생성 연산량이 증가하는 문제점이 있다. 따라서 본 논문은 키 전송 프로토콜의 문제점과 키 동의 프로토콜의 문제점을 해결하고, 두 프로토콜의 장점들을 혼용한 효율적인 그룹키 관리 기법을 제안한다. 또한 스킴 안전성 분석과 효율성 분석을 통하여 제안 방법의 효율성을 입증하였다. The expansion of developing network and wireless technique has made growly communication in the group. Safety group key management and distribution are needed for the secure communications. Group key management method can be divided key transfer protocols and key agreement protocols. Key transfer protocols have extension problem and function error as key distribution center is not worked. Key agreement protocols have problems of updating the key from changed object frequently and increased operation generating group key. In this paper, we present the way of solving the problems of key transfer protocols and key agreement protocols. We propose the effective group key management using combined those key protocols. Then, We evaluate this methods through security and performance analysis.

Secret Key Sharing Cryptosystem using Optical Phase-shifting Digital Holography

전석희,길상근 한국광학회 2019 Current Optics and Photonics Vol.3 No.2

A new secret-key-sharing cryptosystem using optical phase-shifting digital holography is proposed. The proposed secret-key-sharing algorithm is based on the Diffie-Hellman key-exchange protocol, which is modified to an optical cipher system implemented by a two-step quadrature phase-shifting digital holographic encryption method using orthogonal polarization. Two unknown users’ private keys are encrypted by two-step phase-shifting digital holography and are changed into three digital-hologram ciphers, which are stored by computer and are opened to a public communication network for secret-key-sharing. Two-step phase-shifting digital holograms are acquired by applying a phase step of 0 or π/2 in the reference beam’s path. The encrypted digital hologram in the optical setup is a Fourier-transform hologram, and is recorded on CCDs with 256 quantized gray-level intensities. The digital hologram shows an analog-type noise-like randomized cipher with a two-dimensional array, which has a stronger security level than conventional electronic cryptography, due to the complexity of optical encryption, and protects against the possibility of a replay attack. Decryption with three encrypted digital holograms generates the same shared secret key for each user. Schematically, the proposed optical configuration has the advantage of producing a kind of double-key encryption, which can enhance security strength compared to the conventional Diffie-Hellman key-exchange protocol. Another advantage of the proposed secret-key-sharing cryptosystem is that it is free to change each user’s private key in generating the public keys at any time. The proposed method is very effective cryptography when applied to a secret-key-exchange cryptosystem with high security strength.

키 관리시스템의 부하절감을 위한 향상된 키 분배 메커니즘과 보안프로토콜

전정훈(Jeon Jeong Hoon) 한국컴퓨터정보학회 2006 韓國컴퓨터情報學會論文誌 Vol.11 No.6

유비쿼터스 환경에서 각종 서비스와 장비의 발전은 멀티캐스트 사용자의 급증과 멀티캐스트 키의 다양한 해킹공격을 예상케 하고 있다. 이러한 멀티캐스트 사용자의 급증과 보안프로토콜의 적용은 중앙 키 관리시스템의 부하를 증가시켜 성능을 저하시킨다. 따라서 본 논문에서는 멀티캐스트 서비스의 효율성과 안정성을 극대화하기 위해 키 관리 메커니즘의 기능성을 향상시키고자 한다. 기존 키 관리 메커니즘의 비교와 시뮬레이션을 통해 문제를 분석하고, 문제해결을 위한 제안방법으로 소그룹화와 키 길이제어, 새로운 보안프로토콜의 적용을 통해 기존의 메커니즘의 기능성을 향상시킨 SMKD(Secure Multicast Key Distribution)메커니즘을 제안하고자 한다. 본 논문의 SMKD는 중앙 키 관리시스템의 키 분배와 암호화 수행에 따르는 부하를 경감하고, 효율적인 키 관리를 통해 시스템에 안정성을 보장한다. In an Ubiquitous Environment, the growth of various services and equipment is forecasted to increase both the multicast users and diverse hacking attacks of the multicast key. Rapid increasing of multicast users and application security protocols reduce the performance of the Central key management system. Accordingly, We propose to elevate the functionality of the key management mechanism for greater efficiency and stability of the multicast services, in this paper. The existing key management mechanism comparison and simulation will analyze these problems. We propose the advanced SMKD (Secure Multicast Key Distribution) mechanism application of the small group and key length control, new security protocol by methods to solve these problems. The SMKD Model in this paper will help reduce loading the key distribution and encryption execution of a central key management system, and this model can also ensure stability to a central key management system by efficient key management.

RSA 공개키 알고리즘을 이용한 크립토시스템 설계

최재연 한국지식정보기술학회 2022 한국지식정보기술학회 논문지 Vol.17 No.2

The public key used in RSA encryption is openly registered in the public system so that other users of the system can send private messages, and the registrant of the public key has his or her own private key. The RSA authentication scheme is vulnerable to so-called 'chosen cryptogram attack'. This kind of attack can be applied to authentication of unpredictable messages only, the forger is forced to select cryptograms at random. The only known cryptosystem which can be adapted for both authentication and secrecy at the same time is the RSA system. The key to guaranteeing personal information in a public key cryptography system is that it is extremely difficult to derive a private key for decryption from a public key. In this paper, public and private keys are designed so that messages can be transmitted and received safely using the RSA algorithm exposed to various attacks. The proposed method shows relatively good performance in key generation, confidential data is very secure and reliable, and the proposed algorithm increases the randomness of the key used. This method provides more security due to random key generation and is more economical to develop compared to other public key encryption algorithms, and encryption algorithms consume significant amounts of computing resources such as CPU time, memory and battery power. However, this could be improved in the future by making this method compatible for encrypting multimedia data that must be transmitted securely over an unsecured channel. However, this could be improved in the future by making this method compatible for encrypting multimedia data that must be transmitted securely over an unsecured channel.