Your search keyword '"Kim, Moonseong"' showing total 2 results

1. Provably-secure (Chinese government) SM2 and simplified SM2 key exchange protocols

Author

Ang Yang, Junghyun Nam, Kim-Kwang Raymond Choo, Moonseong Kim, Yang, Ang, Nam, Junghyun, Kim, Moonseong, and Choo, Kim Kwang

Subjects

China, Article Subject, security proofs, Computer science, lcsh:Medicine, security, SM2 protocol, Computer security, computer.software_genre, Mathematical proof, lcsh:Technology, General Biochemistry, Genetics and Molecular Biology, Computer Communication Networks, Security association, Universal composability, lcsh:Science, Protocol (object-oriented programming), Key exchange, Computer Security, General Environmental Science, elliptic curve discrete logarithm problem, lcsh:T, lcsh:R, Reproducibility of Results, General Medicine, Cryptographic protocol, Computer security model, Models, Theoretical, Security service, Government, Bellare Rogaway model, lcsh:Q, computer, Algorithms, Confidentiality, Research Article

Abstract

We revisit the SM2 protocol, which is widely used in Chinese commercial applications and by Chinese government agencies. Although it is by now standard practice for protocol designers to provide security proofs in widely accepted security models in order to assure protocol implementers of their security properties, the SM2 protocol does not have a proof of security. In this paper, we prove the security of the SM2 protocol in the widely accepted indistinguishability-based Bellare-Rogaway model under the elliptic curve discrete logarithm problem (ECDLP) assumption.We also present a simplified and more efficient version of the SM2 protocol with an accompanying security proof. Refereed/Peer-reviewed

Published

2014

2. Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols

Author

Dongho Won, Moonseong Kim, Kim-Kwang Raymond Choo, Juryon Paik, Junghyun Nam, Nam, Junghyun, Choo, Kim-Kwang Raymond, Kim, Moonseong, Paik, Juryon, and Wong, Dongho

Subjects

TheoryofComputation_MISCELLANEOUS, Password, Protocol (science), Dictionary attack, offline dictionary attack, Computer Networks and Communications, Computer science, three-party key exchange, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Adversary, Computer security, computer.software_genre, Password strength, Authenticated Key Exchange, password security, password-based authenticated key exchange (PAKE), Key (cryptography), computer, Key exchange, Information Systems

Abstract

A three-party password-based authenticated key exchange (PAKE) protocol allows two clients registered with a trusted server to generate a common cryptographic key from their individual passwords shared only with the server. A key requirement for three-party PAKE protocols is to prevent an adversary from mounting a dictionary attack. This requirement must be met even when the adversary is a malicious (registered) client who can set up normal protocol sessions with other clients. This work revisits three existing three-party PAKE protocols, namely, Guo et al.’s (2008) protocol, Huang’s (2009) protocol, and Lee and Hwang’s (2010) protocol, and demonstrates that these protocols are not secure against offline and/or (undetectable) online dictionary attacks in the presence of a malicious client. The offline dictionary attack we present against Guo et al.’s protocol also applies to other similar protocols including Lee and Hwang’s protocol. We conclude with some suggestions on how to design a three-party PAKE protocol that is resistant against dictionary attacks Refereed/Peer-reviewed

Published

2013