18 results on '"Choo, Kim-Kwang Raymond"'
Search Results
2. A secure and efficient public auditing scheme using RSA algorithm for cloud storage
- Author
-
Xu, Zhiyan, Wu, Libing, Khan, Muhammad Khurram, Choo, Kim-Kwang Raymond, and He, Debiao
- Published
- 2017
- Full Text
- View/download PDF
3. Strongly-Secure Identity-Based Key Agreement and Anonymous Extension
- Author
-
Chow, Sherman S. M., Choo, Kim-Kwang Raymond, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Garay, Juan A., editor, Lenstra, Arjen K., editor, Mambo, Masahiro, editor, and Peralta, René, editor
- Published
- 2007
- Full Text
- View/download PDF
4. Secure Password-Based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks
- Author
-
Tang, Qiang, Choo, Kim-Kwang Raymond, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Dough, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Zhou, Jianying, editor, Yung, Moti, editor, and Bao, Feng, editor
- Published
- 2006
- Full Text
- View/download PDF
5. Perfect forward secure identity-based authenticated key agreement protocol in the escrow mode
- Author
-
Wang, ShengBao, Cao, ZhenFu, Cheng, ZhaoHui, and Choo, Kim-Kwang Raymond
- Published
- 2009
- Full Text
- View/download PDF
6. A Provably Secure Two-Factor Authentication Scheme for USB Storage Devices.
- Author
-
Ayub, Muhammad Faizan, Shamshad, Salman, Mahmood, Khalid, Islam, SK Hafizul, Parizi, Reza M., and Choo, Kim-Kwang Raymond
- Subjects
MULTI-factor authentication ,USB technology ,PERSONALLY identifiable information ,STORAGE ,SCIENTIFIC computing - Abstract
Universal Serial Bus (USB) is widely used, for example to facilitate hot-swapping and plug-and-play. However, USB ports can be exploited by an adversary to extract private or personal data from the connected devices. Hence, a number of organizations and workplaces have prohibited their employees from using USB devices, and there have been efforts to design secure USB storage device schemes to more effectively resist different known security attacks. However, designing such schemes is challenging. For example, in this article we revisit the Wei et al.’s scheme, and demonstrate that it is vulnerable to attacks such as password guessing and user impersonation. We also explain that the scheme does not verify the correctness of user’s input in the login phase, which is another design flaw. Then, we present an improved scheme and prove it secure in the random oracle model. [ABSTRACT FROM AUTHOR]
- Published
- 2020
- Full Text
- View/download PDF
7. White-Box Implementation of Shamir’s Identity-Based Signature Scheme.
- Author
-
Feng, Qi, He, Debiao, Wang, Huaqun, Kumar, Neeraj, and Choo, Kim-Kwang Raymond
- Abstract
Digital signature schemes have been extensively studied in the literature, where a large number of such schemes with different properties have been designed for different applications. For example, identity-based signature (IBS) schemes can efficiently map a user’s digital public key to his/her real-world identity (e.g., e-mail address). However, existing implementations of IBS schemes are not generally designed for white-box security (WBS), particularly concerning the protection of the private key when special attackers have full access to the execution environment. Therefore, in this paper, we propose the first white-box implementation for the classical Shamir’s IBS scheme. The basic idea is to utilize a mathematical transformation for embedding private key into some special tables, such that the original private key could be “invisible” during the execution process. We then analyze the security requirements achieved in our implementation, including the conventional black-box security under the random oracle model and WBS (e.g., key recovery attack resilience). This is the first IBS scheme implementation that satisfies WBS. It is also shown from the simulation that the implementation incurs a constant computational cost, which is realistic in deployments where a high security level is required. [ABSTRACT FROM AUTHOR]
- Published
- 2020
- Full Text
- View/download PDF
8. A provable-secure and practical two-party distributed signing protocol for SM2 signature algorithm.
- Author
-
Zhang, Yudi, He, Debiao, Zhang, Mingwu, and Choo, Kim-Kwang Raymond
- Published
- 2020
- Full Text
- View/download PDF
9. On the design of a secure user authentication and key agreement scheme for wireless sensor networks.
- Author
-
Kumari, Saru, Das, Ashok Kumar, Wazid, Mohammad, Li, Xiong, Wu, Fan, Choo, Kim‐Kwang Raymond, and Khan, Muhammad Khurram
- Subjects
WIRELESS sensor networks ,COMPUTER access control ,KEY agreement protocols (Computer network protocols) ,WIRELESS sensor nodes ,COMPUTER passwords - Abstract
A wireless sensor network (WSN) typically consists of a large number of resource-constrained sensor nodes and several control or gateway nodes. Ensuring the security of the asymmetric nature of WSN is challenging, and designing secure and efficient user authentication and key agreement schemes for WSNs is an active research area. For example, in 2016, Farash et al. proposed a user authentication and key agreement scheme for WSNs. However, we reveal previously unpublished vulnerabilities in their scheme, which allow an attacker to carry out sensor node spoofing, password guessing, user/sensor node anonymity, and user impersonation attacks. We then present a scheme, which does not suffer from the identified vulnerabilities. To demonstrate the practicality of the scheme, we evaluate the scheme using NS-2 simulator. We then prove the scheme secure using Burrows-Abadi-Needham logic. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]
- Published
- 2017
- Full Text
- View/download PDF
10. Efficient Hierarchical Identity-Based Signature With Batch Verification for Automatic Dependent Surveillance-Broadcast System.
- Author
-
He, Debiao, Kumar, Neeraj, Choo, Kim-Kwang Raymond, and Wu, Wei
- Abstract
The automatic-dependent surveillance-broad-cast (ADS-B) is generally regarded as the most important module in air traffic surveillance technology. To obtain better airline security, ADS-B system will be deployed in most airspace by 2020, where aircraft will be equipped with an ADS-B device that periodically broadcasts messages to other aircraft and ground station controllers. Due to the open communication environment, the ADS-B system is subject to a broad range of attacks. To simultaneously implement both integrity and authenticity of messages transmitted in the ADS-B system, Yang et al. proposed a new authentication frame based on the three-level hierarchical identity-based signature (TLHIBS) scheme with batch verification, as well as constructing two schemes for the ADS-B system. However, neither TLHIBS schemes are sufficiently lightweight for practical deployment due to the need for complex hash-to-point operation or expensive certification management. In this paper, we construct an efficient TLHIBS scheme with batch verification for the ADS-B system. Our scheme does not require hash-to-point operation or (expensive) certification management. We then prove the TLHIBS scheme secure in the random oracle model. We also demonstrate the practicality of the scheme using experiments, whose findings indicate that the TLHIBS scheme supports attributes required by the ADS-B system without the computation cost in Chow et al.’s scheme and Yang et al.’s TLHIBS schemes. [ABSTRACT FROM PUBLISHER]
- Published
- 2017
- Full Text
- View/download PDF
11. An Integrative Framework to Protocol Analysis and Repair: Bellare–Rogaway Model + Planning + Model Checker.
- Author
-
Choo, Kim-Kwang Raymond
- Subjects
- *
PROTOCOL analysis (Cognition) , *HOMOMORPHISMS , *MATHEMATICAL models , *STATE-space methods , *COMPUTATIONAL complexity , *COMPUTER security , *ARTIFICIAL intelligence - Abstract
A modified version of the Bellare and Rogaway (1993) adversarial model is encoded using Asynchronous Product Automata (APA). A model checker tool, Simple Homomorphism Verification Tool (SHVT), is then used to perform state-space analysis on the Automata in the setting of planning problem. The three-party identity-based secret public key protocol (3P-ID-SPK) protocol of Lim and Paterson (2006), which claims to provide explicit key authentication, is used as a case study. We then refute its heuristic security argument by revealing a previously unpublished flaw in the protocol using SHVT. We then show how our approach can automatically repair the protocol. This is, to the best of our knowledge, the first work that integrates an adversarial model from the computational complexity paradigm with an automated tool from the computer security paradigm to analyse protocols in an artificial intelligence problem setting – planning problem – and, more importantly, to repair protocols. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
12. On the Security Analysis of Lee, Hwang & Lee (2004) and Song & Kim (2000) Key Exchange / Agreement Protocols.
- Author
-
Choo, Kim-Kwang Raymond
- Subjects
- *
COMPUTER passwords , *COMPUTER networks , *INTERNET , *DATA protection , *DATA encryption , *CRYPTOGRAPHY - Abstract
We revisit the password-based group key exchange protocol due to Lee et al. (2004), which carries a claimed proof of security in the Bresson et al. model under the intractability of the Decisional Diffie–Hellman problem (DDH) and Computational Diffie–Hellman (CDH) problem. We reveal a previously unpublished flaw in the protocol and its proof, whereby we demonstrate that the protocol violates the definition of security in the model. To provide a better insight into the protocol and proof failures, we present a fixed protocol. We hope our analysis will enable similar mistakes to be avoided in the future. We also revisit protocol 4 of Song and Kim (2000), and reveal a previously unpublished flaw in the protocol (i.e., a reflection attack). [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
13. An improved identity-based key agreement protocol and its security proof
- Author
-
Wang, Shengbao, Cao, Zhenfu, Choo, Kim-Kwang Raymond, and Wang, Lihua
- Subjects
- *
PUBLIC key infrastructure (Computer security) , *COMPUTER security , *COMPUTER network security , *COMPUTER network protocols , *CYBERTERRORISM , *DATA security , *DATA protection - Abstract
Abstract: We revisit the identity-based (ID-based) key agreement protocol due to Ryu et al. The protocol is highly efficient and suitable for real-world applications despite offering no resilience against key-compromise impersonation (K-CI). We show that the protocol is also insecure against reflection attacks. We propose a slight modification to the protocol and prove its security in a widely accepted model. [Copyright &y& Elsevier]
- Published
- 2009
- Full Text
- View/download PDF
14. A secure and efficient public auditing scheme using RSA algorithm for cloud storage
- Author
-
Debiao He, Zhiyan Xu, Libing Wu, Kim-Kwang Raymond Choo, Muhammad Khurram Khan, Xu, Zhiyan, Wu, Libing, Khan, Muhammad Khurram, Choo, Kim-Kwang Raymond, and He, Debiao
- Subjects
cloud storage ,Scheme (programming language) ,Computer science ,Distributed computing ,Cloud computing ,02 engineering and technology ,Audit ,Computer security ,computer.software_genre ,Theoretical Computer Science ,Data recovery ,Random oracle ,Data integrity ,data integrity checking ,0202 electrical engineering, electronic engineering, information engineering ,provable security ,computer.programming_language ,020203 distributed computing ,Cloud computing security ,business.industry ,020206 networking & telecommunications ,Hardware and Architecture ,data recovery attack ,Scalability ,business ,Cloud storage ,computer ,Software ,Information Systems - Abstract
Cloud storage is widely used by both individual and organizational users due to the many benefits, such as scalability, ubiquitous access, and low maintenance cost (and generally free for individual users). However, there are known security and privacy issues in migrating data to the cloud. To ensure or verify data integrity, a number of cloud data integrity checking schemes with different properties have been presented in the literature. Most existing schemes were subsequently found to be insecure or have high computation and communication costs. More recently in 2016, Yu et al. (Future Gener Comput Syst 62:85–91, 2016) proposed an identity-based auditing scheme for checking the integrity of cloud data. However, in this paper, we reveal that the scheme is vulnerable to data recovery attack. We also present a new identity-based public auditing scheme and formally prove the security of the scheme under the RSA assumption with large public exponents in the random oracle model. We then evaluate the performance of our proposed scheme and demonstrate that in comparison with Yu et al.'s scheme, our proposal is more practical in real-world applications. Refereed/Peer-reviewed
- Published
- 2017
15. Efficient Hierarchical Identity-Based Signature With Batch Verification for Automatic Dependent Surveillance-Broadcast System
- Author
-
Wei Wu, Debiao He, Neeraj Kumar, Kim-Kwang Raymond Choo, He, Debiao, Kumar, Neeraj, Choo, Kim Kwang Raymond, and Wu, Wei
- Subjects
hierarchical identity-based signature ,Scheme (programming language) ,Authentication ,Automatic dependent surveillance-broadcast ,Computer Networks and Communications ,business.industry ,Computer science ,Distributed computing ,batch verification ,020206 networking & telecommunications ,02 engineering and technology ,Signature (logic) ,automatic dependent surveillance-broadcast ,Random oracle ,Public-key cryptography ,Software deployment ,0202 electrical engineering, electronic engineering, information engineering ,authentication ,020201 artificial intelligence & image processing ,provable security ,Safety, Risk, Reliability and Quality ,business ,computer ,Simulation ,computer.programming_language - Abstract
The automatic-dependent surveillance-broad-cast (ADS-B) is generally regarded as the most important module in air traffic surveillance technology. To obtain better airline security, ADS-B system will be deployed in most airspace by 2020, where aircraft will be equipped with an ADS-B device that periodically broadcasts messages to other aircraft and ground station controllers. Due to the open communication environment, the ADS-B system is subject to a broad range of attacks. To simultaneously implement both integrity and authenticity of messages transmitted in the ADS-B system, Yang et al. proposed a new authentication frame based on the three-level hierarchical identity-based signature (TLHIBS) scheme with batch verification, as well as constructing two schemes for the ADS-B system. However, neither TLHIBS schemes are sufficiently lightweight for practical deployment due to the need for complex hash-to-point operation or expensive certification management. In this paper, we construct an efficient TLHIBS scheme with batch verification for the ADS-B system. Our scheme does not require hash-to-point operation or (expensive) certification management. We then prove the TLHIBS scheme secure in the random oracle model. We also demonstrate the practicality of the scheme using experiments, whose findings indicate that the TLHIBS scheme supports attributes required by the ADS-B system without the computation cost in Chow et al.'s scheme and Yang et al.'s TLHIBS schemes. Refereed/Peer-reviewed
- Published
- 2017
16. Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation
- Author
-
Dongho Won, Moonseong Kim, Juryon Paik, Sangchul Han, Junghyun Nam, Kim-Kwang Raymond Choo, Nam, Junghyun, Choo, Kim-Kwang Raymond, Han, Sangchul, Kim, Moonseong, Paik, Juryon, and Won, Dongho
- Subjects
FOS: Computer and information sciences ,Provable security ,Computer Science - Cryptography and Security ,Computer science ,Health Smart Cards ,lcsh:Medicine ,Cryptography ,Encryption ,Computer Communication Networks ,Humans ,Elliptic curve cryptography ,lcsh:Science ,Computer Security ,Password ,Authentication ,Multidisciplinary ,business.industry ,lcsh:R ,Models, Theoretical ,lcsh:Q ,Smart card ,business ,Cryptography and Security (cs.CR) ,Wireless Technology ,Wireless sensor network ,Algorithms ,Confidentiality ,Research Article ,Anonymity ,Computer network - Abstract
A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper,we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks). Refereed/Peer-reviewed
- Published
- 2015
17. Perfect forward secure identity-based authenticated key agreement protocol in the escrow mode
- Author
-
Kim-Kwang Raymond Choo, Zhaohui Cheng, Shengbao Wang, Zhenfu Cao, Wang, ShengBao, Cao, ZhenFu, Cheng, ZhaoHui, and Choo, Kim Kwang Raymond
- Subjects
authenticated key agreement ,Key-agreement protocol ,Provable security ,modular security proof ,General Computer Science ,bilinear pairing ,Computer science ,Escrow ,Computer security ,computer.software_genre ,Random oracle ,Forward secrecy ,Key (cryptography) ,Identity (object-oriented programming) ,perfect forward secrecy ,provable security ,computer ,Protocol (object-oriented programming) - Abstract
There are several essential features in key agreement protocols such as key escrow (essential when con¯dentiality, audit trail and legal interception are required) and perfect forward secrecy (i.e., the security of a session key estab- lished between two or more entities is guaranteed even when the private keys of the entities are compromised). Majority of the existing escrowable identity-based key agreement protocols, however, only provide partial forward secrecy. Therefore, such protocols are unsuitable for real-word applications that require a stronger sense of forward secrecy | perfect forward secrecy. In this paper, we propose an e±cient perfect forward secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Di±e-Hellman (GBDH) problem. Security proofs are invaluable tools in assuring protocol implementers about the security properties of protocols. We note, however, that many existing security proofs of previously published identity-based protocols entail lengthy and compli- cated mathematical proofs. In this paper, our proof adopts a modular approach and, hence, simpler to follow. Refereed/Peer-reviewed
- Published
- 2009
18. Password-only authenticated three-party key exchange with provable security in the standard model
- Author
-
Junghwan Kim, Hyun-Kyu Kang, Dongho Won, Juryon Paik, Jin-Soo Kim, Kim-Kwang Raymond Choo, Junghyun Nam, Nam, Junghyun, Choo, Kim-Kwang Raymond, Kim, Junghwan, Kang, Hyun-Kyu, Kim, Jinsoo, Paik, Juryon, and Wong, Dongho
- Subjects
Provable security ,game theory ,Article Subject ,Computer science ,lcsh:Medicine ,Information Storage and Retrieval ,Computer security ,computer.software_genre ,algorithms ,information storage and retrieval ,lcsh:Technology ,One-time password ,General Biochemistry, Genetics and Molecular Biology ,Password strength ,Game Theory ,Security association ,lcsh:Science ,Computer Security ,Key exchange ,General Environmental Science ,Password ,lcsh:T ,lcsh:R ,General Medicine ,Authenticated Key Exchange ,lcsh:Q ,Challenge–response authentication ,computer ,Algorithms ,Research Article ,computer security - Abstract
Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks. Refereed/Peer-reviewed
- Published
- 2014
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.