Search

Your search keyword '"Choo, Kim-Kwang Raymond"' showing total 18 results
Start Over Author "Choo, Kim-Kwang Raymond" Topic provable security
18 results on '"Choo, Kim-Kwang Raymond"'

3. Strongly-Secure Identity-Based Key Agreement and Anonymous Extension

Author

Chow, Sherman S. M., Choo, Kim-Kwang Raymond, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Garay, Juan A., editor, Lenstra, Arjen K., editor, Mambo, Masahiro, editor, and Peralta, René, editor

Published
2007
Full Text
View/download PDF

4. Secure Password-Based Authenticated Group Key Agreement for Data-Sharing Peer-to-Peer Networks

Author

Tang, Qiang, Choo, Kim-Kwang Raymond, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Dough, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Zhou, Jianying, editor, Yung, Moti, editor, and Bao, Feng, editor

Published
2006
Full Text
View/download PDF

6. A Provably Secure Two-Factor Authentication Scheme for USB Storage Devices.

Author

Ayub, Muhammad Faizan, Shamshad, Salman, Mahmood, Khalid, Islam, SK Hafizul, Parizi, Reza M., and Choo, Kim-Kwang Raymond

Subjects
MULTI-factor authentication, USB technology, PERSONALLY identifiable information, STORAGE, SCIENTIFIC computing
Abstract

Universal Serial Bus (USB) is widely used, for example to facilitate hot-swapping and plug-and-play. However, USB ports can be exploited by an adversary to extract private or personal data from the connected devices. Hence, a number of organizations and workplaces have prohibited their employees from using USB devices, and there have been efforts to design secure USB storage device schemes to more effectively resist different known security attacks. However, designing such schemes is challenging. For example, in this article we revisit the Wei et al.’s scheme, and demonstrate that it is vulnerable to attacks such as password guessing and user impersonation. We also explain that the scheme does not verify the correctness of user’s input in the login phase, which is another design flaw. Then, we present an improved scheme and prove it secure in the random oracle model. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

7. White-Box Implementation of Shamir’s Identity-Based Signature Scheme.

Author

Feng, Qi, He, Debiao, Wang, Huaqun, Kumar, Neeraj, and Choo, Kim-Kwang Raymond

Abstract

Digital signature schemes have been extensively studied in the literature, where a large number of such schemes with different properties have been designed for different applications. For example, identity-based signature (IBS) schemes can efficiently map a user’s digital public key to his/her real-world identity (e.g., e-mail address). However, existing implementations of IBS schemes are not generally designed for white-box security (WBS), particularly concerning the protection of the private key when special attackers have full access to the execution environment. Therefore, in this paper, we propose the first white-box implementation for the classical Shamir’s IBS scheme. The basic idea is to utilize a mathematical transformation for embedding private key into some special tables, such that the original private key could be “invisible” during the execution process. We then analyze the security requirements achieved in our implementation, including the conventional black-box security under the random oracle model and WBS (e.g., key recovery attack resilience). This is the first IBS scheme implementation that satisfies WBS. It is also shown from the simulation that the implementation incurs a constant computational cost, which is realistic in deployments where a high security level is required. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

9. On the design of a secure user authentication and key agreement scheme for wireless sensor networks.

Author

Kumari, Saru, Das, Ashok Kumar, Wazid, Mohammad, Li, Xiong, Wu, Fan, Choo, Kim‐Kwang Raymond, and Khan, Muhammad Khurram

Subjects
WIRELESS sensor networks, COMPUTER access control, KEY agreement protocols (Computer network protocols), WIRELESS sensor nodes, COMPUTER passwords
Abstract

A wireless sensor network (WSN) typically consists of a large number of resource-constrained sensor nodes and several control or gateway nodes. Ensuring the security of the asymmetric nature of WSN is challenging, and designing secure and efficient user authentication and key agreement schemes for WSNs is an active research area. For example, in 2016, Farash et al. proposed a user authentication and key agreement scheme for WSNs. However, we reveal previously unpublished vulnerabilities in their scheme, which allow an attacker to carry out sensor node spoofing, password guessing, user/sensor node anonymity, and user impersonation attacks. We then present a scheme, which does not suffer from the identified vulnerabilities. To demonstrate the practicality of the scheme, we evaluate the scheme using NS-2 simulator. We then prove the scheme secure using Burrows-Abadi-Needham logic. Copyright © 2016 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

10. Efficient Hierarchical Identity-Based Signature With Batch Verification for Automatic Dependent Surveillance-Broadcast System.

Author

He, Debiao, Kumar, Neeraj, Choo, Kim-Kwang Raymond, and Wu, Wei

Abstract

The automatic-dependent surveillance-broad-cast (ADS-B) is generally regarded as the most important module in air traffic surveillance technology. To obtain better airline security, ADS-B system will be deployed in most airspace by 2020, where aircraft will be equipped with an ADS-B device that periodically broadcasts messages to other aircraft and ground station controllers. Due to the open communication environment, the ADS-B system is subject to a broad range of attacks. To simultaneously implement both integrity and authenticity of messages transmitted in the ADS-B system, Yang et al. proposed a new authentication frame based on the three-level hierarchical identity-based signature (TLHIBS) scheme with batch verification, as well as constructing two schemes for the ADS-B system. However, neither TLHIBS schemes are sufficiently lightweight for practical deployment due to the need for complex hash-to-point operation or expensive certification management. In this paper, we construct an efficient TLHIBS scheme with batch verification for the ADS-B system. Our scheme does not require hash-to-point operation or (expensive) certification management. We then prove the TLHIBS scheme secure in the random oracle model. We also demonstrate the practicality of the scheme using experiments, whose findings indicate that the TLHIBS scheme supports attributes required by the ADS-B system without the computation cost in Chow et al.’s scheme and Yang et al.’s TLHIBS schemes. [ABSTRACT FROM PUBLISHER]

Published
2017
Full Text
View/download PDF

11. An Integrative Framework to Protocol Analysis and Repair: Bellare–Rogaway Model + Planning + Model Checker.

Author

Choo, Kim-Kwang Raymond

Subjects
*PROTOCOL analysis (Cognition), *HOMOMORPHISMS, *MATHEMATICAL models, *STATE-space methods, *COMPUTATIONAL complexity, *COMPUTER security, *ARTIFICIAL intelligence
Abstract

A modified version of the Bellare and Rogaway (1993) adversarial model is encoded using Asynchronous Product Automata (APA). A model checker tool, Simple Homomorphism Verification Tool (SHVT), is then used to perform state-space analysis on the Automata in the setting of planning problem. The three-party identity-based secret public key protocol (3P-ID-SPK) protocol of Lim and Paterson (2006), which claims to provide explicit key authentication, is used as a case study. We then refute its heuristic security argument by revealing a previously unpublished flaw in the protocol using SHVT. We then show how our approach can automatically repair the protocol. This is, to the best of our knowledge, the first work that integrates an adversarial model from the computational complexity paradigm with an automated tool from the computer security paradigm to analyse protocols in an artificial intelligence problem setting – planning problem – and, more importantly, to repair protocols. [ABSTRACT FROM AUTHOR]

Published
2007
Full Text
View/download PDF

12. On the Security Analysis of Lee, Hwang & Lee (2004) and Song & Kim (2000) Key Exchange / Agreement Protocols.

Author

Choo, Kim-Kwang Raymond

Subjects
*COMPUTER passwords, *COMPUTER networks, *INTERNET, *DATA protection, *DATA encryption, *CRYPTOGRAPHY
Abstract

We revisit the password-based group key exchange protocol due to Lee et al. (2004), which carries a claimed proof of security in the Bresson et al. model under the intractability of the Decisional Diffie–Hellman problem (DDH) and Computational Diffie–Hellman (CDH) problem. We reveal a previously unpublished flaw in the protocol and its proof, whereby we demonstrate that the protocol violates the definition of security in the model. To provide a better insight into the protocol and proof failures, we present a fixed protocol. We hope our analysis will enable similar mistakes to be avoided in the future. We also revisit protocol 4 of Song and Kim (2000), and reveal a previously unpublished flaw in the protocol (i.e., a reflection attack). [ABSTRACT FROM AUTHOR]

Published
2006
Full Text
View/download PDF

13. An improved identity-based key agreement protocol and its security proof

Author

Wang, Shengbao, Cao, Zhenfu, Choo, Kim-Kwang Raymond, and Wang, Lihua

Subjects
*PUBLIC key infrastructure (Computer security), *COMPUTER security, *COMPUTER network security, *COMPUTER network protocols, *CYBERTERRORISM, *DATA security, *DATA protection
Abstract

Abstract: We revisit the identity-based (ID-based) key agreement protocol due to Ryu et al. The protocol is highly efficient and suitable for real-world applications despite offering no resilience against key-compromise impersonation (K-CI). We show that the protocol is also insecure against reflection attacks. We propose a slight modification to the protocol and prove its security in a widely accepted model. [Copyright &y& Elsevier]

Published
2009
Full Text
View/download PDF

14. A secure and efficient public auditing scheme using RSA algorithm for cloud storage

Author

Debiao He, Zhiyan Xu, Libing Wu, Kim-Kwang Raymond Choo, Muhammad Khurram Khan, Xu, Zhiyan, Wu, Libing, Khan, Muhammad Khurram, Choo, Kim-Kwang Raymond, and He, Debiao

Subjects
cloud storage, Scheme (programming language), Computer science, Distributed computing, Cloud computing, 02 engineering and technology, Audit, Computer security, computer.software_genre, Theoretical Computer Science, Data recovery, Random oracle, Data integrity, data integrity checking, 0202 electrical engineering, electronic engineering, information engineering, provable security, computer.programming_language, 020203 distributed computing, Cloud computing security, business.industry, 020206 networking & telecommunications, Hardware and Architecture, data recovery attack, Scalability, business, Cloud storage, computer, Software, Information Systems
Abstract

Cloud storage is widely used by both individual and organizational users due to the many benefits, such as scalability, ubiquitous access, and low maintenance cost (and generally free for individual users). However, there are known security and privacy issues in migrating data to the cloud. To ensure or verify data integrity, a number of cloud data integrity checking schemes with different properties have been presented in the literature. Most existing schemes were subsequently found to be insecure or have high computation and communication costs. More recently in 2016, Yu et al. (Future Gener Comput Syst 62:85–91, 2016) proposed an identity-based auditing scheme for checking the integrity of cloud data. However, in this paper, we reveal that the scheme is vulnerable to data recovery attack. We also present a new identity-based public auditing scheme and formally prove the security of the scheme under the RSA assumption with large public exponents in the random oracle model. We then evaluate the performance of our proposed scheme and demonstrate that in comparison with Yu et al.'s scheme, our proposal is more practical in real-world applications. Refereed/Peer-reviewed

Published
2017

15. Efficient Hierarchical Identity-Based Signature With Batch Verification for Automatic Dependent Surveillance-Broadcast System

Author

Wei Wu, Debiao He, Neeraj Kumar, Kim-Kwang Raymond Choo, He, Debiao, Kumar, Neeraj, Choo, Kim Kwang Raymond, and Wu, Wei

Subjects
hierarchical identity-based signature, Scheme (programming language), Authentication, Automatic dependent surveillance-broadcast, Computer Networks and Communications, business.industry, Computer science, Distributed computing, batch verification, 020206 networking & telecommunications, 02 engineering and technology, Signature (logic), automatic dependent surveillance-broadcast, Random oracle, Public-key cryptography, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, authentication, 020201 artificial intelligence & image processing, provable security, Safety, Risk, Reliability and Quality, business, computer, Simulation, computer.programming_language
Abstract

The automatic-dependent surveillance-broad-cast (ADS-B) is generally regarded as the most important module in air traffic surveillance technology. To obtain better airline security, ADS-B system will be deployed in most airspace by 2020, where aircraft will be equipped with an ADS-B device that periodically broadcasts messages to other aircraft and ground station controllers. Due to the open communication environment, the ADS-B system is subject to a broad range of attacks. To simultaneously implement both integrity and authenticity of messages transmitted in the ADS-B system, Yang et al. proposed a new authentication frame based on the three-level hierarchical identity-based signature (TLHIBS) scheme with batch verification, as well as constructing two schemes for the ADS-B system. However, neither TLHIBS schemes are sufficiently lightweight for practical deployment due to the need for complex hash-to-point operation or expensive certification management. In this paper, we construct an efficient TLHIBS scheme with batch verification for the ADS-B system. Our scheme does not require hash-to-point operation or (expensive) certification management. We then prove the TLHIBS scheme secure in the random oracle model. We also demonstrate the practicality of the scheme using experiments, whose findings indicate that the TLHIBS scheme supports attributes required by the ADS-B system without the computation cost in Chow et al.'s scheme and Yang et al.'s TLHIBS schemes. Refereed/Peer-reviewed

Published
2017

16. Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation

Author

Dongho Won, Moonseong Kim, Juryon Paik, Sangchul Han, Junghyun Nam, Kim-Kwang Raymond Choo, Nam, Junghyun, Choo, Kim-Kwang Raymond, Han, Sangchul, Kim, Moonseong, Paik, Juryon, and Won, Dongho

Subjects
FOS: Computer and information sciences, Provable security, Computer Science - Cryptography and Security, Computer science, Health Smart Cards, lcsh:Medicine, Cryptography, Encryption, Computer Communication Networks, Humans, Elliptic curve cryptography, lcsh:Science, Computer Security, Password, Authentication, Multidisciplinary, business.industry, lcsh:R, Models, Theoretical, lcsh:Q, Smart card, business, Cryptography and Security (cs.CR), Wireless Technology, Wireless sensor network, Algorithms, Confidentiality, Research Article, Anonymity, Computer network
Abstract

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper,we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks). Refereed/Peer-reviewed

Published
2015

17. Perfect forward secure identity-based authenticated key agreement protocol in the escrow mode

Author

Kim-Kwang Raymond Choo, Zhaohui Cheng, Shengbao Wang, Zhenfu Cao, Wang, ShengBao, Cao, ZhenFu, Cheng, ZhaoHui, and Choo, Kim Kwang Raymond

Subjects
authenticated key agreement, Key-agreement protocol, Provable security, modular security proof, General Computer Science, bilinear pairing, Computer science, Escrow, Computer security, computer.software_genre, Random oracle, Forward secrecy, Key (cryptography), Identity (object-oriented programming), perfect forward secrecy, provable security, computer, Protocol (object-oriented programming)
Abstract

There are several essential features in key agreement protocols such as key escrow (essential when con¯dentiality, audit trail and legal interception are required) and perfect forward secrecy (i.e., the security of a session key estab- lished between two or more entities is guaranteed even when the private keys of the entities are compromised). Majority of the existing escrowable identity-based key agreement protocols, however, only provide partial forward secrecy. Therefore, such protocols are unsuitable for real-word applications that require a stronger sense of forward secrecy | perfect forward secrecy. In this paper, we propose an e±cient perfect forward secure identity-based key agreement protocol in the escrow mode. We prove the security of our protocol in the random oracle model, assuming the intractability of the Gap Bilinear Di±e-Hellman (GBDH) problem. Security proofs are invaluable tools in assuring protocol implementers about the security properties of protocols. We note, however, that many existing security proofs of previously published identity-based protocols entail lengthy and compli- cated mathematical proofs. In this paper, our proof adopts a modular approach and, hence, simpler to follow. Refereed/Peer-reviewed

Published
2009

18. Password-only authenticated three-party key exchange with provable security in the standard model

Author

Junghwan Kim, Hyun-Kyu Kang, Dongho Won, Juryon Paik, Jin-Soo Kim, Kim-Kwang Raymond Choo, Junghyun Nam, Nam, Junghyun, Choo, Kim-Kwang Raymond, Kim, Junghwan, Kang, Hyun-Kyu, Kim, Jinsoo, Paik, Juryon, and Wong, Dongho

Subjects
Provable security, game theory, Article Subject, Computer science, lcsh:Medicine, Information Storage and Retrieval, Computer security, computer.software_genre, algorithms, information storage and retrieval, lcsh:Technology, One-time password, General Biochemistry, Genetics and Molecular Biology, Password strength, Game Theory, Security association, lcsh:Science, Computer Security, Key exchange, General Environmental Science, Password, lcsh:T, lcsh:R, General Medicine, Authenticated Key Exchange, lcsh:Q, Challenge–response authentication, computer, Algorithms, Research Article, computer security
Abstract

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks. Refereed/Peer-reviewed

Published
2014

Catalog

Books, media, physical & digital resources
See catalog results