International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Junghyun Nam

Publications

Year
Venue
Title
2014
EPRINT
2014
EPRINT
2010
EPRINT
A Security Weakness in a Generic Construction of a Group Key Exchange Protocol
Junghyun Nam
Protocols for group key exchange are cryptographic algorithms that allow a group of parties communicating over a public network to come up with a common secret key. One of the interesting results of research on group key exchange is the protocol compiler presented by Abdalla et al.~in TCC '07. Abdalla et al.'s compiler shows how one can transform any authenticated 2-party key exchange protocol into an authenticated group key exchange protocol with 2 more rounds of communication. This compiler certainly is elegant in its genericness, symmetricity, simplicity and efficiency. However, the situation completely changes when it comes to security. In this work, we reveal a major security weakness in Abdalla et al.'s compiler and show how to address it. The security weakness uncovered here implies that Abdalla et al.'s proof of security for their compiler is invalid.
2010
EPRINT
Security Improvement on a Password-Authenticated Group Key Exchange Protocol
Junghyun Nam
A group key exchange (GKE) protocol is designed to allow a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. Among the many protocols is Yi et al.'s password-authenticated GKE protocol in which each participant is assumed to hold their individual password registered with a trusted server. A fundamental requirement for password-authenticated key exchange is security against off-line dictionary attacks. However, Yi et al.'s protocol fails to meet the requirement. In this work, we report this security problem with Yi et al.'s protocol and show how to solve it.
2008
EPRINT
Infringing and Improving Password Security of a Three-Party Key Exchange Protocol
Junghyun Nam
Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an attempt to determine the correct one. We then figure out how to eliminate the security vulnerability of S-3PAKE.
2007
EPRINT
Enhancing Security of a Group Key Exchange Protocol for Users with Individual Passwords
Junghyun Nam
Group key exchange protocols allow a group of parties communicating over a public network to come up with a common secret key called a session key. Due to their critical role in building secure multicast channels, a number of group key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called EKE-M protocol proposed by Byun and Lee for password-based group key exchange in the different password authentication model, where group members are assumed to hold an individual password rather than a common password. While the announcement of the EKE-M protocol was essential in the light of the practical significance of the different password authentication model, Tang and Chen showed that the EKE-M protocol itself suffers from an undetectable on-line dictionary attack. Given Tang and Chen's attack, Byun et al.~have recently suggested a modification to the EKE-M protocol and claimed that their modification makes EKE-M resistant to the attack. However, the claim turned out to be untrue. In the current paper, we demonstrate this by showing that Byun et al.'s modified EKE-M is still vulnerable to an undetectable on-line dictionary attack. Besides reporting our attack, we also figure out what has gone wrong with Byun et al.'s modification and how to fix it.
2006
EPRINT
Constant Round Group Key Exchange with Logarithmic Computational Complexity
Protocols for group key exchange (GKE) are cryptographic algorithms that describe how a group of parties communicating over a public network can come up with a common secret key. Due to their critical role in building secure multicast channels, a number of GKE protocols have been proposed over the years in a variety of settings. However despite many impressive achievements, it still remains a challenging problem to design a secure GKE protocol which scales very well for large groups. Our observation is that all provably-secure constant-round GKE protocols providing forward secrecy thus far are not fully scalable, but have a computational complexity that scales only linearly in group size. Motivated by this observation, we propose a new GKE protocol that not only offers full scalability in all directions but also attains provable security against active adversaries. Full scalability is achieved by using a complete binary tree structure where users are arranged on both internal and leaf nodes. Security is proved via reduction to the decisional Diffie-Hellman assumption in a well-defined formal model of communication and adversarial capabilities.
2005
EPRINT
Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing
Junghyun Nam Seungjoo Kim Dongho Won
Recently, Wen, Lee, and Hwang proposed a three-party password-authenticated key exchange protocol making use of the Weil pairing. The protocol was claimed to be provably secure. But despite the claim of provable security, the protocol is in fact insecure in the presence of an active adversary. We demonstrate this by presenting an attack that completely compromises the authentication mechanism of the protocol. Consequently, the proof of security for the protocol is invalidated.
2004
EPRINT
Provably-Secure and Communication-Efficient Scheme for Dynamic Group Key Exchange
Group key agreement protocols are designed to solve the fundamental problem of securely establishing a session key among a group of parties communicating over a public channel. Although a number of protocols have been proposed to solve this problem over the years, they are not well suited for a high-delay wide area network; their communication overhead is significant in terms of the number of communication rounds or the number of exchanged messages, both of which are recognized as the dominant factors that slow down group key agreement over a networking environment with high communication latency. In this paper we present a communication-efficient group key agreement protocol and prove its security in the random oracle model under the factoring assumption. The proposed protocol provides perfect forward secrecy and requires only a constant number of communication rounds for any of group rekeying operations, while achieving optimal message complexity.
2004
EPRINT
DDH-based Group Key Agreement in a Mobile Environment
A group key agreement protocol is designed to efficiently implement secure multicast channels for a group of parties communicating over an untrusted, open network by allowing them to agree on a common secret key. In the past decade many problems related to group key agreement have been tackled and solved (diminished if not solved), and recently some constant-round protocols have been proven secure in concrete, realistic setting. However, all forward-secure protocols so far are still too expensive for small mobile devices. In this paper we propose a new constant-round protocol well suited for a mobile environment and prove its security under the Decisional Diffie-Hellman assumption. The protocol meets simplicity, efficiency, and all the desired security properties.
2004
EPRINT
Attacks on Bresson-Chevassut-Essiari-Pointcheval's Group Key Agreement Scheme for Low-Power Mobile Devices
Junghyun Nam Seungjoo Kim Dongho Won
In this paper, we show that Bresson-Chevassut-Essiari-Pointcheval's group key agreement scheme does not meet the main security properties: implicit key authentication, forward secrecy, and known key security. Also, we propose an improved version which fixes the security flaws found in the scheme.
2004
EPRINT
A Weakness in Jung-Paeng-Kim's ID-based Conference Key Distribution Scheme
Junghyun Nam Seungjoo Kim Dongho Won
Very recently, Jung, Paeng and Kim [IEEE Communications Letters, Vol 8, No 7, pp 446--448, July 2004] have demonstrated the insecurity of Xu and Tilborg's ID-based conference key distribution scheme, and in addition, have revised the scheme to fix the security flaws discovered by them. However, in this paper, we show that Jung-Paeng-Kim's revised scheme is still insecure since it is vulnerable to an active attack of colluding adversaries. We also show that our attack can be easily thwarted by a simple patch.
2004
EPRINT
Secure Group Communications over Combined Wired/Wireless Networks
This paper considers the fundamental problem of key agreement among a group of parties communicating over an insecure public network. Over the years, a number of solutions to this problem have been proposed with varying degrees of complexity. However, there seems to have been no previous systematic look at the growing problem of key agreement over combined wired/wireless networks, consisting of both high-performance computing machines and low-power mobile devices. In this paper we present an efficient group key agreement scheme well suited for this networking environment. Our construction is intuitively simple, and yet offers a scalable solution to the problem.
2004
EPRINT
A weakness in Sun-Chen-Hwang's three-party key agreement protocols using passwords
Junghyun Nam Seungjoo Kim Dongho Won
Recently, Sun, Chen and Hwang [J. Syst. Software, 75 (2005), 63-68] have proposed two new three-party protocols, one for password-based authenticated key agreement and one for verifier-based authenticated key agreement. In this paper, we show that both of Sun-Chen-Hwang's protocols are insecure against an active adversary who can intercept messages, start multiple sessions of a protocol, or otherwise control the communication in the network. Also, we present a simple solution to the security problem with the protocols.