KR20160113477A - System and method for encryption and decription - Google Patents

System and method for encryption and decription Download PDF

Info

Publication number
KR20160113477A
KR20160113477A KR1020150039143A KR20150039143A KR20160113477A KR 20160113477 A KR20160113477 A KR 20160113477A KR 1020150039143 A KR1020150039143 A KR 1020150039143A KR 20150039143 A KR20150039143 A KR 20150039143A KR 20160113477 A KR20160113477 A KR 20160113477A
Authority
KR
South Korea
Prior art keywords
terminal
key
password
secret key
authentication server
Prior art date
Application number
KR1020150039143A
Other languages
Korean (ko)
Inventor
김태성
최두호
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020150039143A priority Critical patent/KR20160113477A/en
Publication of KR20160113477A publication Critical patent/KR20160113477A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates a system and method for encryption and decryption, in which an online authentication process performed by a server is added to a process using a key-derived function, and thus an attacker is prevented from rapidly performing a number of key-derived functions, thereby making an offline dictionary attack impossible. The system for encryption and decryption comprises: a terminal which generates a first private key by using a password-based key-derived function for an exclusive OR of a first random value and a password, generates a first cryptogram based on the first private key, generates a second private key by using the password-based key-derived function for an exclusive OR of a second random value and the password, and encrypts a personal key by using the second private key; and an authentication server which receives the first cryptogram from the terminal, and stores the first cryptogram. The terminal regenerates the first private key generated based on the password and the first random value in order to decrypt the personal key and transmits a second cryptogram based on the first private key to the authentication server. The authentication server transmits a response value corresponding to the second random value to the terminal when the first and second cryptograms are identical to each other. The terminal generates a third private key based on the response value and decrypts the personal key based on the third private key.

Description

[0001] SYSTEM AND METHOD FOR ENCRYPTION AND DECRIPTION [0002]

The present invention relates to a security technique using encryption using a secret key, and more particularly, to a security technique for generating a secret key based on a password.

A password-based key derivation function (PBKDF) is a function that generates a block cryptographic secret key based on a password. PBKDF prevents the attacker from obtaining any information about the password from the derived key. Also, it has a function to prevent "weak key" from being generated when creating a secret key directly with a password.

The key derivation function derives the secret key according to the derived secret key, password, salt salt, and interation. At this time, the password salt and the number of repetitions are stored in an unencrypted form. A password salt is an additional input of a one-way function, which provides an attacker's inability to make a one-way function output in advance. The number of repetitions also has the effect of making the operation take a long time when an attacker attacks offline.

An offline dictionary attack is an advanced form of attack rather than a brute force attack that attacks all possible cases to find a secret key or password. An offline dictionary attack is an attack method in which an attacker holds a list of possible passwords in advance, and attacks the list using the list.

Even if the above-mentioned key derivation function is protected according to the number of repetitions, it is possible to attack within a short time if attacked by a special computer which arranges a plurality of processors in parallel. Therefore, if the attacker seizes the private key encrypted with the secret key, the attacker can acquire the private key through the offline dictionary attack.

SUMMARY OF THE INVENTION The present invention provides an encryption and decryption system and method for preventing an offline dictionary attack by preventing an attacker from performing a key derivation function in a short time by adding an online authentication process of a server in a key derivation function process will be.

According to an aspect of the present invention, a first secret key is generated through a password-based secret key derivation function for an exclusive OR of a first random value and a password, a first cipher text is generated according to the first secret key, A terminal for generating a second secret key using the password-based secret key derivation function for an exclusive OR of the random value and the password, and encrypting the private key through the second secret key; And an authentication server for receiving and storing the ciphertext from the terminal, wherein the terminal regenerates the first secret key according to the password and the first random value to decrypt the private key, Transmits a second cipher text according to a secret key to the authentication server, and when the first cipher text and the second cipher text are identical, the authentication server transmits a response value corresponding to the second random value to the terminal, The terminal generates a third secret key according to the response value, and decrypts the private key according to the third secret key.

As described above, according to the embodiment of the present invention, an attacker can not perform a large number of key derivation functions in a short time, thereby making an offline dictionary attack impossible.

1 is a block diagram illustrating an encryption / decryption system according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a process of encrypting a private key by an encryption / decryption system according to an embodiment of the present invention; FIG.
3 is a flowchart illustrating a process of decrypting a private key by an encryption / decryption system according to an embodiment of the present invention.
4 is a block diagram illustrating a computer system in which an encryption and decryption system terminal and an authentication server according to an exemplary embodiment of the present invention are implemented.

While the present invention has been described in connection with certain exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and similarities. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

Also, in this specification, when an element is referred to as " transmitting " a signal to another element, the element can be directly connected to the other element to transmit a signal, It should be understood that the signal may be transmitted by mediating another component in the middle.

1 is a block diagram illustrating an encryption / decryption system according to an embodiment of the present invention.

Referring to FIG. 1, the encryption / decryption system includes a terminal 110 and an authentication server 120.

The UE 110 generates a first random value and a second random value, and generates a first synchronization value and a second synchronization value corresponding to the first random value. In this case, the first random value and the second random value may be 32-bit values randomly generated according to the synchronized time between the terminal 110 and the authentication server 120. For example, the UE 110 may generate a first synchronization value and a second synchronization value such that the XOR of the first synchronization value and the second synchronization value is a first random value.

In addition, the terminal 110 generates a third synchronization value corresponding to the first random value. For example, the terminal 110 may generate a third synchronization value such that the exclusive OR of the first synchronization value, the second synchronization value, and the third synchronization value is a second random value.

The terminal 110 generates a first secret key by applying a password based key derivation function (PBKDF) to the exclusive OR of the password and the first random value. The terminal 110 encrypts the second synchronization value using the first secret key to generate a cipher text. At this time, the terminal 110 can delete the first secret key after generating the ciphertext.

The terminal 110 generates a second secret key by applying a password-based secret key derivation function to the exclusive OR of the password and the second random value, and encrypts the private key using the second secret key. At this time, the terminal can delete the second secret key after the encryption process of the private key.

The terminal 110 transmits the second synchronization value, the ciphertext, and the third synchronization value to the authentication server 120 through the communication network. Then, the terminal 110 deletes the second synchronization value, the cipher text, and the third synchronization value.

When an event requesting decryption of a private key is generated (for example, input of a user requesting decryption of a private key through a specific application), the terminal 110 transmits a synchronization value And sends the request to the authentication server 120.

When the terminal 110 receives the second synchronization value from the authentication server 120, the terminal 110 generates a first secret key according to an exclusive OR of the password and the second random value.

Also, the terminal 110 generates a cipher text in which the second synchronization value is encrypted according to the first secret key, and transmits the cipher text to the authentication server 120.

The terminal 110 receives a response value from the authentication server 120. At this time, the response value may include a random value different from the above-described third synchronization value or the third synchronization value.

The UE 110 generates a third secret key by applying a password-based secret key derivation function to the exclusive OR of the first random value and the response value of the password. The terminal 110 decrypts the encrypted private key according to the third secret key.

The authentication server 120 is connected to the terminal 110 through a communication network and stores a second synchronization value, a cipher text, and a third synchronization value received from the terminal 110. When the authentication server 120 receives the synchronization value request from the terminal 110, the authentication server 120 increments the number of requests corresponding to the terminal 110 by one. At this time, the authentication server 120 may store the number of requests for each terminal 110, and initialize the number of requests to zero at predetermined intervals.

The authentication server 120 transmits the second synchronization value to the terminal 110 when the number of requests is equal to or less than a preset threshold value. Or the authentication server 120 does not perform the transmission of the second synchronization value if the number of requests is greater than the threshold value.

When the authentication server 120 receives a ciphertext from the terminal 110, the authentication server 120 checks whether the ciphertext received from the terminal 110 is identical to the previously stored ciphertext. If the cipher text received from the terminal 110 is identical to the previously stored cipher text, the authentication server 120 transmits a response value including the third synchronization value to the terminal 110. Or if the cipher text received from the terminal 110 is the same as the previously stored cipher text, the authentication server 120 transmits a response value including a random value different from the third synchronization value to the terminal 110.

Accordingly, the terminal 110 can receive the response value including the third synchronization value to the authentication server 120 only when the terminal 110 generates the cipher text through the correct password. Accordingly, the terminal 110 can normally decrypt the private key by generating a correct third secret key (a third secret key identical to the second secret key) only when the terminal 110 receives the response value including the third synchronization value .

In the offline dictionary attack, since the terminal 110 generates the cipher text through the wrong password, the terminal 110 generates the third secret key according to the response value including the erroneous random value, A third secret key is generated. Therefore, the terminal 110 performing the decryption process according to the offline dictionary attack can not obtain a normal private key. If the offline dictionary attack fails to acquire the normal private key, the decryption process is retried. Since the authentication server 120 provides the second synchronization value to the terminal 110 only when the number of requests is less than or equal to the threshold value, the terminal 110 does not perform a decryption process according to the offline dictionary attack, The offline dictionary attack can not be continued because of the offline dictionary 120.

Also, the authentication server 120 can not derive the second secret key itself because it does not store the password and the second random value for generating the second secret key that the terminal 110 generates. Therefore, the encryption / decryption system according to the embodiment of the present invention can not decrypt the private key even if the hacking of the terminal 110 or the authentication server 120 is successful, so that only the individual user can decrypt the private key .

FIG. 2 is a flowchart illustrating a process of encrypting a private key by the encryption / decryption system according to an embodiment of the present invention. Referring to FIG.

Referring to FIG. 2, in step 210, the terminal 110 generates a first random value and a second random value. In this case, the first random value and the second random value may be 32-bit values randomly generated according to the synchronized time between the terminal 110 and the authentication server 120.

In step 220, the terminal 110 generates a first synchronization value and a second synchronization value corresponding to the first random value. For example, the UE 110 may generate a first synchronization value and a second synchronization value such that the XOR of the first synchronization value and the second synchronization value is a first random value.

In step 230, the terminal 110 generates a third synchronization value corresponding to the first random value. For example, the terminal 110 may generate a third synchronization value such that the exclusive OR of the first synchronization value, the second synchronization value, and the third synchronization value is a second random value.

In step 240, the UE 110 generates a first secret key by applying a password based key derivation function (PBKDF) to the exclusive OR of the password and the first random value.

In step 250, the terminal 110 encrypts the second synchronization value using the first secret key to generate a cipher text. At this time, the terminal 110 can delete the first secret key after generating the ciphertext.

In step 260, the UE 110 generates a second secret key by applying a password-based secret key derivation function to the exclusive OR of the password and the second random value, and encrypts the private key using the second secret key. At this time, the terminal can delete the second secret key after the encryption process of the private key.

In step 270, the terminal 110 transmits the second synchronization value, the cipher text, and the third synchronization value to the authentication server 120 through the communication network.

In step 280, the terminal 110 deletes the second synchronization value, the ciphertext, and the third synchronization value. Accordingly, the terminal 110 may store only the first synchronization value and the encrypted private key.

FIG. 3 is a flowchart illustrating a process of decrypting a private key of the encryption / decryption system according to an embodiment of the present invention.

In step 310, when an event requesting decryption of the private key (for example, input of a user requesting decryption of a private key through a specific application) occurs, the terminal 110 transmits a signal requesting a second synchronization value To the authentication server (120).

In step 320, when the authentication server 120 receives the synchronization value request from the terminal 110, the authentication server 120 increments the number of requests corresponding to the terminal 110 by one. At this time, the authentication server 120 may store the number of requests for each terminal 110, and initialize the number of requests to zero at predetermined intervals.

In step 330, the authentication server determines whether the number of requests exceeds a preset threshold value.

If the number of requests in step 330 is less than or equal to a preset threshold value, the authentication server 120 transmits the second synchronization value to the terminal 110 in step 335.

If the number of requests exceeds a preset threshold value in step 330, the authentication server 120 ends the decryption of the private key.

In operation 340, when the terminal 110 receives the second synchronization value from the authentication server 120, the terminal 110 generates a first secret key according to an exclusive OR of the password and the second random value.

In step 350, the terminal 110 generates a cipher text in which the second synchronization value is encrypted according to the first secret key, and transmits the cipher text to the authentication server 120.

In step 360, when the authentication server 120 receives the ciphertext from the terminal 110, the authentication server 120 determines whether the ciphertext received from the terminal 110 is the same as the previously stored ciphertext.

If the cipher text received from the terminal 110 in step 370 is identical to the previously stored cipher text, the authentication server 120 transmits a response value including the third synchronization value to the terminal 110. Or if the cipher text received from the terminal 110 is the same as the previously stored cipher text, the authentication server 120 transmits a response value including a random value different from the third synchronization value to the terminal 110.

In step 380, the UE 110 generates a third secret key by applying a password-based secret key derivation function to the exclusive OR of the first random value and the response value of the password.

In step 390, the terminal 110 decrypts the encrypted private key according to the third secret key.

The terminal 110 and the authentication server 120 of the encryption / decryption system according to an embodiment of the present invention may be implemented as a computer system.

4 is a diagram illustrating a computer system in which the terminal and the authentication server of the encryption / decryption system according to an embodiment of the present invention are implemented.

Embodiments in accordance with the present invention may be embodied in a computer system, for example, a computer readable recording medium. 4, the computer system 400 may include one or more processors 410, a memory 420, a storage 430, a user interface input 440, and a user interface output 450, Elements, which may communicate with each other via bus 460. [ In addition, the computer system 400 may also include a network interface 470 for connecting to a network. Processor 410 may be a CPU or a semiconductor device that executes memory 420 and / or processing instructions stored in storage 430. Memory 420 and storage 430 may include various types of volatile / non-volatile storage media. For example, the memory may include ROM 424 and RAM 425.

The present invention has been described above with reference to the embodiments thereof. Many embodiments other than the above-described embodiments are within the scope of the claims of the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. The disclosed embodiments should, therefore, be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.

Claims (1)

Generating a first secret key by exclusive ORing a first random value and a password with a password based secret key derivation function, generating a first cipher text according to the first secret key, A terminal for generating a second secret key through the password-based secret key derivation function and encrypting the private key through the second secret key; And
An authentication server for receiving and storing the ciphertext from the terminal;
, ≪ / RTI &
The terminal regenerates the first secret key according to the password and the first random value to decrypt the private key, transmits a second ciphertext according to the first secret key to the authentication server,
Wherein the authentication server transmits a response value corresponding to the second random value to the terminal if the first cipher text and the second cipher text are identical,
The terminal generates a third secret key according to the response value, and decrypts the private key according to the third secret key.
KR1020150039143A 2015-03-20 2015-03-20 System and method for encryption and decription KR20160113477A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150039143A KR20160113477A (en) 2015-03-20 2015-03-20 System and method for encryption and decription

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150039143A KR20160113477A (en) 2015-03-20 2015-03-20 System and method for encryption and decription

Publications (1)

Publication Number Publication Date
KR20160113477A true KR20160113477A (en) 2016-09-29

Family

ID=57073653

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150039143A KR20160113477A (en) 2015-03-20 2015-03-20 System and method for encryption and decription

Country Status (1)

Country Link
KR (1) KR20160113477A (en)

Similar Documents

Publication Publication Date Title
US10810315B2 (en) Enabling access to data
US9992017B2 (en) Encrypting and storing data
US9485096B2 (en) Encryption / decryption of data with non-persistent, non-shared passkey
US20160119291A1 (en) Secure communication channel with token renewal mechanism
CN110059458B (en) User password encryption authentication method, device and system
KR101747888B1 (en) Method for generating an encryption/ decryption key
CN108111497B (en) Mutual authentication method and device for camera and server
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
CN107453880B (en) Cloud data secure storage method and system
EP2538366B1 (en) Generating secure device secret key
WO2016188353A1 (en) Network monitoring device and method, apparatus and system for resetting password thereof, and server
CN105959648B (en) A kind of encryption method, device and video monitoring system
CN110868291B (en) Data encryption transmission method, device, system and storage medium
CN115314313A (en) Information encryption method and device, storage medium and computer equipment
CN114499837A (en) Method, device, system and equipment for preventing leakage of message
CN111740995A (en) Authorization authentication method and related device
CN110912857A (en) Method and storage medium for sharing login between mobile applications
KR101595056B1 (en) System and method for data sharing of intercloud enviroment
KR20160113477A (en) System and method for encryption and decription
CN114172664B (en) Data encryption and data decryption methods and devices, electronic equipment and storage medium
JP6404958B2 (en) Authentication system, method, program, and server
US9847984B2 (en) System for efficient generation and distribution of challenge-response pairs
Chang et al. Comments on Chaotic Maps-Based Password-Authenticated Key Agreement Using Smart Cards