KR20160113477A - System and method for encryption and decription - Google Patents
System and method for encryption and decription Download PDFInfo
- Publication number
- KR20160113477A KR20160113477A KR1020150039143A KR20150039143A KR20160113477A KR 20160113477 A KR20160113477 A KR 20160113477A KR 1020150039143 A KR1020150039143 A KR 1020150039143A KR 20150039143 A KR20150039143 A KR 20150039143A KR 20160113477 A KR20160113477 A KR 20160113477A
- Authority
- KR
- South Korea
- Prior art keywords
- terminal
- key
- password
- secret key
- authentication server
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
The present invention relates to a security technique using encryption using a secret key, and more particularly, to a security technique for generating a secret key based on a password.
A password-based key derivation function (PBKDF) is a function that generates a block cryptographic secret key based on a password. PBKDF prevents the attacker from obtaining any information about the password from the derived key. Also, it has a function to prevent "weak key" from being generated when creating a secret key directly with a password.
The key derivation function derives the secret key according to the derived secret key, password, salt salt, and interation. At this time, the password salt and the number of repetitions are stored in an unencrypted form. A password salt is an additional input of a one-way function, which provides an attacker's inability to make a one-way function output in advance. The number of repetitions also has the effect of making the operation take a long time when an attacker attacks offline.
An offline dictionary attack is an advanced form of attack rather than a brute force attack that attacks all possible cases to find a secret key or password. An offline dictionary attack is an attack method in which an attacker holds a list of possible passwords in advance, and attacks the list using the list.
Even if the above-mentioned key derivation function is protected according to the number of repetitions, it is possible to attack within a short time if attacked by a special computer which arranges a plurality of processors in parallel. Therefore, if the attacker seizes the private key encrypted with the secret key, the attacker can acquire the private key through the offline dictionary attack.
SUMMARY OF THE INVENTION The present invention provides an encryption and decryption system and method for preventing an offline dictionary attack by preventing an attacker from performing a key derivation function in a short time by adding an online authentication process of a server in a key derivation function process will be.
According to an aspect of the present invention, a first secret key is generated through a password-based secret key derivation function for an exclusive OR of a first random value and a password, a first cipher text is generated according to the first secret key, A terminal for generating a second secret key using the password-based secret key derivation function for an exclusive OR of the random value and the password, and encrypting the private key through the second secret key; And an authentication server for receiving and storing the ciphertext from the terminal, wherein the terminal regenerates the first secret key according to the password and the first random value to decrypt the private key, Transmits a second cipher text according to a secret key to the authentication server, and when the first cipher text and the second cipher text are identical, the authentication server transmits a response value corresponding to the second random value to the terminal, The terminal generates a third secret key according to the response value, and decrypts the private key according to the third secret key.
As described above, according to the embodiment of the present invention, an attacker can not perform a large number of key derivation functions in a short time, thereby making an offline dictionary attack impossible.
1 is a block diagram illustrating an encryption / decryption system according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a process of encrypting a private key by an encryption / decryption system according to an embodiment of the present invention; FIG.
3 is a flowchart illustrating a process of decrypting a private key by an encryption / decryption system according to an embodiment of the present invention.
4 is a block diagram illustrating a computer system in which an encryption and decryption system terminal and an authentication server according to an exemplary embodiment of the present invention are implemented.
While the present invention has been described in connection with certain exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and similarities. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
Also, in this specification, when an element is referred to as " transmitting " a signal to another element, the element can be directly connected to the other element to transmit a signal, It should be understood that the signal may be transmitted by mediating another component in the middle.
1 is a block diagram illustrating an encryption / decryption system according to an embodiment of the present invention.
Referring to FIG. 1, the encryption / decryption system includes a
The UE 110 generates a first random value and a second random value, and generates a first synchronization value and a second synchronization value corresponding to the first random value. In this case, the first random value and the second random value may be 32-bit values randomly generated according to the synchronized time between the
In addition, the
The
The
The
When an event requesting decryption of a private key is generated (for example, input of a user requesting decryption of a private key through a specific application), the
When the
Also, the
The
The UE 110 generates a third secret key by applying a password-based secret key derivation function to the exclusive OR of the first random value and the response value of the password. The
The
The
When the
Accordingly, the
In the offline dictionary attack, since the
Also, the
FIG. 2 is a flowchart illustrating a process of encrypting a private key by the encryption / decryption system according to an embodiment of the present invention. Referring to FIG.
Referring to FIG. 2, in
In
In
In
In
In
In
In
FIG. 3 is a flowchart illustrating a process of decrypting a private key of the encryption / decryption system according to an embodiment of the present invention.
In step 310, when an event requesting decryption of the private key (for example, input of a user requesting decryption of a private key through a specific application) occurs, the terminal 110 transmits a signal requesting a second synchronization value To the authentication server (120).
In step 320, when the
In step 330, the authentication server determines whether the number of requests exceeds a preset threshold value.
If the number of requests in step 330 is less than or equal to a preset threshold value, the
If the number of requests exceeds a preset threshold value in step 330, the
In operation 340, when the terminal 110 receives the second synchronization value from the
In step 350, the terminal 110 generates a cipher text in which the second synchronization value is encrypted according to the first secret key, and transmits the cipher text to the
In step 360, when the
If the cipher text received from the terminal 110 in step 370 is identical to the previously stored cipher text, the
In step 380, the
In step 390, the terminal 110 decrypts the encrypted private key according to the third secret key.
The terminal 110 and the
4 is a diagram illustrating a computer system in which the terminal and the authentication server of the encryption / decryption system according to an embodiment of the present invention are implemented.
Embodiments in accordance with the present invention may be embodied in a computer system, for example, a computer readable recording medium. 4, the
The present invention has been described above with reference to the embodiments thereof. Many embodiments other than the above-described embodiments are within the scope of the claims of the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. The disclosed embodiments should, therefore, be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.
Claims (1)
An authentication server for receiving and storing the ciphertext from the terminal;
, ≪ / RTI &
The terminal regenerates the first secret key according to the password and the first random value to decrypt the private key, transmits a second ciphertext according to the first secret key to the authentication server,
Wherein the authentication server transmits a response value corresponding to the second random value to the terminal if the first cipher text and the second cipher text are identical,
The terminal generates a third secret key according to the response value, and decrypts the private key according to the third secret key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150039143A KR20160113477A (en) | 2015-03-20 | 2015-03-20 | System and method for encryption and decription |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150039143A KR20160113477A (en) | 2015-03-20 | 2015-03-20 | System and method for encryption and decription |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20160113477A true KR20160113477A (en) | 2016-09-29 |
Family
ID=57073653
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150039143A KR20160113477A (en) | 2015-03-20 | 2015-03-20 | System and method for encryption and decription |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20160113477A (en) |
-
2015
- 2015-03-20 KR KR1020150039143A patent/KR20160113477A/en unknown
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10810315B2 (en) | Enabling access to data | |
US9992017B2 (en) | Encrypting and storing data | |
US9485096B2 (en) | Encryption / decryption of data with non-persistent, non-shared passkey | |
US20160119291A1 (en) | Secure communication channel with token renewal mechanism | |
CN110059458B (en) | User password encryption authentication method, device and system | |
KR101747888B1 (en) | Method for generating an encryption/ decryption key | |
CN108111497B (en) | Mutual authentication method and device for camera and server | |
EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
US9130744B1 (en) | Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary | |
CN107453880B (en) | Cloud data secure storage method and system | |
EP2538366B1 (en) | Generating secure device secret key | |
WO2016188353A1 (en) | Network monitoring device and method, apparatus and system for resetting password thereof, and server | |
CN105959648B (en) | A kind of encryption method, device and video monitoring system | |
CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
CN115314313A (en) | Information encryption method and device, storage medium and computer equipment | |
CN114499837A (en) | Method, device, system and equipment for preventing leakage of message | |
CN111740995A (en) | Authorization authentication method and related device | |
CN110912857A (en) | Method and storage medium for sharing login between mobile applications | |
KR101595056B1 (en) | System and method for data sharing of intercloud enviroment | |
KR20160113477A (en) | System and method for encryption and decription | |
CN114172664B (en) | Data encryption and data decryption methods and devices, electronic equipment and storage medium | |
JP6404958B2 (en) | Authentication system, method, program, and server | |
US9847984B2 (en) | System for efficient generation and distribution of challenge-response pairs | |
Chang et al. | Comments on Chaotic Maps-Based Password-Authenticated Key Agreement Using Smart Cards |