KR101739203B1 - Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption - Google Patents

Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption Download PDF

Info

Publication number
KR101739203B1
KR101739203B1 KR1020150155350A KR20150155350A KR101739203B1 KR 101739203 B1 KR101739203 B1 KR 101739203B1 KR 1020150155350 A KR1020150155350 A KR 1020150155350A KR 20150155350 A KR20150155350 A KR 20150155350A KR 101739203 B1 KR101739203 B1 KR 101739203B1
Authority
KR
South Korea
Prior art keywords
password
signature
user authentication
remote server
result
Prior art date
Application number
KR1020150155350A
Other languages
Korean (ko)
Other versions
KR20170053063A (en
Inventor
이문규
임종혁
Original Assignee
인하대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 인하대학교 산학협력단 filed Critical 인하대학교 산학협력단
Priority to KR1020150155350A priority Critical patent/KR101739203B1/en
Publication of KR20170053063A publication Critical patent/KR20170053063A/en
Application granted granted Critical
Publication of KR101739203B1 publication Critical patent/KR101739203B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

According to an embodiment of the present invention, there is provided a method of authenticating a user, comprising: registering a first cipher text generated by performing a first encryption upon input of an ID and a first password to a remote server together with the ID; Inputting an ID and a second password from a user; Generating a hash value by hashing a second password input by the user into a hash function; Encrypting the hash value of the second password using the same type encryption method to generate a second cipher text for the second password; Transmitting the ID and the second ciphertext to the remote server and receiving an operation result between the first ciphertext and the second ciphertext from the remote server; Performing decoding using the same type of encryption key on the result of the calculation; And processing the user authentication using the ID based on the result of performing the decryption.

Description

Technical Field [0001] The present invention relates to a password-based user authentication method using a one-time private key based electronic signature and an isochronous password,

The following description relates to a method and apparatus for performing password-based user authentication using homogeneous cryptography and disposable private key-based digital signatures.

User authentication is a series of procedures that allow a user to confirm access rights and access when a user attempts to access a specific system such as a computer, a web server, or a smart phone. Knowledge base authentication using passwords and personal identification numbers, biometric authentication using body information, and proprietary authentication using hardware (card, dongle, etc.) are mainly used, and password authentication is widely used. In password-based authentication, a user enters his or her ID and password to perform user registration, and the system stores a pair of user identification information (ID and password) in a specific system file. Thereafter, the user having the corresponding ID compares the password inputted when the user attempts to authenticate (login) with the stored password, and allows access to the system if they match.

However, if a system file storing user IDs and passwords is leaked due to an attack on the system, all users' passwords are exposed. Therefore, generally, passwords are stored in a hashed state through a cryptographic hash function, The hash value of the input password is compared with the stored value. In other words,

Figure 112015107966469-pat00001
ID of
Figure 112015107966469-pat00002
, Password
Figure 112015107966469-pat00003
And the value
Figure 112015107966469-pat00004
To
Figure 112015107966469-pat00005
Unidirectional cryptographic hash function
Figure 112015107966469-pat00006
Operation of
Figure 112015107966469-pat00007
, The system registers the user identification information pair
Figure 112015107966469-pat00008
/ RTI > Then,
Figure 112015107966469-pat00009
When a user attempts to authenticate (login), the system enters the password
Figure 112015107966469-pat00010
About
Figure 112015107966469-pat00011
And if so, access is allowed. At this time,
Figure 112015107966469-pat00012
Is a one-way function
Figure 112015107966469-pat00013
Is selected to have sufficient entropy, an attack on the system
Figure 112015107966469-pat00014
Even if the air-
Figure 112015107966469-pat00015
From the value
Figure 112015107966469-pat00016
It is impossible to restore. However, in general, the passwords selected by users are statistically not uniformly distributed, such as '1234' or 'password'. This allows a dictionary attack to be performed, which allows an attacker to pre-compute a hash value for a password that is known to be selected by a large number of users, store the dictionary in a dictionary form, It is an attack to infer the user's original password in such a way that the value is compared with the pre-contained hash value.

To prevent this, you should use a method such as to make the hash value more resistant to dictionary attacks or more securely managing the file where the password is stored. In the case of the former,

Figure 112015107966469-pat00017
To add a hash is often used,
Figure 112015107966469-pat00018
And stores the password entered at the time of authentication (login)
Figure 112015107966469-pat00019
About
Figure 112015107966469-pat00020
Is established. At this time, the attacker can use the
Figure 112015107966469-pat00021
The value of the attacker's attack complexity is somewhat increased because the value must be considered. However, this method does not fundamentally solve the problem of password-based authentication. In the latter case, the user ID, password pair,
Figure 112015107966469-pat00022
And storing the hash value on the remote server. In this case, a strong assumption is made that the remote server must be trusted. This is because a remote server is usually more secure than an external attack than a local system, but it can not rule out the possibility of attacking to retrieve useful information for analyzing user identification information provided by multiple users on a remote server to infer the original value to be.

To solve this problem, a method of encrypting a value stored in a server can be considered. A technique such as Homomorphic Encryption can be used because of the characteristic of performing authentication with a cipher text state. However, because the same password can not verify the encrypted authentication result, the local system must verify the result. If the local system is hijacked, there is a possibility that information that can be used for attack exists. Therefore, a method of ensuring the security of the isomorphic password in the comparison process of authenticating the password should be used.

A problem to be solved by the present invention is a password-based user authentication method and system using the homogeneous encryption technique and the disposable private key-based digital signature.

According to one embodiment, a method of authenticating a user includes: registering a first cipher text generated by performing a first encryption upon input of an ID and a first password, with a remote server together with the ID; Inputting the ID and a second password from a user; Generating a hash value by hashing a second password input by the user into a hash function; Encrypting the hash value of the second password using the same type encryption method to generate a second cipher text for the second password; Transmitting the ID and the second ciphertext to the remote server and receiving an operation result between the first ciphertext and the second ciphertext from the remote server; Performing decoding using the same type of encryption key on the result of the calculation; And processing the user authentication using the ID based on the result of performing the decryption.

According to one aspect of the present invention, the step of processing the user authentication using the ID based on the result of performing the decryption includes generating a signature based on the signature generation operation of the signer having the private key for signing, The step of discarding the private key, determining the validity of the signature information through signature verification of the signer's public key and the generated signature, and performing digital signature based on the private key such that the signature can not be recalculated .

According to another aspect of the present invention, the step of processing the user authentication using the ID based on the result of performing the decryption includes a step of performing signature verification through a result of performing the decryption and a signature verification operation from the public key of the signer . ≪ / RTI >

According to another aspect of the present invention, the step of processing the user authentication using the ID based on the result of performing the decryption includes allowing the login of the ID when the signature verification is successful, and when the signature verification is unsuccessful , And refusing to log in the ID.

According to another aspect of the present invention, the step of registering the first ciphertext generated by performing the first ciphertext according to the input of the ID and the first ciphertext to the remote server together with the ciphertext includes: Generating a key pair including a public key and a disposable private key, and determining signature information; Generating a hash value of the first password by hashing the first password according to the input of the ID and the first password from the user; Generating a signature based on the signature generation operation to obtain a signature value, and discarding the disposable private key; Performing an exclusive-OR operation on each of the bits of the hash value and the signature value to generate an exclusive-OR operation result; Generating a first ciphertext by encrypting the exclusive OR operation result using the same encryption method; And transmitting the ID and the first cipher text to the remote server and registering the ID and the first cipher text on the remote server.

According to another aspect of the present invention, the step of transmitting the ID and the first ciphertext to the remote server and registering the ID and the first ciphertext on the remote server includes storing the same encryption key, a public key for verifying the signature of the digital signature, . ≪ / RTI >

According to one embodiment, at least one program is loaded; And at least one processor configured to generate a key pair comprising a homogenous encryption key and a public key for a digital signature and a disposable private key under control of the program, process; Generating a hash value of the first password by hashing the first password according to the input of the ID and the first password; Generating a signature based on the signature generation operation to obtain a signature value, and discarding the disposable private key; Generating an exclusive-OR operation result by performing an exclusive-OR operation on the hash value and the signature value for each bit; Generating a first ciphertext by encrypting the result of the exclusive-OR operation using the same encryption method; Transmitting the ID and the first cipher text to a remote server and registering the ID and the first cipher text on the remote server; Inputting the ID and the second password from a user; Generating a hash value by hashing a second password input by the user into a hash function; Generating a second cipher text for the second password by encrypting the hash value of the second password using the same type encryption method; Transmitting the ID and the second ciphertext to the remote server and receiving an operation result between the first ciphertext and the second ciphertext from the remote server; Performing a decryption process on the result of the calculation using the same encryption key; And processing the user authentication using the ID based on the result of performing the decryption.

The user authentication system according to the embodiment stores the hash value of the password and the digital signature value in the remote server as the result of the exclusive OR operation, so that the password information can not be known, and only the encrypted comparison service is provided .

The user authentication system according to an embodiment can block an attack that restores a password through additional operation from a hacker even when the local system is hijacked.

1 is a diagram for explaining a network environment of a user authentication system according to an embodiment.
2 is a block diagram illustrating a configuration of a user authentication system according to an embodiment.
3 is a flowchart illustrating a user registration process of the user authentication system according to an exemplary embodiment of the present invention.
4 is a flowchart illustrating a user authentication process of the user authentication system according to an embodiment of the present invention.

Hereinafter, embodiments will be described in detail with reference to the accompanying drawings.

Homomorphic encryption is a plaintext,

Figure 112015107966469-pat00023
and
Figure 112015107966469-pat00024
If you apply an arithmetic operation *
Figure 112015107966469-pat00025
Encryption method satisfying
Figure 112015107966469-pat00026
. If this operation is addition (multiplication), the encryption method
Figure 112015107966469-pat00027
Is called a homogeneous form for addition (multiplication). Also, the same type of encryption for both addition and multiplication is called fully homomorphic encryption. Accordingly, in the following description,
Figure 112015107966469-pat00028
Plain text of
Figure 112015107966469-pat00029
, It is considered that addition and multiplication operations between plain texts perform mod 2 after each operation and addition and multiplication between ciphertexts are performed without mod. In other words,
Figure 112015107966469-pat00030
And decoding operation
Figure 112015107966469-pat00031
About
Figure 112015107966469-pat00032
Wow
Figure 112015107966469-pat00033
Is considered. Addition and multiplication for mod 2 on an integer are each exclusive OR (symbol:
Figure 112015107966469-pat00034
) And logical AND (symbol:
Figure 112015107966469-pat00035
) Operation,
Figure 112015107966469-pat00036
Wow

Figure 112015107966469-pat00037
.

One-Time Private Key-Based Digital Signature is a private key for signing

Figure 112015107966469-pat00038
A signatory with
Figure 112015107966469-pat00039
Sign information
Figure 112015107966469-pat00040
A signature generation operation
Figure 112015107966469-pat00041
Through
Figure 112015107966469-pat00042
, ≪ / RTI >
Figure 112015107966469-pat00043
As a method of discarding the signer
Figure 112015107966469-pat00044
Public key of
Figure 112015107966469-pat00045
And signature
Figure 112015107966469-pat00046
Signature verification operation
Figure 112015107966469-pat00047
Signature information through
Figure 112015107966469-pat00048
, And no one can sign
Figure 112015107966469-pat00049
Can not be recalculated. In other words, the private key of the digital signature is generally used only once for signing, unlike the digital signature.

A value having an arbitrary length input bit

Figure 112015107966469-pat00050
To
Figure 112015107966469-pat00051
Output value of bit length
Figure 112015107966469-pat00052
A unidirectional cryptographic hash function
Figure 112015107966469-pat00053
Let's say. Input value
Figure 112015107966469-pat00054
end
Figure 112015107966469-pat00055
When you have a bit length,
Figure 112015107966469-pat00056
And the output value
Figure 112015107966469-pat00057
To
Figure 112015107966469-pat00058
, The hash function
Figure 112015107966469-pat00059
The
Figure 112015107966469-pat00060
It can be said that

The user authentication system according to an exemplary embodiment can perform password-based user authentication using a digital signature based on a disposable private key and the same type of password, and can be configured with two steps of user registration and user authentication.

1 is a diagram for explaining a network environment of a user authentication system according to an embodiment.

Figure 1 shows a local system 100 and a remote server 110. The arrows in FIG. 1 indicate that data can be transmitted and received between the components using the wired / wireless network 120. Local system 100 may execute one or more processes configured to perform one or more of the features described herein. The local system 100 may refer to all terminal devices connectable to the remote server 110 for password management.

The local system 100 may include, for example, a smart phone, a tablet, a wearable computer, a personal computer (PC), a laptop computer, It is not.

Local system 100 may be coupled directly or indirectly to network 120 (e.g., the Internet or a local area network, etc.). For example, the personal computer and the notebook computer may be directly coupled to the network 120 via a wired network connection. The laptop computer may be wirelessly coupled to the network 120 via a wireless communication channel established between the laptop computer and a wireless access point (i.e., WAP). The smartphone may be wirelessly coupled to the network 120 via an established wireless communication channel between the smartphone and the cellular network / bridge. At this time, the network 120 may communicate with one or more secondary networks (not shown), and examples of secondary networks include a local area network, a wide area network, or an intranet ≪ / RTI > Intranet).

The local system 100 may interface with the remote server 110 via the network 120 described above.

Remote server 110 may execute one or more processes configured to perform one or more of the features described herein. The remote server 110 may register the ID and the cipher text transmitted from the local system 100. [ The remote server 110 corresponds to a server computer, and examples of the server computer may include a server computing device, a personal computer, a server computer, a series of server computers, a minicomputer, and / or a mainframe computer But is not limited thereto. The server computer may be a distributed system, and the operations of the server computer may be executed concurrently and / or sequentially on one or more processors.

2 is a block diagram illustrating a configuration of a user authentication system according to an embodiment.

2, the user authentication system 200 according to the present embodiment may include a processor 210, a bus 220, a network interface 230, a memory 240, and a database 250 . The memory 240 may include an operating system 241 and a signature verification routine 242. In other embodiments, the user authentication system 200 may include more components than the components of FIG.

The memory 240 may be a computer-readable recording medium and may include a non-decaying mass storage device such as a random access memory (RAM), a read only memory (ROM), and a disk drive. In addition, the memory 240 may store program code for the operating system 241 and the signature verification routine 242. [ These software components may be loaded from a computer readable recording medium separate from the memory 240 using a drive mechanism (not shown). Such a computer-readable recording medium may include a computer-readable recording medium (not shown) such as a floppy drive, a disk, a tape, a DVD / CD-ROM drive, or a memory card. In other embodiments, the software components may be loaded into the memory 240 via the network interface 230 rather than from a computer readable recording medium.

The bus 220 may enable communication and data transfer between components of the user authentication system 200. [ The bus 220 may be configured using a High-Speed Serial Bus, a Parallel Bus, a Storage Area Network (SAN), and / or any other suitable communication technology.

The network interface 230 may be a computer hardware component for connecting the user authentication system 200 to a computer network. The network interface 230 may connect the user authentication system 200 to a computer network via a wireless or wired connection.

The database 250 stores and maintains the ID and the cipher text. At this time, the database 250 may reside, for example, in each of the local system and the remote server, and may store an ID and a cipher text, and may store the same type of encryption key, a public key for signature verification of the digital signature, .

The processor 210 may be configured to process instructions of a computer program by performing basic arithmetic, logic, and input / output operations of the user authentication system 200. The instructions may be provided by the memory 240 or the network interface 230 and to the processor 210 via the bus 220. The processor 210 may be configured to execute program code for performing one or more of the features described herein. Such program code may be stored in a recording device such as memory 240. [

The user authentication system 200 can perform user registration and user authentication.

First, the user registration process of the user authentication system 200 will be described.

The user authentication system 200 generates a key for the isomorphic password in the local system

Figure 112015107966469-pat00061
And a key pair (public key
Figure 112015107966469-pat00062
, A disposable private key
Figure 112015107966469-pat00063
), And generates signature information
Figure 112015107966469-pat00064
Can be determined.

The user authentication system 200 can receive an ID and a first password PW from a user,

Figure 112015107966469-pat00065
The first password is hashed
Figure 112015107966469-pat00066
Bit result
Figure 112015107966469-pat00067
Lt; / RTI > The user authentication system 200
Figure 112015107966469-pat00068
The signature information
Figure 112015107966469-pat00069
A signature generation operation
Figure 112015107966469-pat00070
To generate a signature
Figure 112015107966469-pat00071
The signature value of the bit
Figure 112015107966469-pat00072
Lt; / RTI >
Figure 112015107966469-pat00073
Can be discarded.

The user authentication system 200

Figure 112015107966469-pat00074
Wow
Figure 112015107966469-pat00075
Bit exclusive OR for each bit (
Figure 112015107966469-pat00076
) Operation
Figure 112015107966469-pat00077
Bit result
Figure 112015107966469-pat00078
Lt; / RTI > The user authentication system (200)
Figure 112015107966469-pat00079
And transmits the cipher text
Figure 112015107966469-pat00080
Lt; / RTI >

In the user authentication system 200,

Figure 112015107966469-pat00081
To the remote server, and the remote server can store the ID and the first ciphertext. At this time,
Figure 112015107966469-pat00082
/ RTI >

Next, the user authentication process of the user authentication system 200 will be described. The user authentication system 200 may be configured to &

Figure 112015107966469-pat00083
', The process of performing user authentication when a user enters a password is as follows.

The user authentication system 200 receives a user ID

Figure 112015107966469-pat00084
And password
Figure 112015107966469-pat00085
Can be input. The user authentication system (200)
Figure 112015107966469-pat00086
By hashing
Figure 112015107966469-pat00087
beat
Figure 112015107966469-pat00088
Lt; / RTI >

The user authentication system (200)

Figure 112015107966469-pat00089
Cipher
Figure 112015107966469-pat00090
Lt; / RTI > The user authentication system is
Figure 112015107966469-pat00091
To a remote server. The user's local system is the identity of the remote server
Figure 112015107966469-pat00092
Stored in the user registration process for
Figure 112015107966469-pat00093
Using
Figure 112015107966469-pat00094
Respectively.
Figure 112015107966469-pat00095
To the local system.

The user authentication system 200 receives ciphertexts received from the local system

Figure 112015107966469-pat00096
) For the same encryption key
Figure 112015107966469-pat00097
Using
Figure 112015107966469-pat00098
And the resultant value
Figure 112015107966469-pat00099
Can be calculated.

The user authentication system 200

Figure 112015107966469-pat00100
and
Figure 112015107966469-pat00101
from
Figure 112015107966469-pat00102
Can be used to perform signature verification, allowing the user to log in if the verification is successful, or deny login if not.

The user authentication system according to an embodiment satisfies the following characteristics through a password-based user authentication method configured as described above.

1: Providing normal user authentication through password: If the user enters a normal password,

Figure 112015107966469-pat00103
About
Figure 112015107966469-pat00104
Therefore,
Figure 112015107966469-pat00105

. Accordingly

Figure 112015107966469-pat00106
Is successfully performed.

2: Password protection in case of complete deodorization of local system:

Figure 112015107966469-pat00107
And a key for signature verification of a disposable private key-based electronic signature
Figure 112015107966469-pat00108
Signature information
Figure 112015107966469-pat00109
Is stored. If the local system is attacked by a hacker, the attacker can encrypt / decrypt the same type of ciphertext, verify the digital signature,
Figure 112015107966469-pat00110
. ≪ / RTI > However, the information can not be recovered and can not be signed, so even if the same type of ciphertext can be created, it is impossible to attack using the authentication server.

E.g,

Figure 112015107966469-pat00111
Wow
Figure 112015107966469-pat00112
Bit exclusive OR for each bit (
Figure 112015107966469-pat00113
) Operation
Figure 112015107966469-pat00114
Bit result
Figure 112015107966469-pat00115
Instead of simply creating the hash value of the password
Figure 112015107966469-pat00116
Using
Figure 112015107966469-pat00117
If the local system is completely hijacked, the following attack using the authentication server is possible. An attacker pretends to be a user,
Figure 112015107966469-pat00118
When encrypting the bit plaintext and requesting authentication from the authentication server, the remote server
Figure 112015107966469-pat00119
For
Figure 112015107966469-pat00120
The attacker on the local system
Figure 112015107966469-pat00121
To obtain the original text of the password.

However, in the method proposed by the present invention,

Figure 112015107966469-pat00122
Therefore, as described above,
Figure 112015107966469-pat00123
Even if an authentication request is made to the authentication server by encrypting the bit plaintext,
Figure 112015107966469-pat00124
Can only recover.
Figure 112015107966469-pat00125
Wow
Figure 112015107966469-pat00126
If one can not be created,
Figure 112015107966469-pat00127
Wow
Figure 112015107966469-pat00128
It is possible to safeguard the password even if the local system is completely hijacked.

3: Prevent dictionary attack by remote server: The remote server for user authentication can not perform dictionary attack because it stores only the same type of ciphertexts, not password original or hash value. Attempts to attack the remote server

Figure 112015107966469-pat00129
They are decoded
Figure 112015107966469-pat00130
To perform a dictionary attack and to derive a password from it,
Figure 112015107966469-pat00131
And the public key
Figure 112015107966469-pat00132
Signature information
Figure 112015107966469-pat00133
This information is known only to the local system. If the local system is hacked,
Figure 112015107966469-pat00134
, A password dictionary attack is possible. However, it is difficult for a hacker to succeed at attacking a local system and a remote server at the same time.

3 is a flowchart illustrating a user registration process of the user authentication system according to an exemplary embodiment of the present invention.

The user authentication system can perform a user registration process and a user authentication process. The user authentication system will explain the user registration process through the operation between the local system 300 and the remote server 301. [

The local system 300 may generate a key pair including the homogeneous encryption key, the public key for the digital signature and the one-time private key, and determine the signature information (311). The local system 300 may generate the hash value of the first password by hashing the password as the ID and the password are input from the user (312).

The local system 300 may generate a signature based on the signature generation operation to obtain the signature value, and discard the disposable private key (313). The local system 300 may perform an exclusive-OR operation on the hash value and the signature value for each bit to generate an exclusive-OR operation result (314).

The local system 300 can generate the cipher text by encrypting the exclusive OR operation result using the same type encryption method. The local system 300 may transmit the ID and the cipher text to the remote server 301. [ The remote server 301 may store the ID and the cipher text as it receives the ID and the cipher sent from the local system 300 (316). At this time, the local system 300 may store the same encryption key, a public key for signature verification of the digital signature, and signature information.

4 is a flowchart illustrating a user authentication process of the user authentication system according to an embodiment of the present invention.

The user authentication system can perform a user registration process and a user authentication process. The user authentication system will explain the user authentication process through the operation between the local system 400 and the remote server 401. [

The local system 400 may generate a hash value by hashing the password input by the user as a hash function as the ID and the password are input from the user (411). The local system 400 may encrypt the hash value of the password using the same type of encryption method to generate a cipher text for the password (412). The local system 400 may send the identity and the ciphertext to the remote server 401. The remote server 401 may extract the cipher text corresponding to the ID upon receiving the ID and the cipher text transmitted from the local system 400 (413). The remote server 401 may perform operations between ciphertexts 414.

The remote server 401 can transmit the operation result between the ciphertexts to the local system 400. [ The local system 400 may perform the decryption using the same encryption key for the operation result (415). The local system 400 may process the user authentication based on the result of performing the decryption (416). The local system 400 can perform signature verification through the result of performing the decryption and the signature verification operation from the signer's public key.

The apparatus described above may be implemented as a hardware component, a software component, and / or a combination of hardware components and software components. For example, the apparatus and components described in the embodiments may be implemented within a computer system, such as, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable gate array (FPGA) , A programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications running on the operating system. The processing device may also access, store, manipulate, process, and generate data in response to execution of the software. For ease of understanding, the processing apparatus may be described as being used singly, but those skilled in the art will recognize that the processing apparatus may have a plurality of processing elements and / As shown in FIG. For example, the processing unit may comprise a plurality of processors or one processor and one controller. Other processing configurations are also possible, such as a parallel processor.

The software may include a computer program, code, instructions, or a combination of one or more of the foregoing, and may be configured to configure the processing device to operate as desired or to process it collectively or collectively Device can be commanded. The software and / or data may be in the form of any type of machine, component, physical device, virtual equipment, computer storage media, or device , Or may be permanently or temporarily embodied in a transmitted signal wave. The software may be distributed over a networked computer system and stored or executed in a distributed manner. The software and data may be stored on one or more computer readable recording media.

The method according to an embodiment may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions to be recorded on the medium may be those specially designed and configured for the embodiments or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. For example, it is to be understood that the techniques described may be performed in a different order than the described methods, and / or that components of the described systems, structures, devices, circuits, Lt; / RTI > or equivalents, even if it is replaced or replaced.

Therefore, other implementations, other embodiments, and equivalents to the claims are also within the scope of the following claims.

Claims (7)

In the user authentication method,
Registering a first cipher text generated by performing a first cipher for the first password using the same type encryption method upon input of an ID and a first password, together with the ID, to a remote server;
Inputting the ID and a second password from a user;
Generating a hash value by hashing a second password input by the user into a hash function;
Encrypting the hash value of the second password using the same type encryption method to generate a second cipher text for the second password;
Transmitting the ID and the second ciphertext to the remote server and receiving an operation result between the first ciphertext and the second ciphertext from the remote server;
Performing decoding using the same type of encryption key on the result of the calculation; And
Processing the user authentication using the ID based on the result of performing the decryption;
Lt; / RTI >
Wherein the step of processing the user authentication using the ID based on the result of performing the decryption includes:
A signature generation step of generating a signature based on a signature generation operation of a signer having a private key for signing, then discarding the private key, and verifying the signature of the signer by signature verification from the public key of the signer and the generated signature Determining the validity, and performing a digital signature based on the private key such that recalculation of the signature is not possible
And a user authentication method. delete The method according to claim 1,
Wherein the step of processing the user authentication using the ID based on the result of performing the decryption includes:
Performing signature verification through a result of performing the decryption and a signature verification operation from a signer's public key
And a user authentication method. The method according to claim 1,
Wherein the step of processing the user authentication using the ID based on the result of performing the decryption includes:
Allowing login of the ID if the signature verification is successful, and rejecting login of the ID if the signature verification is unsuccessful
And a user authentication method. In the user authentication method,
Registering a first cipher text generated by performing a first cipher for the first password using the same type encryption method upon input of an ID and a first password, together with the ID, to a remote server;
Inputting the ID and a second password from a user;
Generating a hash value by hashing a second password input by the user into a hash function;
Encrypting the hash value of the second password using the same type encryption method to generate a second cipher text for the second password;
Transmitting the ID and the second ciphertext to the remote server and receiving an operation result between the first ciphertext and the second ciphertext from the remote server;
Performing decoding using the same type of encryption key on the result of the calculation; And
Processing the user authentication using the ID based on the result of performing the decryption;
Lt; / RTI >
Wherein the step of registering the first cipher text generated by performing the first cipher for the first password in the remote server together with the ID by using the same type encryption method when the ID and the first password are inputted,
Generating a key pair including a homogeneous encryption key, a public key for digital signature and a disposable private key, and determining signature information;
Generating a hash value of the first password by hashing the first password according to the input of the ID and the first password from the user;
Generating a signature based on the signature generation operation to obtain a signature value, and discarding the disposable private key;
Performing an exclusive-OR operation on each of the bits of the hash value and the signature value to generate an exclusive-OR operation result;
Generating a first ciphertext by encrypting the exclusive OR operation result using the same encryption method; And
Transmitting the ID and the first cipher text to the remote server and registering the ID and the first cipher text on the remote server
And a user authentication method. 6. The method of claim 5,
And transmitting the ID and the first cipher text to the remote server and registering the ID and the first cipher text on the remote server,
A step of storing the same encryption key, a public key for signature verification of the electronic signature, and signature information
And a user authentication method. At least one program loaded memory; And
At least one processor
Lt; / RTI >
Wherein the at least one processor, under control of the program,
Generating a key pair including a homogeneous encryption key, a public key for digital signature and a disposable private key, and determining signature information;
Generating a hash value of the first password by hashing the first password according to the input of the ID and the first password;
Generating a signature based on the signature generation operation to obtain a signature value, and discarding the disposable private key;
Generating an exclusive-OR operation result by performing an exclusive-OR operation on the hash value and the signature value for each bit;
Generating a first ciphertext by encrypting the result of the exclusive-OR operation using the same-type encryption method;
Transmitting the ID and the first cipher text to a remote server and registering the ID and the first cipher text on the remote server;
Inputting the ID and the second password from a user;
Generating a hash value by hashing a second password input by the user into a hash function;
Generating a second cipher text for the second password by encrypting the hash value of the second password using the same type encryption method;
Transmitting the ID and the second ciphertext to the remote server and receiving an operation result between the first ciphertext and the second ciphertext from the remote server;
Performing a decryption process on the result of the calculation using the same encryption key; And
Processing the user authentication using the ID based on the result of performing the decryption;
The user authentication system.
KR1020150155350A 2015-11-05 2015-11-05 Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption KR101739203B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150155350A KR101739203B1 (en) 2015-11-05 2015-11-05 Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150155350A KR101739203B1 (en) 2015-11-05 2015-11-05 Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption

Publications (2)

Publication Number Publication Date
KR20170053063A KR20170053063A (en) 2017-05-15
KR101739203B1 true KR101739203B1 (en) 2017-05-23

Family

ID=58739464

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150155350A KR101739203B1 (en) 2015-11-05 2015-11-05 Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption

Country Status (1)

Country Link
KR (1) KR101739203B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11316657B2 (en) 2018-04-06 2022-04-26 Crypto Lab Inc. User device and electronic device for sharing data based on block chain and homomorphic encryption technology and methods thereof

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102255286B1 (en) * 2018-06-05 2021-05-26 아이리텍 잉크 Method for physical identity management in blockchain using a decentralized biometrics system
KR102157695B1 (en) * 2018-08-07 2020-09-18 한국스마트인증 주식회사 Method for Establishing Anonymous Digital Identity
KR102084699B1 (en) * 2019-08-22 2020-03-04 주식회사 알비엔 Regional Economic Circulation System based on OTPA Block Chain Technology
KR102466015B1 (en) * 2021-06-21 2022-11-11 주식회사 크립토랩 Server device for processing homomorphic ciphertext and method thereof
KR102631080B1 (en) * 2021-09-28 2024-01-30 건국대학교 산학협력단 Docker image authentication apparatus and method using homomoriphic encryption

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101475747B1 (en) 2014-01-22 2014-12-23 고려대학교 산학협력단 Method for an outsourcing multi-party computation using homomorphic encryption

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101475747B1 (en) 2014-01-22 2014-12-23 고려대학교 산학협력단 Method for an outsourcing multi-party computation using homomorphic encryption

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Sergey Gorbunov, 외 2명, "Leveled fully homomorphic signatures from standard lattices," Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing. ACM, 2015. (2015.06.)*
신승수, 한군희. "안전한 통신을 위한 메신저 프로토콜 설계." 한국산학기술학회논문지 Vol11, No.10 pp.3958-3963(2010.)*

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11316657B2 (en) 2018-04-06 2022-04-26 Crypto Lab Inc. User device and electronic device for sharing data based on block chain and homomorphic encryption technology and methods thereof

Also Published As

Publication number Publication date
KR20170053063A (en) 2017-05-15

Similar Documents

Publication Publication Date Title
US11757662B2 (en) Confidential authentication and provisioning
RU2718689C2 (en) Confidential communication control
CN108809646B (en) Secure shared key sharing system
KR101727660B1 (en) Method of using one device to unlock another device
KR101739203B1 (en) Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption
US10797879B2 (en) Methods and systems to facilitate authentication of a user
KR101755995B1 (en) Method and system for feature vector based remote biometric verification using homomorphic encryption
US20150318998A1 (en) Methods and systems for client-enhanced challenge-response authentication
JP6927981B2 (en) Methods, systems, and devices that use forward secure cryptography for passcode verification.
CN112425118A (en) Public-private key account login and key manager
US11153074B1 (en) Trust framework against systematic cryptographic
US9942042B1 (en) Key containers for securely asserting user authentication
US20210073359A1 (en) Secure one-time password (otp) authentication
Mun et al. A novel secure and efficient hash function with extra padding against rainbow table attacks
CN111291398B (en) Block chain-based authentication method and device, computer equipment and storage medium
CN114553566B (en) Data encryption method, device, equipment and storage medium
JP6037450B2 (en) Terminal authentication system and terminal authentication method
KR102094606B1 (en) Apparatus and method for authentication
EP3361670B1 (en) Multi-ttp-based method and device for verifying validity of identity of entity
US11528144B1 (en) Optimized access in a service environment
CN113508380A (en) Method for terminal entity authentication
KR102145679B1 (en) Method for evading mitm attack for https protocol
Li et al. Robust dynamic ID–based remote user authentication scheme using smart cards
CN114338052B (en) Method and device for realizing identity authentication
TWI746504B (en) Method and device for realizing synchronization of session identification

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant