KR20150110087A - Cryptography system efficiently detecting message modification and cryptographic communication method thereof - Google Patents

Cryptography system efficiently detecting message modification and cryptographic communication method thereof Download PDF

Info

Publication number
KR20150110087A
KR20150110087A KR1020140033949A KR20140033949A KR20150110087A KR 20150110087 A KR20150110087 A KR 20150110087A KR 1020140033949 A KR1020140033949 A KR 1020140033949A KR 20140033949 A KR20140033949 A KR 20140033949A KR 20150110087 A KR20150110087 A KR 20150110087A
Authority
KR
South Korea
Prior art keywords
value
message
encryption
nonce
additional information
Prior art date
Application number
KR1020140033949A
Other languages
Korean (ko)
Inventor
장동훈
Original Assignee
장동훈
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 장동훈 filed Critical 장동훈
Priority to KR1020140033949A priority Critical patent/KR20150110087A/en
Publication of KR20150110087A publication Critical patent/KR20150110087A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Abstract

The encryption and decryption schemes according to the embodiment of the present invention are advantageous in terms of security and availability of a communication environment because attacks using message modulation can be detected efficiently and quickly. The inventive technique proposed by the present invention suggests a general design technique instead of any specific cryptographic communication or protocol, and thus can be applied to various fields.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an encryption system for efficiently detecting message tampering, and a method of encrypting and decrypting a message,

The present invention relates to an encryption system, and more particularly, to an encryption system and its cryptographic communication method for efficiently detecting attacks based on message modulation.

Message tampering detection is a very important factor for the safety and availability of the communication environment. For example, it is very important to efficiently detect whether there is a message tampering or a legitimate user packet, in a case where a hardware resource such as a DOS (Denial-of-Service) attack is monopolized and legitimate users can not use it.

Message modulation detection can be performed through a MAC value check based on CRC checksum, error-correction detection coding, or cryptography. Although CRC checksum or coding theory based message modulation detection methods are efficient, they are problematic from a safety point of view. On the other hand, cryptography based MAC value checking methods have high safety but they have disadvantages in terms of efficiency.

In case of TLS, different padding methods are applied according to message padding size in order to maximize safety and efficiency. However, a sub-channel attack called padding Oracle attack using recent time information has been introduced, which also poses a problem in safety.

In the present invention, a new cryptographic communication method to overcome this problem will be introduced. The present invention enables message tamper detection very efficiently, thus providing strong security and availability against attacks based on message tampering, such as a DOS attack.

The present invention proposes a method for efficiently detecting message modulation or error using a block cipher, a hash algorithm or a MAC algorithm in the operating mode dimension.

The encryption and decryption schemes according to the embodiment of the present invention are advantageous in terms of security and availability of a communication environment because attacks using message modulation can be detected efficiently and quickly. The inventive technique proposed by the present invention suggests a general design technique instead of any specific cryptographic communication or protocol, and thus can be applied to various fields.

When the encryption / decryption and authentication code generation method disclosed in the present invention is used, it is possible to effectively cope with attacks due to message modulation.

1 shows how a given message M is encrypted using the public key HK, the block cipher EK, and the password authentication mode AEK, the public non-random N or the initial value IV, and the additional information A, And whether or not the authentication code T is to be generated.
FIG. 2 shows how a given message M is encrypted by using the public nonce N or the initial value IV and the additional information A when the MAC algorithm HK and the password authentication mode AEK are given, thereby obtaining the ciphertext C and the authentication code T Fig.
FIG. 3 shows how a given message M is encrypted by using the random nonce N and the additional information A, which are previously promised and used in advance, when the block encryption EK and the password authentication mode AEK are given, Fig.
4 is a diagram showing how the encrypted message M and the authentication code T are to be generated by encrypting a given message M using the public nonce N and the additional information A when the password authentication mode AEK is given.
FIG. 5 shows how a given message M is encrypted using encryption and additional information A for a previously shared nonce N enabling effective protection against a subchannel attack when a block cipher EK and a password authentication mode AEK are given, And an authentication code T are to be generated.
FIG. 6 shows how a given message M is encrypted using the encryption and the additional information A in a state in which a certain nonce N is to be used when a block cipher EK and a password authentication mode AEK are given in advance, And whether or not the authentication code T is to be generated.
7 shows how a given message M is encrypted using encryption and additional information A in a state in which a certain nonce N is to be used when a hash function H and a password authentication mode AEK are used, As shown in FIG.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features and advantages of the present invention will be more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which: FIG.

The non-used or IV used in Figs. 1 to 7 should not be repeated. If it is a repeated value, it should be checked in advance, and if it is repeated, decryption or encryption is stopped.

1 shows how a given message M is encrypted using the public key HK, the block cipher EK, and the password authentication mode AEK, the public non-random N or the initial value IV, and the additional information A, And whether or not the authentication code T is to be generated.

The nonzero N or the initial value IV, which is the input value of the MAC algorithm HK, need not be random, and the output value N 'of the MAC has a random property. Here, the nonce N or the initial value IV is a published value, and the additional information A is also a value disclosed to the other party. At this time, when the final output value (C0 || C, T) is transmitted to the other party, the counterpart can grasp whether or not the Nonsing is modulated by determining whether N 'is generated correctly from C0 using the shared key K.

FIG. 2 shows how a given message M is encrypted by using the public nonce N or the initial value IV and the additional information A when the MAC algorithm HK and the password authentication mode AEK are given, thereby obtaining the ciphertext C and the authentication code T Fig.

The nonzero N or the initial value IV, which is the input value of the MAC algorithm HK, need not be random, and the output value N 'of the MAC has a random property. Here, the nonce N or the initial value IV is a published value, and the additional information A is also a value disclosed to the other party. In this case, if the final output value (C, T) is transmitted to the other party, the counterpart uses the shared key K to determine whether the first plaintext block value N 'is correctly generated from the nonce N and the C, do.

FIG. 3 shows how a given message M is encrypted by using the random nonce N and the additional information A, which are previously promised and used in advance, when the block encryption EK and the password authentication mode AEK are given, Fig.

The nonce N, which is the input value of the block cipher EK, may not be random according to the cipher authentication scheme. Here, the Ns N must be pre-shared N with respect to each other. The additional information A is a value disclosed to the other party. At this time, when the final output value (C0 || C, T) is transmitted to the other party, the counterpart decodes N from C0 using the shared key K, The decoding is proceeded. Otherwise, the decoding is stopped.

4 is a diagram showing how the encrypted message M and the authentication code T are to be generated by encrypting a given message M using the public nonce N and the additional information A when the password authentication mode AEK is given. The nonce N may not be random according to the cryptographic authentication scheme.

The additional information A is a value disclosed to the other party. At this time, if the final output value (C, T) is transmitted to the other party, the other party decrypts the first plaintext block from C using the shared key K and N, and continues decoding if the same N is found. Otherwise, .

FIG. 5 shows how a given message M is encrypted using encryption and additional information A for a previously shared nonce N enabling effective protection against a subchannel attack when a block cipher EK and a password authentication mode AEK are given, And an authentication code T are to be generated. Nance N should be random, and it must be a nonce promised to be used in advance.

The additional information A is a value disclosed to the other party. At this time, when the final output value (C0 || C, T) is transmitted to the other party, the other party decodes N by using the shared key K and the fixed constant const, and continues to decode N Otherwise, the decoding is stopped. This means that it is designed to be resistant to subchannel attacks, which means that it is necessary to protect only one operation in which the nonce is XOR.

FIG. 6 shows how a given message M is encrypted using the encryption and the additional information A in a state in which a certain nonce N is to be used when a block encryption EK and a password authentication mode AEK are given in advance, And whether or not the authentication code T is to be generated.

If the other party receives (C0 || C, T), it first decodes N from C0, decodes the first plaintext block from N, A, and C and proceeds to decode if the same N value is found, Stop.

7 shows how a given message M is encrypted using encryption and additional information A in a state in which a certain nonce N is to be used when a hash function H and a password authentication mode AEK are used, As shown in FIG.

Since the secret information key value is not applied to the hash function H, the counterpart is aware of the hash value C0 of the nonce N to be used beforehand, Value can be obtained. If the hash value C0 does not correspond to the value to be used, the decoding is stopped.

In order to efficiently detect message tampering, for example, the following process is performed. The duration or initial value should be used only once.

The encryption process is as follows.

In the step, it is checked whether or not the nonce N or the initial value IV is repeatedly used. If it is used repeatedly, it does not proceed encryption.

In step 2, the colorization for N or the initial value IV is performed according to any predetermined method to calculate the C0 value.

In step 3, an initial value N 'necessary for an encryption operation is defined using N or IV, and a cipher text C and an authentication code T are generated from a given message M and additional information A according to a predetermined encryption or authentication method. Then, the final output value (N or IV, C0 || C, T) is transmitted to the other party. At this time, if N or IV is pre-shared, only (C0 || C, T) is sent.

Next, the decoding process is as follows.

In step 1, when receiving (N or IV, C0 || C, T), it is checked whether N or the initial value IV is repeatedly used. If it is used repeatedly, do not proceed with decoding.

In step 2, a value C0 'is generated from N or an initial value IV to check whether C0' = C0. If the values are different, an error is output without further decoding.

In step 3, an initial value N 'necessary for an encryption operation is generated using N or IV, and a decryption message M and an authentication code value (M, M) for the cipher text C are generated along with the additional information A according to a predetermined decryption and authentication method, T '). If T = T ', the decoding is completed by outputting the value of C, and if T and T' are different, it is known that there is modulation in the ciphertext and an error is output.

When encryption or decryption is performed in the above manner, it is possible to effectively defend against attacks such as DOS attacks by detecting the presence or absence of non-repetition and non-repetition.

In the present invention, a concrete design logic for the encryption / decryption and authentication code generation method that implements the above process is presented.

The above-described contents and examples of the present invention are merely concrete examples for carrying out the invention. The present invention will include not only concrete and practical means themselves, but also technical ideas which are abstract and conceptual ideas that can be utilized as future technologies.

MAC algorithm HK
Block Cipher EK
Password Authentication Mode AEK

Claims (1)

A method for decoding an audio signal in an audio decoding system, comprising:
Receiving a nonce or an initial value;
Determining whether the nonce or the initial value is repeatedly used; And
And stopping the encryption / decryption operation when the nonce or initial value is used repeatedly.
KR1020140033949A 2014-03-24 2014-03-24 Cryptography system efficiently detecting message modification and cryptographic communication method thereof KR20150110087A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020140033949A KR20150110087A (en) 2014-03-24 2014-03-24 Cryptography system efficiently detecting message modification and cryptographic communication method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140033949A KR20150110087A (en) 2014-03-24 2014-03-24 Cryptography system efficiently detecting message modification and cryptographic communication method thereof

Publications (1)

Publication Number Publication Date
KR20150110087A true KR20150110087A (en) 2015-10-02

Family

ID=54341304

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140033949A KR20150110087A (en) 2014-03-24 2014-03-24 Cryptography system efficiently detecting message modification and cryptographic communication method thereof

Country Status (1)

Country Link
KR (1) KR20150110087A (en)

Similar Documents

Publication Publication Date Title
JP6138333B2 (en) Master key encryption function for transmitter and receiver pairing as a countermeasure to thwart key recovery attacks
CN107294937B (en) Data transmission method based on network communication, client and server
US10623176B2 (en) Authentication encryption method, authentication decryption method, and information-processing device
US9166793B2 (en) Efficient authentication for mobile and pervasive computing
US20130195266A1 (en) Apparatus and Method for Producing a Message Authentication Code
KR101527329B1 (en) Apparatus and method for data encryption
WO2016058404A1 (en) Entity authentication method and device based on pre-shared key
US20170085543A1 (en) Apparatus and method for exchanging encryption key
JPWO2007125877A1 (en) Communication device and communication system
CN103036880A (en) Network information transmission method, transmission equipment and transmission system
KR20200037847A (en) NFC tag authentication to remote servers with applications to protect supply chain asset management
US20190103957A1 (en) Encryption device, encryption method, decryption device and decryption method
CN104243494A (en) Data processing method
CN104866784A (en) BIOS encryption-based safety hard disk, and data encryption and decryption method
CN105791258A (en) Data transmission method, terminal and open platform
US10681038B1 (en) Systems and methods for efficient password based public key authentication
Luring et al. Analysis of security features in DLMS/COSEM: Vulnerabilities and countermeasures
CN106453380A (en) Secret key negotiation method and apparatus
Thapar et al. A study of data threats and the role of cryptography algorithms
KR20150110087A (en) Cryptography system efficiently detecting message modification and cryptographic communication method thereof
CN105049433A (en) Identified card number information transmission verification method and system
KR20150103394A (en) Cryptography system and cryptographic communication method thereof
KR20170019679A (en) Efficient white-box based encryption-decryption method and tag generation and verification method
CN105703903A (en) Multi-factor anti-fake method based on public key cipher and system
Hartl et al. Subverting Counter Mode Encryption for Hidden Communication in High-Security Infrastructures

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination