1. Technical Field
The present invention relates generally to an apparatus and method for anonymity-based authentication and key agreement capable of providing a communication message binding property and, more particularly, to an apparatus and method that are capable of ensuring that messages have been sent by the same user via an anonymity-based authenticated key agreement protocol.
2. Description of the Related Art
Since the concept of a key agreement protocol was first presented by Diffie and Hellman in 1976, various types of key agreement protocols have been actively researched in order to establish a secure communication channel.
In particular, in order to defend against a man-in-the-middle attack on an initial Diffie-Hellman scheme, research into the combination of various authentication methods with a key agreement protocol has become an important issue.
An authenticated key agreement protocol enables a common key between users to be computed while ensuring that participants are valid. The computed key can later be used for cryptographic purposes, such as data encryption, integrity, authentication, etc. In practice, key agreement protocols are used in Kerberos and Secure Socket Layer (SSL). Korean Patent Application Publication No. 1998-048479 discloses a digital signature method that is capable of ensuring the security of the design of a digital signature when the signature is generated and verified. In greater detail, Korean Patent Application Publication No. 1998-048479 discloses a digital signature method for digital signatures that are used to ensure the integrity and authentication of electronic documents, the method including a first step of generating a digital signature in such a way that a signer signs an electronic document with his or her own private key; and a second step of verifying the signature based on a signature message. The technology disclosed in Korean Patent Application Publication No. 1998-048479 can be securely used in an environment that provides information protection services, such as a digital signature, identification, message verification, etc. in an electronic document trading system. Meanwhile, Korean Patent No. 10-1020300 discloses an electronic signature method using bilinear mapping in which a private signature key and a public verification key are configured in specific forms using a generator P of an additive group for bilinear mapping, and the overall computational load is reduced through prior computation.
Most authenticated key agreement protocols that are currently known are disadvantageous and undesirable in terms of privacy protection because they are based on the real name authentication of participants. As a representative example, when the authentication of a key agreement protocol is performed using a Public Key Infrastructure (PKI)-based digital signature that is currently widely used, information about the real name of a signer may be divulged. Furthermore, it also has the problems of the divulgence of personal information in connection with an authentication service, divulgence attributable to the excessive gathering and careless management of personal information by a service provider, and the wide range tracking of activities.
Meanwhile, when a privacy problem must be addressed as an important factor, key agreement should be performed at an appropriate privacy level. As an example, an adult may perform anonymous authentication, instead of real name-based authentication, in order to view an adult movie online, download content using an agreed key, and then view it. As another example, an impaired person may perform anonymity-based authentication in order to view data, and then receives encrypted data using an agreed key.
In order to overcome the above problem, anonymous authentication-based key agreement protocols have been proposed. Basically, anonymous authentication-based key agreement protocols are based on authentication that provides anonymity, so that participants cannot be aware of the identity of other participants who participate in a corresponding protocol but the validity of users can be verified.
However, since such an anonymous authentication-based key agreement protocol is based on anonymity, participants who participate in the corresponding protocol cannot determine whether the same counterpart participant sends messages if the messages are sent via a plurality of rounds. For example, if a participant establishes a session through the performance of the key agreement protocol and subsequent performance and then turns over or hands over the current session to another user, a counterpart participant who established the session together with the former user cannot be aware of the activity. Since a user who pays fees and uses a service anonymously can turn over his service to another person, it would be undesirable to a service provider. As another example, when a session is hijacked by an attack, protocol participants cannot be aware of this attack if the attacker normally uses anonymity-based authentication. Therefore, in the anonymity-based authentication and key agreement protocols, it is necessary to ensure that messages have been sent by the same user. In related documents, this property is referred to as a full binding property.
Recently, Walker and Li proposed a method for providing a communication message binding property to an anonymity-based key agreement protocol. The main idea of this method is to provide a binding property using an agreed key. That is, whenever a message is sent, a hash value for the message is generated using an agreed key and the hash value is sent along with the message. However, when the agreed key is given to another user and a session is turned over to him or her, the above-described problem still occurs. Furthermore, when an illegitimate attacker steals the agreed key, the above-described problem still occurs.