• Title, Summary, Keyword: 비밀분산

Search Result 114, Processing Time 0.042 seconds

An Effective Authentication in Mobile Ad Hoc Networks (Mobile Ad Hoc Networks에서 효과적인 인증서비스)

  • Kim Yoon-Ho
    • The Journal of Society for e-Business Studies
    • /
    • v.10 no.1
    • /
    • pp.121-134
    • /
    • 2005
  • The MANET has many problems in security despite of its many advantages such as supporting the mobility of nodes, independence of the fixed infrastructure, and quick network establishment. In particular, in establishing security, the traditional certification service has many difficult problems in applying to the MANET because of its safety, expandability, and availability. In this paper, a secure and effective distributed certification service method was proposed using the Secret Sharing scheme and the Threshold Digital Signature scheme in providing certification services in the MANET. In the proposed distributed certification service, certain nodes of relatively high safety among the mobile nodes consisting of the MANET, were set as privileged nodes, from which the process of issuing a certification started. The proposed scheme solved problem that the whole network security would be damaged by the intrusion to one node in the Centralized Architecture and the Hierarchical Architecture. And it decreased the risk of the exposure of the personal keys also in the Fully Distributed Architecture as the number of the nodes containing the partial confidential information of personal keys decreased. By the network simulation, the features and availability of the proposed scheme was evaluated and the relation between the system parameters was analyzed.

  • PDF

A DDMPF(Distributed Data Management Protocol using FAT) Design of Self-organized Storage for Negotiation among a Client and Servers based on Clouding (클라우딩 기반에서 클라이언트와 서버간 협상을 위한 자가 조직 저장매체의 DDMPF(Distributed Data Management Protocol using FAT) 설계)

  • Lee, Byung-Kwan;Jeong, Eun-Hee;Yang, Seung-Hae
    • Journal of Korea Multimedia Society
    • /
    • v.15 no.8
    • /
    • pp.1048-1058
    • /
    • 2012
  • This paper proposes the DDMPF(Distributed Data Management Protocol using FAT) which prevents data loss and keeps the security of self-organized storages by comprising a client, a storage server, and a verification server in clouding environment. The DDMPF builds a self-organized storage server, solves data loss by decentralizing the partitioned data in it in contrast to the centralized problem and the data loss caused by the storage server problems of existing clouding storages, and improves the efficiency of distributed data management with FAT(File Allocation Table). And, the DDMPF improves the reliability of data by a verification server's verifying the data integrity of a storage server, and strengthens the security in double encryption with a client's private key and the system's master key using EC-DH algorithm. Additionally, the DDMPF limits the number of verification servers and detects the flooding attack by setting the TS(Time Stamp) for a verification request message and the replay attack by using the nonce value generated newly, whenever the verification is requested.

Digital Signature Schemes with Restriction on Signing Capability (서명 능력을 제한하는 전자 서명 스킴)

  • 황정연;이동훈;임종인
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.12 no.6
    • /
    • pp.81-92
    • /
    • 2002
  • In some practical circumstances, the ability of a signer should be restricted. In group signature schemes, a group member of a group may be allowed to generate signatures up to a certain number of times according to his/her position in the group. In proxy signature schemes, an original signer may want to allow a proxy signer to generate a certain number of signatures on behalf of the original signer. In the paper, we present signature schemes, called c-times signature schemes, that restrict the signing ability of a signer up to c times for pre-defined value c at set-up. The notion of c-times signature schemes are formally defined, and generic transformation from a signature scheme to a c-times signature scheme is suggested. The proposed scheme has a self-enforcement property such that if a signer generates c+1 or more signatures, his/her signature is forged. As a specific example, we present a secure c-times signature scheme $^c$DSA based on the DSA (Digital Signature Algorithm) by using a threshold scheme. Our transformation can be applied to other ElGamal-like signature schemes as well.

Decentralized Group Key Management for Untrusted Dynamic Networks (신뢰할 수 없는 동적 네트워크 환경을 위한 비중앙화 그룹키 관리 기법)

  • Hur, Jun-Beom;Yoon, Hyun-Soo
    • Journal of KIISE:Information Networking
    • /
    • v.36 no.4
    • /
    • pp.263-274
    • /
    • 2009
  • Decentralized group key management mechanisms offer beneficial solutions to enhance the scalability and reliability of a secure multicast framework by confining the impact of a membership change in a local area. However, many of the previous decentralized solutions reveal the plaintext to the intermediate relaying proxies, or require the key distribution center to coordinate secure group communications between subgroups. In this study, we propose a decentralized group key management scheme that features a mechanism allowing a service provider to deliver the group key to valid members in a distributed manner using the proxy cryptography. In the proposed scheme, the key distribution center is eliminated while data confidentiality of the transmitted message is provided during the message delivery process. The proposed scheme can support a secure group communication in dynamic network environments where there is no trusted central controller for the whole network and the network topology changes frequently.

A Session Key Establishment Scheme in Mobile Ad-Hoc Networks (이동 애드혹 네트워크에서 세션 키 설정 방안)

  • 왕기철;정병호;조기환
    • Journal of KIISE:Information Networking
    • /
    • v.31 no.4
    • /
    • pp.353-362
    • /
    • 2004
  • Mobile Ad-Hoc network tends to expose scarce computing resources and various security threats because all traffics are carried in air along with no central management authority. To provide secure communication and save communication overhead, a scheme is inevitable to serurely establish session keys. However, most of key establishment methods for Ad-Hoc network focus on the distribution of a group key to all hosts and/or the efficient public key management. In this paper, a secure and efficient scheme is proposed to establish a session key between two Ad-Hoc nodes. The proposed scheme makes use of the secret sharing mechanism and the Diffie-Hellman key exchange method. For secure intra-cluster communication, each member node establishes session keys with its clusterhead, after mutual authentication using the secret shares. For inter-cluster communication, each node establishes session keys with its correspondent node using the public key and Diffie-Hellman key exchange method. The simulation results prove that the proposed scheme is more secure and efficient than that of the Clusterhead Authentication Based Method(1).

Fair EPC System (사용자 프라이버시 보호 및 추적이 가능한 EPC 시스템)

  • Kwak Jin;Oh Soohyun;Rhee Keunwoo;Kim Seungjoo;Won Dongho
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.30 no.1C
    • /
    • pp.116-128
    • /
    • 2005
  • The low-cost REID system is expected to be widely used in the ubiquitous computing environment as an intelligent device. Although REID systems have several advantages, they may create new threats to users' privacy. In this paper, a traceable and unlinkable REID system called 'Fair EPC system' is proposed for low-cost RFID tags. The proposed system enables the protection of users' privacy from unwanted scanning, and it is traceable to the tag by authorized administrators when necessary. The proposed system has some advantages; (1) eliminating any danger of exposing users' information via tag tracking through the cooperation between readers or back-end databases, (2) enabling the tracking of real serial number of the tag only through the cooperation of authorized administrators using a cryptographic secret sharing scheme, and (3) providing the efficiency of the proposed system reduce the computational workloads of back-end databases.

A Design of Permission Management System Based on Group Key in Hadoop Distributed File System (하둡 분산 파일 시스템에서 그룹키 기반 Permission Management 시스템 설계)

  • Kim, Hyungjoo;Kang, Jungho;You, Hanna;Jun, Moonseog
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.4 no.4
    • /
    • pp.141-146
    • /
    • 2015
  • Data have been increased enormously due to the development of IT technology such as recent smart equipments, social network services and streaming services. To meet these environments the technologies that can treat mass data have received attention, and the typical one is Hadoop. Hadoop is on the basis of open source, and it has been designed to be used at general purpose computers on the basis of Linux. To initial Hadoop nearly no security was introduced, but as the number of users increased data that need security increased and there appeared new version that introduced Kerberos and Token system in 2009. But in this method there was a problem that only one secret key can be used and access permission to blocks cannot be authenticated to each user, and there were weak points that replay attack and spoofing attack were possible. Hence, to supplement these weak points and to maintain efficiency a protocol on the basis of group key, in which users are authenticated in logical group and then this is reflected to token, is proposed in this paper. The result shows that it has solved the weak points and there is no big overhead in terms of efficiency.

Building a Cloud computing based Secure Defense Integrated Data Center(CS-DIDC) (클라우드 기반의 안전한 국방통합데이터센터 구축방안)

  • Kang, Jungho;Kim, Kyoungmin;Shin, Kyuyong
    • Journal of Security Engineering
    • /
    • v.14 no.6
    • /
    • pp.429-440
    • /
    • 2017
  • Currently, the Ministry of National Defense of Korea has established and is operating a Defense Integrated Data Center(DIDC) in order to provide a stable defense information service with low-cost and high efficiency. In fact, however, current version of DIDC is a physical aggregation of servers and database systems operated widely in different places without core data center technologies such as integrated security solutions or cloud computing technologies. In this paper, we propose a cloud computing based secure DIDC, called CS-DIDC, which is based on cloud computing, secret sharing, and erasure coding. Under CS-DIDC, individual user can protect his/her own sensitive data regardless of the data protection service provided by cloud service provider(CSP).

Study on the Establishment of the Act on the Prevention and Protection of Technology Leakage ('기술유출방지 및 보호지원에 관한 법률'제정에 관한 연구)

  • Noh, Jae-Chul;Ko, Zoon-ki
    • The Journal of the Korea Contents Association
    • /
    • v.17 no.7
    • /
    • pp.487-497
    • /
    • 2017
  • South Korea needs reorganization of dispute resolution system due to the frequent occurrence of a case that trade secret or technique are leaked. First, the distributed various laws are established and enforced by enacting and enforcing individual laws. Therefore, the redundancy problems, the collision of individual laws, the decline in diversity, integrity, and connectivity are issues. An independent legal system is needed by Act on the Prevention and Protection of Technology Leakage. Thereby, The support system of technological protection that is sprayed in government departments such as the Small and Medium Business Administration, the Ministry of Trade, Industry and Energy, the Patent Office, the Fair Trade Commission, the Trade Committee, the National Police Agency, and the Spy Agency integrates and unifies institutionally, and it is necessary to advance a policy with functional division. Second, the Patent Tribunal, the Invention Promotion Act, the Industrial Property Right Dispute Mediation Committee by the patent law, the Industrial Technical Dispute Mediation Committee on the Industrial Technology Outflow Prevention and Protection Law and the Medium and Small Firm Dispute Mediation and Arbitration Committee on Small Business Technology Protection Support Law are installed. However, since it established the integrated law on the Act on the Prevention and Protection of Technology Leakage, it is desirable to set the merged operation of establishment on the Technical Dispute Mediation Committee under the Small and Medium Business Administration or the Ministry of Trade, Industry and Energy.

A Novel Distributed Secret Key Extraction Technique for Wireless Network (무선 네트워크를 위한 분산형 비밀 키 추출 방식)

  • Im, Sanghun;Jeon, Hyungsuk;Ha, Jeongseok
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.39A no.12
    • /
    • pp.708-717
    • /
    • 2014
  • In this paper, we present a secret key distribution protocol without resorting to a key management infrastructure targeting at providing a low-complexity distributed solution to wireless network. The proposed scheme extracts a secret key from the random fluctuation of wireless channels. By exploiting time division duplexing transmission, two legitimate users, Alice and Bob can have highly correlated channel gains due to channel reciprocity, and a pair of random bit sequences can be generated by quantizing the channel gains. We propose a novel adaptive quantization scheme that adjusts quantization thresholds according to channel variations and reduces the mismatch probability between generated bit sequences by Alice and Bob. BCH codes, as a low-complexity and pratical approach, are also employed to correct the mismatches between the pair of bit sequences and produce a secret key shared by Alice and Bob. To maximize the secret key extraction rate, the parameters, quantization levels and code rates of BCH codes are jointly optimized.