• Title/Summary/Keyword: 속성기반 암호시스템

Search Result 15, Processing Time 0.02 seconds

Constant-Size Ciphertext-Policy Attribute-Based Data Access and Outsourceable Decryption Scheme (고정 크기 암호 정책 속성 기반의 데이터 접근과 복호 연산 아웃소싱 기법)

  • Hahn, Changhee;Hur, Junbeom
    • Journal of KIISE
    • /
    • v.43 no.8
    • /
    • pp.933-945
    • /
    • 2016
  • Sharing data by multiple users on the public storage, e.g., the cloud, is considered to be efficient because the cloud provides on-demand computing service at anytime and anywhere. Secure data sharing is achieved by fine-grained access control. Existing symmetric and public key encryption schemes are not suitable for secure data sharing because they support 1-to-1 relationship between a ciphertext and a secret key. Attribute based encryption supports fine-grained access control, however it incurs linearly increasing ciphertexts as the number of attributes increases. Additionally, the decryption process has high computational cost so that it is not applicable in case of resource-constrained environments. In this study, we propose an efficient attribute-based secure data sharing scheme with outsourceable decryption. The proposed scheme guarantees constant-size ciphertexts irrespective of the number of attributes. In case of static attributes, the computation cost to the user is reduced by delegating approximately 95.3% of decryption operations to the more powerful storage systems, whereas 72.3% of decryption operations are outsourced in terms of dynamic attributes.

Analysis of Data Encryption Mechanisms for Searchable Encryption (검색가능 암호시스템을 위한 데이터 암호기법의 문제점 분석)

  • Son, Junggab;Yang, Yu-Jin;Oh, Heekuck;Kim, Sangjin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.9
    • /
    • pp.79-89
    • /
    • 2013
  • Recently, the need for outsourcing sensitive data has grown due to the wide spreading of cost-effective and flexible cloud service. However, there is a fundamental concern in using such service since users have to trust external servers. Therefore, searchable encryption can be a very valuable tool to meet the security requirements of data outsourcing. However, most of work on searchable encryption focus only on privacy preserving search function and relatively lacks research on encryption mechanism used to actually encrypt data. Without a suitable latter mechanism, searchable encryption cannot be deployed in real world cloud services. In this paper, we analyze previously used and possible data encryption mechanisms for multi-user searchable encryption system and discuss their pros and cons. Our results show that readily available tools such as broadcast encryption, attribute-based encryption, and proxy re-encryption do not provide suitable solutions. The main problem with existing tools is that they may require separate fully trusted servers and the difficulty in preventing collusion attacks between outsiders and semi-trusted servers.

A Study on Improvement Methods for Encrytion and Authentication in Batt le Field Management System(C4I) (전장관리체계(C4I)에서의 암호 및 인증방법 개선 방안에 관한연구)

  • Lee, Won Man;Koo, Woo Kwon;Park, Tae Hyeong;Lee, Dong Hoon
    • Convergence Security Journal
    • /
    • v.12 no.6
    • /
    • pp.39-50
    • /
    • 2012
  • Battlefield management systems are operated by the Public Key Infrastructure (PKI) and cryptographic equipment is distributed through the personal delivery to the enemy has deodorizing prone to structure. In addition, Per person each battlefield management system (C4I) encryption key operate and authentication module to manage multiple encryption so, encryption key operating is restrictions. Analysis of the problems of this public key infrastructure(PKI), Identity-Based Cryptosystem(IBC) and Attribute-Based Cryptosystem(ABC) to compare construct the future of encrypt ion and authentication system were studied. Authentication method for the connection between the system that supports data encryption and secure data communication, storage, and communication scheme is proposed.

Data Access Control using Attribute-Based Encryption in Smartwork Environment (속성기반 암호를 이용한 스마트워크 환경에서의 데이터 접근제어)

  • Choi, Seul-Ki;Kwak, Jin
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2013.05a
    • /
    • pp.591-594
    • /
    • 2013
  • 스마트워크는 언제 어디서나 편리하고 효율적으로 업무에 종사할 수 있도록 하는 미래지향적인 업무 환경이다. 이미 국내 외 많은 국가 및 기업들이 스마트워크의 도입을 추진하고 있으며 이에 따라 기업 및 근로자 그리고 사회적인 측면에서 긍정적인 효과를 기대하고 있다. 하지만 다양한 환경에서 업무 데이터에 대한 접근이 가능하기 때문에 그에 따른 데이터 접근에 대한 보안 위협이 존재하다. 따라서 본 논문에서는 스마트워크 환경의 보안을 위하여 속성기반 암호 시스템을 이용하여 상황정보를 고려한 데이터 접근제어 기법을 제안한다.

A New Universally Verifiable and Receipt-free Electronic Voting Scheme Through Public Channel by Using Smartcard (스마트카드를 이용하여 공개채널로 매표방지와 전체검증을 제공하는 전자선거기법)

  • 김형석;김상진;오희국
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 2003.12a
    • /
    • pp.605-610
    • /
    • 2003
  • 선거를 전자적으로 구성하기 위해서는 비밀성(privacy), 선거권(eligibility) 등과 함께 전체검증(universal verifiability)과 매표방지(receipt-freeness) 속성을 반드시 제공해야 한다. 지금까지 제안된 전자선거 기법은 매표방지와 전체검증을 제공하기 위해 도청 불가능한 채널이라는 물리적인 가정 하에 이루어지거나 하드웨어 장치를 이용하더라도 장치에 대한 신뢰가 가정되었다. 본 논문에서는 믹스 서버나 랜덤마이저의 역할을 스마트카드와 같은 안전한 하드웨어 장치가 하므로 물리적 가정 없이 효율적으로 구현한다. 제안한 시스템은 표를 섞는 과정에서 permutation matrix를 사용하여 증명하므로 증명의 회수가 적고 간단하여 효율적이다. 또한, 지금까지 제안된 대부분의 선거 기법은 ElGamal 암호시스템의 준동형 특성을 이용하여 모든 표를 결합한 다음 해독하여 집계를 계산하는데 이는 이산대수 문제를 효율적으로 해결할 수 있어야 가능했다. 이 논문에서는 ElGamal 암호시스템과 다차잉여 기반 암호알고리즘인 Naccacne 암호알고리즘을 결합하여 표를 인코딩 함으로써 유권자의 수가 많은 선거에 대해서도 다항 시간 내에 집계가 가능하다.

  • PDF

Secure Inner Product Encryption Scheme with Attribute Hiding in Bilinear Groups (Bilinear Group에서 속성 은닉을 가지는 안전한 내적 암호화 방식)

  • Sadikin, Rifki;Park, YoungHo
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.51 no.1
    • /
    • pp.57-70
    • /
    • 2014
  • Inner product encryption (IPE) scheme is a cryptographic primitive that provides fine grained relations between secret keys and ciphertexts. This paper proposes a new IPE scheme which achieves fully attribute hiding security. Our IPE scheme is based on bilinear groups of a composite order. We prove the fully attribute hiding security of our IPE by using dual encryption system framework. In performance analysis, we compare the computation cost and memory requirement of our proposed IPE to other existing IPE schemes.

A Study of Improvement Schemes for MPKI of National Defense Digital Network (국방전산통신망을 위한 국방인증체계(MPKI) 개선 방안에 관한 연구)

  • Han, Kwang-Taek;Lee, Su-Youn;Park, Chang-Seop
    • Convergence Security Journal
    • /
    • v.14 no.6_1
    • /
    • pp.147-155
    • /
    • 2014
  • Encryption and authentication system in National Defense is divided into three system; KMI, MPKI, and GPKI. In this paper, we report inherent problem and security threaten in MPKI and propose an attribute-based authentication scheme using attribute-based signature in order to improve user authentication. In our scheme, access structure is used by Monotone Span Program, and system server provides service after user authentication.

Efficient Attribute Based Digital Signature that Minimizes Operations on Secure Hardware (보안 하드웨어 연산 최소화를 통한 효율적인 속성 기반 전자서명 구현)

  • Yoon, Jungjoon;Lee, Jeonghyuk;Kim, Jihye;Oh, Hyunok
    • Journal of KIISE
    • /
    • v.44 no.4
    • /
    • pp.344-351
    • /
    • 2017
  • An attribute based signature system is a cryptographic system where users produce signatures based on some predicate of attributes, using keys issued by one or more attribute authorities. If a private key is leaked during signature generation, the signature can be forged. Therefore, signing operation computations should be performed using secure hardware, which is called tamper resistant hardware in this paper. However, since tamper resistant hardware does not provide high performance, it cannot perform many operations requiring attribute based signatures in a short time frame. This paper proposes a new attribute based signature system using high performance general hardware and low performance tamper resistant hardware. The proposed signature scheme consists of two signature schemes within a existing attribute based signature scheme and a digital signature scheme. In the proposed scheme, although the attribute based signature is performed in insecure environments, the digital signature scheme using tamper resistant hardware guarantees the security of the signature scheme. The proposed scheme improves the performance by 11 times compared to the traditional attribute based signature scheme on a system using only tamper resistant hardware.

BACS : An Experimental Study For Access Control System In Public Blockchain (BACS : 퍼블릭 블록체인 접근 통제 시스템에 관한 실험적 연구)

  • Han, Sejin;Lee, Sunjae;Lee, Dohyeon;Park, Sooyoung
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.20 no.1
    • /
    • pp.55-60
    • /
    • 2020
  • In this paper, we propose an access control system using cryptography as a method to protect personal data in public blockchain. The proposed system is designed to encrypt data according to the access policy, store it in the blockchain, and decrypt only the person who satisfy the access policy. In order to improve performance and scalability, an encryption mechanism is implemented outside the blockchain. Therefore, data access performance could be preserved while cryptographic operations executed Furthermore it can also improve the scalability by adding new access control modules while preserving the current configuration of blockchain network. The encryption scheme is based on the attribute-based encryption (ABE). However, unlike the traditional ABE, the "retention period", is incorporated into the access structure to ensure the right to be forgotten. In addition, symmetric key cryptograpic algorithms are used for the performance of ABE. We implemented the proposed system in a public blockchain and conducted the performance evaluation.

Design of $AB^2 $ Multiplier for Public-key Cryptosystem (공개키 암호 시스템을 위한 $AB^2 $곱셈기 설계)

  • 김현성;유기영
    • Journal of KIISE:Computer Systems and Theory
    • /
    • v.30 no.2
    • /
    • pp.93-98
    • /
    • 2003
  • This paper presents two new algorithms and their architectures for $AB^2 $ multiplication over $GF(2^m)$.First, a new architecture with a new algorithm is designed based on LFSR (Linear Feedback Shift Register) architecture. Furthermore, modified $AB^2 $ multiplier is derived from the multiplier. The multipliers and the structure use AOP (All One Polynomial) as a modulus, which hat the properties of ail coefficients with 1. Simulation results thews that proposed architecture has lower hardware complexity than previous architectures. They could be. Therefore it is useful for implementing the exponential ion architecture, which is the tore operation In public-key cryptosystems.