• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.147-155
• /
• 2013

Proxy re-encryption scheme has advantage where plaintext does not get exposed during re-encryption process. This scheme is popular for sharing server-saved data in case of cloud computing or mobile office that uses server to save data. Since previous proxy re-encryption schemes can use re-encryption key over and over again, it may abuse re-encryption. To solve this problem, conditional proxy re-encryption scheme was proposed. But, it is computationally expensive generate the same number of re-encryption key with the number of condition values. In this paper, we propose an efficient conditional proxy re-encryption scheme in terms of re-encryption key generation. The proposed scheme uses only encryption and decryption process. Therefore it has advantage to generate one re-encryption key for one person. The proposed scheme is secure against chosen-ciphertext attack.

• The KIPS Transactions:PartC
• /
• v.17C no.3
• /
• pp.233-242
• /
• 2010

In the recent years, power attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate results in the algorithm computations(encryption, decryption) are well-known. In case of SEED block cipher, it uses 32 bit arithmetic addition and S-box operations as non-linear operations. Therefore the masking type conversion operations, which require some operating time and memory, are required to satisfy the masking method of all non-linear operations. In this paper, we propose a new masked S-boxes that can minimize the number of the masking type conversion operation. Moreover we construct just one masked S-box table and propose a new formula that can compute the other masked S-box's output by using this S-box table. Therefore the memory requirements for masked S-boxes are reduced to half of the existing masking method's one.

• Journal of Internet of Things and Convergence
• /
• v.2 no.3
• /
• pp.43-51
• /
• 2016

In this paper, we have developed Crypft+ as an enhanced file encryption/decryption system to improve the security of IoT system or individual document file management process. The Crypft+ system was developed as a core security module using Python, and designed and implemented a user interface using PyQt. We also implemented encryption and decryption function of important files stored in the computer system using AES based symmetric key encryption algorithm and SHA-512 based hash algorithm. In addition, Cx-Freezes module is used to convert the program as an exe-based executable code. Additionally, the manual for understanding the Cryptft+ SW is included in the internal program so that it can be downloaded directly.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.9
• /
• pp.1565-1572
• /
• 2006

Recently with the ever increasing growth of data communication, the need for security and privacy has become a necessity. The advent of wireless communication and other handheld devices like Personal Digital Assistants and smart cards have made the implementation of cryptosystems a major issue. The Cellular Automata(CA) can be programmed to implement hardware sharing between the encryption and decryption. In this paper, we give conditions for a linear hybrid cellular automata with 60, 102 or 204 to be a linear hybrid group cellular automata C. And we present the conditions which the complemented hybrid group cellular automata C' with complement vectors derived from C has maximum equal lengths in the state transition diagram of C' Also we analyze the relationship among cycles of C' These results generalize Mukhopadhyay's results.

• Journal of IKEEE
• /
• v.19 no.3
• /
• pp.424-430
• /
• 2015

This paper proposes an optical cryptography application to 2-D page-oriented data based on CFB(Cipher Feedback) mode algorithm. The proposed method uses a free-space optical interconnected dual-encoding technique which performs XOR logic operations in order to implement 2-D page-oriented data encryption. The proposed method provides more enhanced cryptosystem with greater security strength than the conventional CFB block mode with 1-D encryption key due to the huge encryption key with 2-D arrayed page type. To verify the proposed method, encryption and decryption of 2-D page data and error analysis are carried out by computer simulations. The results show that the proposed CFB optical encryption system makes it possible to implement stronger cryptosystem with massive data processing and long encryption key compared to 1-D block method.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.8
• /
• pp.1597-1605
• /
• 2015

Password authenticated key exchange (PAKE) is a protocol that a client stores its password to a server, authenticates itself using its password and shares a session key with the server. In multi-server PAKE, a client splits its password and stores them to several servers separately. Unless all the servers are compromised, client's password will not be disclosed in the multi-server setting. In attribute-based encryption (ABE), a sender encrypts a message M using a set of attributes and then a receiver decrypts it using the same set of attributes. In this paper, we introduce multi-server PAKE protocol that utilizes a set of attributes of ABE as a client's password. In the protocol, the client and servers do not need to create additional public/private key pairs because the password is used as a set of public keys. Also, the client and the servers exchange only one round-trip message per server. The protocol is secure against dictionary attacks. We prove our system is secure in a proposed threat model. Finally we show feasibility through evaluating the execution time of the protocol.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.10
• /
• pp.1912-1918
• /
• 2016

MPTCP(Multipath Transmission Control Protocol) is able to compose many TCP paths when two hosts connect and the data is able to be transported through these paths simultaneously. When a new path is added, the authentication between both hosts is necessary to check the validity of host. So, MPTCP exchanges a key when initiating an connection and makes a token by using this key for authentication. However the original MPTCP is vulnerable to MITM(Man In The Middle) attacks because the key is transported in clear text. Therefore, we applied a ECDH(Elliptic Curve Diffie-Hellman) key exchange algorithm to original MPTCP and replaced the original key to the ECDH public key. And, by generating the secret key after the public key exchanges, only two hosts is able to make the token using the secret key to add new subflow. Also, we designed and implemented a method supporting encryption and decryption of data using a shared secret key to apply confidentiality to original MPTCP.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.2
• /
• pp.11-19
• /
• 2020

Modern GPU can execute general purpose computation on the graphic processing unit, and provide high performance by exploiting many core on GPU. To run AES algorithm efficiently, parallel computational resources are required. However, computational resource of CPU architecture are not enough to cryptographic algorithm such as AES whereas GPU architecture has mass parallel computation resources. Therefore, this paper reduce the time to execute AES by employing parallel computational resource on GPGPU. Unfortunately, AES cannot utilize computational resource on GPGPU since it isn't suitable to GPGPU architecture. In this paper, IPC based dynamic SM management technique are proposed to efficiently execute AES on GPGPU. IPC based dynamic SM management can increase and decrease the number of active SMs by using IPC in run-time. According to simulation results, proposed technique improve the performance by increasing resource utilization compared to baseline GPGPU architecture. The results show that AES improve the performance by 41.2% on average.

• The KIPS Transactions:PartC
• /
• v.10C no.6
• /
• pp.695-704
• /
• 2003

As wireless Internet speads widely, circulation of various types of digital contents become active. Therefore, it is necesary to make a mobile-based DRM (Digatal Rights Management) system to protect digital contents from illegal reproduction and to give proper rights to contents users, In this paper, we present a mibile security system, which protects the copyright for digital contents offered throughout the mobile environment. Our security system is focused on presenting mobile-based DRM architecture. Especially, considering mobile device's decrying power, we adopted partial encryption scheme. For this, wecompared and evaluated the performant of each contents encryption scheme (the entire encryption scheme and the partial encription scheme) and proved that a proper DRM system for current wireless devices is the partial encryption system. Our mobile DRM system can be very efficient to protect contents on the wireless Internet environment.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.11
• /
• pp.351-356
• /
• 2020

With the spread of COVID-19 infections, the need for next-generation learning management system for undact education is rapidly increasing, and the Ministry of Education is planning future education through the establishment of fourth-generation NEIS. If the fourth-generation NEIS System is well utilized, there are advantages such as providing personalized education services and activating the use of educational data, but a solution to the illegal access problem in an access control environment where strict authorization is difficult due to various user rights. In this paper, we propose a blockchain-based access control audit system for next-generation learning management. Sensitive personal information is encrypted and stored using the proposed system, and when the auditor performs an audit later, a secret key for decryption is issued to ensure auditing. In addition, in order to prevent modification and deletion of stored log information, log information was stored in the blockchain to ensure stability. In this paper, a hierarchical ID-based encryption and a private blockchain are used so that higher-level institutions such as the Ministry of Education can hierarchically manage the access rights of each institution.