• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권6호
• /
• pp.1480-1491
• /
• 2013

Certificate-based cryptography is a new cryptographic primitive which eliminates the necessity of certificates in the traditional public key cryptography and simultaneously overcomes the inherent key escrow problem suffered in identity-based cryptography. However, to the best of our knowledge, all existed constructions of certificate-based encryption so far have to be based on the bilinear pairings. The pairing calculation is perceived to be expensive compared with normal operations such as modular exponentiations in finite fields. The costly pairing computation prevents it from wide application, especially for the computation limited wireless sensor networks. In order to improve efficiency, we propose a new certificate-based encryption scheme that does not depend on the pairing computation. Based on the decision Diffie-Hellman problem assumption, the scheme's security is proved to be against the chosen ciphertext attack in the random oracle. Performance comparisons show that our scheme outperforms the existing schemes.

• 전자통신동향분석
• /
• 제33권1호
• /
• pp.68-77
• /
• 2018

Data deduplication is a common used technology in backup systems and cloud storage to reduce storage costs and network traffic. To preserve data privacy from servers or malicious attackers, there has been a growing demand in recent years for individuals and companies to encrypt data and store encrypted data on a server. In this study, we introduce two cryptographic primitives, Convergent Encryption and Message-Locked Encryption, which enable deduplication of encrypted data between clients and a storage server. We analyze the security of these schemes in terms of dictionary and poison attacks. In addition, we introduce deduplication systems that can be implemented in real cloud storage, which is a practical application environment, and describes the proof of ownership on client-side deduplication.

• 디지털산업정보학회논문지
• /
• 제5권2호
• /
• pp.123-131
• /
• 2009

Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems have recently been added to the already wide collection of wireless sensor networks applications. The PCS/SCADA environment is somewhat more amenable to the use of heavy cryptographic mechanisms such as public key cryptography than other sensor application environments. The sensor nodes in the environment, however, are still open to devastating attacks such as node capture, which makes designing a secure key management challenging. Recently, Nilsson et al. proposed a key management scheme for PCS/SCADA, which was claimed to provide forward and backward secrecies. In this paper, we define four different types of adversaries or attackers in wireless sensor network environments in order to facilitate the evaluation of protocol strength. We then analyze Nilsson et al. 's protocol and show that it does not provide forward and backward secrecies against any type of adversary model.

• 인터넷정보학회논문지
• /
• 제7권3호
• /
• pp.83-91
• /
• 2006

본 논문에서는 인증서를 사용하는 모든 암호시스템 분야에 응용될 수 있는 인증 및 키 복원 프로토콜로 PKINIT를 응용한 안전한 초기인증 공개키 암호시스템 모델을 연구하였다. 멤버들에 대한 인증은 서버와 사용자간에 인증서를 기반으로 공개 키 암호에 의한 초기인증과 세션 키 분배, 응용자원 서버들과의 비밀통신에서 키의 유실을 고려한 키 복구지원 프로토콜을 제안하였다.

• 한국정보과학회:학술대회논문집
• /
• 한국정보과학회 2001년도 가을 학술발표논문집 Vol.28 No.2 (3)
• /
• pp.229-231
• /
• 2001

IPSec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the Internet. Key recovery has been the subject of a lot of discussion, of much controversy and of extensive research. Key recovery, however, might be needed at a corporate level, as a from of key management. The basic observation of the present paper is that cryptographic solutions that have been proposed so far completely ignore the communication context. Static systems are put forward fur key recovery at network layer and solutions that require connections with a server are proposed at application layer. We propose example to provide key recovery capability by adding key recovery information to an IP datagram. It is possible to take advantage of the communication environment in order to design key recovery protocols that are better suited and more efficient.

• Journal of information and communication convergence engineering
• /
• 제7권2호
• /
• pp.98-106
• /
• 2009

Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems have recently been added to the already wide collection of wireless sensor networks applications. The PCS/SCADA environment is somewhat more amenable to the use of heavy cryptographic mechanisms such as public key cryptography than other sensor application environments. The sensor nodes in the environment, however, are still open to devastating attacks such as node capture, which makes designing a secure key management challenging. In this paper, a key management scheme is proposed to defeat node capture attack by offering both forward and backward secrecies. Our scheme overcomes the pitfalls which Nilsson et al.'s scheme suffers from, and is not more expensive than their scheme.

• 한국정보보호학회:학술대회논문집
• /
• 한국정보보호학회 2001년도 종합학술발표회논문집
• /
• pp.297-301
• /
• 2001

PC카드 형태로 개발되어 사용되는 보안토큰은 다양한 보안서비스를 바탕으로 차세대 정보보호 기술의 핵심기술로 떠오르고 있다. PC카드 보안토큰 휴대용 컴퓨터 운용을 위한 메모리 카드 표준 인터페이스를 수용하여 다양한 암호알고리즘 수행이 가능하고, 사용자의 요구조건을 비교적 쉽게 수용하고, 아울러 다양한 응용분야에 사용되는 등의 장점을 가지고 있다. 본 논문에서는 Motorola PowerPC 기반의 MPC860 마이크로 프로세서가 장착된 제어보드를 이용하여 PC카드 보안토큰에 대한 PCMCIA(Personal Computer Memory Card International Association) 카드 장치구동기 및 API(Application Program Interface)를 설계/구현하여 각각의 기능시험을 통해 그 기능들을 검증하였다.

• 정보보호학회논문지
• /
• 제19권6호
• /
• pp.195-199
• /
• 2009

이 논문에서는 CDH가정에 안전성을 기초로 하는 공격자가 참여하는 새로운 문제를 정의하고 이의 안전성을 증명한다. 이 새로운 문제는 암호 프로토콜의 설계에서 프리미티브로 이용될 수 있다. 이 논문에서는 이 문제의 응용 예로 새로운 identification 기법을 보인다. 또한, 이 문제의 판별 버전(decisional version)에 대해서도 살펴본다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권5호
• /
• pp.2680-2700
• /
• 2017

Finite field arithmetic over GF($2^m$) is used in a variety of applications such as cryptography, coding theory, computer algebra. It is mainly used in various cryptographic algorithms such as the Elliptic Curve Cryptography (ECC), Advanced Encryption Standard (AES), Twofish etc. The multiplication in a finite field is considered as highly complex and resource consuming operation in such applications. Many algorithms and architectures are proposed in the literature to obtain efficient multiplication operation in both hardware and software. In this paper, a modified serial multiplication algorithm with interleaved modular reduction is proposed, which allows for an efficient realization of a sequential polynomial basis multiplier. The proposed sequential multiplier supports multiplication of any two arbitrary finite field elements over GF($2^m$) for generic irreducible polynomials, therefore made versatile. Estimation of area and time complexities of the proposed sequential multiplier is performed and comparison with existing sequential multipliers is presented. The proposed sequential multiplier achieves 50% reduction in area-delay product over the best of existing sequential multipliers for m = 163, indicating an efficient design in terms of both area and delay. The Application Specific Integrated Circuit (ASIC) and the Field Programmable Gate Array (FPGA) implementation results indicate a significantly less power-delay and area-delay products of the proposed sequential multiplier over existing multipliers.

• 정보보호학회논문지
• /
• 제14권5호
• /
• pp.141-151
• /
• 2004

전자상거래의 활성화에 따라 이동매체의 안전에 대한 요구사항이 늘어나고 있다. 이동매체간의 호환성을 제공하기 위해서는 보안 API(Application Programming Interface)가 쉽고 안전하게 설계되어져야한다. 현재 많은 제품과 개발에 호환성과 확장성 표준을 제시하고 있는 RSA사의 PKCS(Public Key Cryptographic Standard) #11 인터페이스를 선택하여, 국내 전자서명 표준인 KCDSA(Korean Certificate-based Digital Signature Algorithm) 메커니즘을 제공하고자 한다. 그리고, PKCS #11 보안 API에 새로운 키 관리 함수를 정의하므로써 보다 더 안전한 키 관리 기능도 지원한다. KCDSA 개인키와 공개키의 객체 속성과 템플릿을 정의하고, KCDSA 메커니즘으로 전자서명을 생성하고 검증할 수 있도록 한다. KCDSA 메커니즘을 제공하는 PKCS #11을 설계 및 구현하여 성능평가하고, 보안성 및 호환성에 대하여 비교분석한다.