• Journal of the Korea Convergence Society
• /
• v.7 no.1
• /
• pp.49-55
• /
• 2016

In a delegate authentication, a user can lend his/her own authentication data to the third parties to let them be authenticated instead of himself/herself. The user authentication schemes based on the memory of unique data such as password, are vulnerable to this type of attack. Biometric authentication could minimize the risk of delegate authentication since it uses the biometric data unique by each person. Group authentication scheme is used to prove that each group member belongs to the corresponding group. For applications such as an electronic voting or a mobile meeting where the number of group members is changing dynamically, a new group authentication method is needed to reflect the status of group in real time. In this paper, we propose biometric authentication based dynamic group signature scheme. The proposed scheme is composed of biometric key generation, group public key creation, group signature generation, group signature verification and member update protocols. The proposed member update protocol is secure against colluding attacks of existing members and could reflect group status in real time.

• Journal of Communications and Networks
• /
• v.10 no.1
• /
• pp.18-27
• /
• 2008

This paper is to study a subclass of group-oriented cryptographic scheme: Many-to-one encryption and authentication scheme. The many-to-one encryption and authentication scheme is to solve a practical problem, i.e., the scenario that the number of the receivers is very small compared with the number of the senders and a receiver may serve millions of senders. Compared with the traditional methods, the burdens of the receiver and the KGC are reduced greatly. How to revoke a sender from his receiver's legitimate sender group is also proposed and it is efficient compared with some traditional methods. The proposed scheme is proven in the random oracle models. The computational complexity of our scheme is independent of the number of the senders. At the end of the paper, an example is given to show how to use our scheme in online software registration and update.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.935-949
• /
• 2016

In this paper, we present a novel authenticated group key distribution scheme for large and dynamic multicast groups without employing traditional symmetric and asymmetric cryptographic operations. The security of our scheme is mainly based on the basic theories for solving linear equations. In our scheme, a large group is divided into many subgroups, where each subgroup is managed by a subgroup key manager (SGKM) and a group key generation center (GKGC) further manages all SGKMs. The group key is generated by the GKGC and then propagated to all group members through the SGKMs, such that only authorized group members can recover the group key but unauthorized users cannot. In addition, all authorized group members can verify the authenticity of group keys by a public one-way function. The analysis results show that our scheme is secure and efficient, and especially it is very appropriate for secure multicast communications in large and dynamic client-server networks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.3
• /
• pp.1144-1156
• /
• 2014

In Internet, IP multicast has been used successfully to provide an efficient, best-effort delivery service for group communication applications. However, applications such as multiparty private conference, distribution of stock market information, pay per view and other subscriber services may require secure multicast to protect integrity and confidentiality of the group traffic, and validate message authenticity. Providing secure multicast for group communication is problematic without a robust group key management. In this paper, we propose a group key management scheme based on the secret sharing technology to require each member by itself to generate the group key when receiving a rekeying message multicast by the group key distributor. The proposed scheme enforces mutual authentication between a member and the group key distributor while executing the rekeying process, and provides forward secrecy and backward secrecy properties, and resists replay attack, impersonating attack, group key disclosing attack and malicious insider attack.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.335-341
• /
• 2014

To play the networked video contents in a client's mobile device in real time, the contents should be delivered to it by the contents server with streaming technology. Generally, in a server-client based commerce model, the server is in charge of both the authentication of the paid customer and distribution of the contents. The drawback of it is that if the customers' requests go on growing rapidly, the service quality would be degraded results from the problems of overloaded server or restricted network bandwidth. On the contrary, in P2P based networks, more and more the demand for service increasing, the service quality is upgraded since a customer can act as a server. But, in the P2P based network, there are too many servers to manage, it's possible to distribute illegal contents because the P2P protocol cannot control distributed servers. Thus, it's not suitable for commercial purposes. In this paper, the dymanic group authentication scheme is proposed which is suited to P2P based applications. The proposed scheme consists of group based key generation, key update, signature generation and verification protocols. It can control the seeder's state whether the seeder is joining or leaving the network, and it can be applied to hybrid P2P based commerce model where sales transactions are covered by the index server and the contents are distributed by the P2P protocol.

• Journal of Convergence Society for SMB
• /
• v.4 no.4
• /
• pp.19-23
• /
• 2014

Group communication is becoming increasingly popular in Internet applications such as videoconferences, online chatting programs, games, and gambling. For secure communications, the integrity of messages, member authentication, and confidentiality must be provided among group members. To maintain message integrity, all group members use the Group Key (GK) for encrypting and decrypting messages while providing enough security to protect against passive attacks. Tree-based Group Diffie-Hellman (TGDH) is an efficient group key agreement protocol to generate the GK. TGDH assumes all members have an equal computing power. One of the characteristics of distributed computing and grid environments is heterogeneity; the member can be at a workstation, a laptop or even a mobile computer. Member reordering in the TDGH protocol could potentially lead to an improved protocol; such reordering should capture the heterogeneity of the network as well as latency. This research investigates dynamic reordering mechanisms to consider not only the overhead involved but also the scalability of the proposed protocol.

• Journal of KIISE:Information Networking
• /
• v.36 no.4
• /
• pp.275-285
• /
• 2009

RFID technology using the smart tag technology as a part of the sensor network is currently in the spotlight. But there are still many problems in applying the technology in a ubiquitous environment, induding at the point when anybody can read the tag information and the authentication between the tag and the reader, and security problems in very low-cost smart tag implementation. The proposed scheme is designed to enhance security and efficiency related to various services required in RF networks, based on the reliable peripheral devices for users of passive RFID tag. Using passive RFID tag, which has been applied to authentication transactions in existing papers, this study also proposed an appropriate management scheme that is suitable for a dynamic environment and setting a temporary group to provide various services. also proposed scheme is support RFID grouping, temporary group of service and security servicce, improved efficiency of communication.

• Journal of Platform Technology
• /
• v.9 no.1
• /
• pp.46-57
• /
• 2021

Recently, research has been actively conducted to utilize blockchain technology in various fields. In particular, blockchain-based smart contracts are applied to various automation systems that require reliability as they have the characteristics of recording data in a distributed ledger environment to verify the integrity and validity of data. However, blockchain does not provide data access control and information security because data is shared among network participants. In this paper, we propose a user dynamic access control mechanism utilizing smart contracts in blockchain environments. The proposed mechanism identifies the user's contextual information when accessing data, allocating the user's role and dynamically controlling the data access range. This can increase the security of the system and the efficiency of data management by granting data access dynamically at the time of user authentication, rather than providing the same services in roles assigned to each user group of the network system. The proposed mechanism is expected to provide flexible authentication capabilities through dynamic data access control by users to enhance the security of data stored within blockchain networks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.1B
• /
• pp.1-9
• /
• 2009

In this paper, we propose an enhanced handoff support scheme based on network-based mobility management protocol, Proxy Mobile IPv6 (PMIPv6), which is actively standardized by the IETF NETLMM working group. By utilizing the dynamic virtual hierarchy network architecture between mobile access gateways (MAGs), the proposed scheme can support network scalability and reliability to wireless access network. In addition, we propose pre-authentication process based on the policy store (PS) to support a fast and seamless handoff. We evaluate the performance of the proposed scheme in terms of handoff delay and end-to-end delay thru computer simulation. Thru, various computer simulation results, we verified the superior performance of the proposed scheme by comparing with the results of other schemes.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.10 s.340
• /
• pp.31-38
• /
• 2005

Ipsec is a security protocol suite that provides encryption and authentication services for IP messages at the network layer of the internet. Internet Key Exchange (IKE) is a protocol that is used to negotiate and provide authenticated keying materials in a protected manner for Security Associations (SAs). In this paper, we propose a dynamic key lifetime change algorithm for performance enhancement of virtual private networks using IPSec. The proposed algorithm changes the key lifetime according to the number of secure tunnels. The proposed algorithm is implemented with Linux 2.4.18 and FreeS/WAN 1.99. The system employing our proposed algorithm performs better than the original version in terms of network performance and security.