• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.47-52
• /
• 2007

In this paper, we proposed a constrution that creates Dynamic Pipe Hash Function with a pipe hash function. To increase security lever, dynamic hash function take and additional compression function. Proposed hash function based on the piped hash function. Our proposed Dynamic Pipe Hash Function is as secure against multicollision attack as an ideal hash function. And it have advantage for a number of reasons because of variable digest size. For example, in digital signature protocol, If a user requires increased security by selecting a large key size, useing a dynamic hash function in a protocol make implementation much easier when it is mandated that the size of the digest by increased.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.2
• /
• pp.327-338
• /
• 2018

On-line/off-line signature is a technique for performing heavy computations required for signature generation in the off-line stage and completing the final signature by a simple operation in the online stage. This is suitable for application environments that require immediate signing responses to multiple users. In this paper, we propose two new on-line/off-line signature schemes based on RSA problem. The first technique can generate a signature with a fixed base exponentiation when signing online, and the second technique can complete an online signature with a very simple calculation such as a hash operation. The security of both signatures is based on the RSA problem, which is proven to be tightly secure without security loss in the random oracle model.

• Journal of applied mathematics & informatics
• /
• v.8 no.3
• /
• pp.943-957
• /
• 2001

In this paper, we propose an efficient encryption algorithm, without exchanging session keys of a symmetric cryptosystem. The proposed scheme, called as the FAKE(Fast Asymmetric Key Encryption), first scrambles an entire input message and then encrypts small parts of the scrambled message using an asymmetric key encryption scheme. We use the all-or-nothing transform based on the hash function as a scrambling function, which was proposed by Shin, et al. Furthermore, the proposed scheme can additionally provide a digital signature service with only small overhead.

• Journal of Communications and Networks
• /
• v.14 no.6
• /
• pp.606-613
• /
• 2012

In a smart grid environment, data for the usage and control of power are transmitted over an Internet protocol (IP)-based network. This data contains very sensitive information about the user or energy service provider (ESP); hence, measures must be taken to prevent data manipulation. Mutual authentication between devices, which can prevent impersonation attacks by verifying the counterpart's identity, is a necessary process for secure communication. However, it is difficult to apply existing signature-based authentication in a smart grid system because smart meters, a component of such systems, are resource-constrained devices. In this paper, we consider a smart meter and propose an efficient mutual authentication protocol. The proposed protocol uses a matrix-based homomorphic hash that can decrease the amount of computations in a smart meter. To prove this, we analyze the protocol's security and performance.

• Bulletin of the Korean Mathematical Society
• /
• v.53 no.4
• /
• pp.1051-1069
• /
• 2016

Combining the concept of self-certified public key and message recovery, Li-Zhang-Zhu (LZZ) gives the proxy signature scheme with message recovery using self-certified public key. The security of the proposed scheme is based on the discrete logarithm problem (DLP) and one-way hash function (OWHF). Their scheme accomplishes the tasks of public key verification, proxy signature verification, and message recovery in a logically single step. In addition, their scheme satisfies all properties of strong proxy signature and does not use secure channel in the communication between the original signer and the proxy signer. In this paper, it is shown that in their signature scheme a malicious signer can cheat the system authority (SA), by obtaining a proxy signature key without the permission of the original signer. At the same time malicious original signer can also cheat the SA, he can also obtain a proxy signature key without the permission of the proxy signer. An improved signature scheme is being proposed, which involves the remedial measures to get rid of security flaws of the LZZ et al.'s. The security and performance analysis shows that the proposed signature scheme is maintaining higher level of security, with little bit of computational complexity.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.892-905
• /
• 2018

In smart home environment, certificate based signature technology is being studied by communication with Internet of Things(IoT) device. However, block - chain technology has attracted much attention because of the problems such as single - point error and management overhead of the trust server. Among them, Keyless Signature Infrastructure(KSI) provides integrity by configuring user authentication and global timestamp of distributed server into block chain by using hash-based one-time key. In this paper, we provide confidentiality by applying group key and key management based on multi - solution chain. In addition, we propose a smart home environment that can reduce the storage space by using Extended Merkle Tree and secure and efficient KSI-based authentication and communication with enhanced security strength.

• Journal of KIISE:Information Networking
• /
• v.32 no.4
• /
• pp.462-470
• /
• 2005

A hash chain is highly efficient and attractive structure to use in electronic cash. Previous systems using hash chain are used extensively in various cryptography applications such as one-time passwords, server-supported signatures and microments. However, The most hash chain based systems using fro-paid method provide anonymity but have the problem to increase payment cost. Therefore, in this paper, we propose a new hash chain based microment system which improves efficiency using session key and guarantees user anonymity through blind signature in the withdrawal process of the root value without disclosing privacy Information.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.19-31
• /
• 2018

As the ICT technologies advance, the unprecedently large amount of digital data is created, transferred, stored, and utilized in every industry. With the data scale extension and the applying technologies advancement, the new services emerging from the use of large scale data make our living more convenient and useful. But the cybercrimes such as data forgery and/or change of data generation time are also increasing. For the data security against the cybercrimes, the technology for data integrity and the time verification are necessary. Today, public key based signature technology is the most commonly used. But a lot of costly system resources and the additional infra to manage the certificates and keys for using it make it impractical to use in the large-scale data environment. In this research, a new and far less system resources consuming signature technology for large scale data, based on the Hash Function and Merkle tree, is introduced. An improved method for processing the distributed hash trees is also suggested to mitigate the disruptions by server failures. The prototype system was implemented, and its performance was evaluated. The results show that the technology can be effectively used in a variety of areas like cloud computing, IoT, big data, fin-tech, etc., which produce a large-scale data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.293-302
• /
• 2015

With the attack information collected during SMS phishing investigation, this paper will propose SMS phishing profiling model applying criminal profiling. Law enforcement agencies have used signature analysis by apk file hash and analysis of C&C IP address inserted in the malware. However, recently law enforcement agencies are facing the challenges such as signature diversification or code obfuscation. In order to overcome these problems, this paper examined 169 criminal cases and found out that 89% of serial number in cert.rsa and 80% of permission file was reused in different cases. Therefore, the proposed SMS phishing profiling model is mainly based on signature serial number and permission file hash. In addition, this model complements the conventional file hash clustering method and uses code similarity verification to ensure reliability.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.1
• /
• pp.161-167
• /
• 2008

As the authentication and the integrity methods based on the hash chain are popular, several certificate status validation methods based on the same function are proposd at the moment. In NOVOMODO, a CA generates and releases the hash value to each user. In Jianying Zhou's framework and Jong-Phil Yang's framework, a user generates and releases the hash value to verifier. Therefore, the CA loads are distributed to each user. However, these frameworks are based on the assumption that the CA's secret key is not lost or compromised and the certificates issued by the CA are error-free. Therefore, these frameworks are not suitable in real PKI environments. In this paper, as one hash value generated by CA is included in the user's certificate in addition, the certificate revocation published by CA using that value can be managed. The hash value included in user's certificate is the same for all users. The computation costs, the storage amounts and the release costs are small in the CA. And we modify the procedure for the signature and its validation in Jong-Phil Yang's framework. Our solution is more suitable than those frameworks in real PKI environments.