• Title/Summary/Keyword: Identity Based Encryption

Search Result 80, Processing Time 0.028 seconds

A Wireless Network Structure and AKA(Authentication and Key Agreement) Protocol of Advanced Metering Infrastructure on the Smart Grid based on Binary CDMA (스마트 그리드를 위한 Binary CDMA 기반의 AMI 무선 네트워크 구조 및 AKA 프로토콜)

  • Jeon, Jae-Woo;Lim, Sun-Hee;Yi, Ok-Yeon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.5
    • /
    • pp.111-124
    • /
    • 2010
  • AMI (Advanced Metering Infrastructure) is a core infrastructure of Smart Grid, and is promoting in various country. Wireless network is considered for cost savings and operational efficiencies in AMI. But various security problems are expected in wireless networks of AMI, so we should solve these problems. In this paper, we suggest a wireless network of AMI by using Binary CDMA and security countermeasures of AMI wireless network. Proposed security architecture is using BSIM (Binary Subscriber Identity Module) to perform user authentication and key agreement for the encryption and decryption over radio network to reduce security threats.

Forward-Secure Public Key Broadcast Encryption (전방향 안전성을 보장하는 공개키 브로드캐스트 암호 기법)

  • Park, Jong-Hwan;Yoon, Seok-Koo
    • Journal of Broadcast Engineering
    • /
    • v.13 no.1
    • /
    • pp.53-61
    • /
    • 2008
  • Public Key Broadcast Encryption (PKBE) allows a sender to distribute a message to a changing set of users over an insecure channel. PKBE schemes should be able to dynamically exclude (i.e., revoke) a certain subset of users from decrypting a ciphertext, so that only remaining users can decrypt the ciphertext. Another important requirement is for the scheme to be forward-secrecy. A forward-secure PKBE (fs-PKBE) enables each user to update his private key periodically. This updated private key prevents an adversary from obtain the private key for certain past period, which property is particularly needed for pay-TV systems. In this paper, we present a fs-PKBE scheme where both ciphertexts and private keys are of $O(\sqrt{n})$ size. Our PKBE construction is based on Boneh-Boyen-Goh's hierarchical identity-based encryption scheme. To provide the forward-secrecy with our PKBE scheme, we again use the delegation mechanism for lower level identities, introduced in the BBG scheme. We prove chosen ciphertext security of the proposed scheme under the Bilinear Diffie-Hellman Exponent assumption without random oracles.

ECbA(Elliptic Curve based Authentication) System on the wireless network environment (무선 네트워크 환경에서의 ECbA(Elliptic Curve based Authentication)시스템 설계)

  • Jeong, Eun-Hee;Yang, Seung-Hae;Kim, Hak-Chun;Lee, Byung-Kwan
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.1 no.1
    • /
    • pp.67-74
    • /
    • 2008
  • As wireless network market is increasing rapidly, the biggest issue is to transfer safe data and to authenticate users. This paper proposes ECbA(Elliptic Curve based Authentication) which consists of the mutual authentication mechanism that users can ascertain the identity of an authentication server and the user authentication mechanism that an authentication server can make sure users' identity, by using Elliptic Curve algorithms. The proposed ECbA system diminishes the message quantity and the execution time by using the small elliptic curve algorithm with the small key length in authentication. In addition, as this paper reduces the authentication steps of existing EAP_TLS into 6 authentication steps, the communication cost and mutual authentication time can be saved. As this paper distributes new keys, whenever authenticating users by using key exchange mechanism, it provides safe encryption communication and prevents DoS attack by controlling the users authentication request by authentication server.

  • PDF

Personal Health Information Transmission using Identity-Based Proxy Re-Encryption in Remote Health Monitoring System (원격건강정보 모니터링 시스템 상에서 신원기반 프록시 재암호화를 이용한 개인 건강정보 전송)

  • Noh, Si-Wan;Park, Youngho;Rhee, Kyung-Hyune
    • Annual Conference of KIPS
    • /
    • 2016.10a
    • /
    • pp.258-261
    • /
    • 2016
  • 환자가 가정에서 네트워크를 통해 자신의 건강정보를 원격지에 위치한 의사에게 전송하여 이에 대한 진단을 받는 원격건강정보 모니터링 시스템에서 환자의 개인건강정보의 보호는 매우 중요한 과제이다. 본 논문에서는 신원기반 프록시 재암호화 기법을 사용하여 환자가 다수의 의사를 선택하여 각 의사들에게 개인건강정보를 전송하여 진단을 받는 환경을 가정하여 환자가 가지는 연산부담을 줄이기 위해 환자의 비밀키로 생성한 암호문을 프록시가 재암호화하여 의사가 가진 비밀키로 복호화 할 수 있도록 하는 기법을 제안한다.

The Classic Security Application in M2M: the Authentication Scheme of Mobile Payment

  • Hu, Liang;Chi, Ling;Li, Hong-Tu;Yuan, Wei;Sun, Yuyu;Chu, Jian-Feng
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.1
    • /
    • pp.131-146
    • /
    • 2012
  • As one of the four basic technologies of IOT (Internet of Things), M2M technology whose advance could influence on the technology of Internet of Things has a rapid development. Mobile Payment is one of the most widespread applications in M2M. Due to applying wireless network in Mobile Payment, the security issues based on wireless network have to be solved. The technologies applied in solutions generally include two sorts, encryption mechanism and authentication mechanism, the focus in this paper is the authentication mechanism of Mobile Payment. In this paper, we consider that there are four vital things in the authentication mechanism of Mobile Payment: two-way authentication, re-authentication, roaming authentication and inside authentication. Two-way authentication is to make the mobile device and the center system trust each other, and two-way authentication is the foundation of the other three. Re-authentication is to re-establish the active communication after the mobile subscriber changes his point of attachment to the network. Inside authentication is to prevent the attacker from obtaining the privacy via attacking the mobile device if the attacker captures the mobile device. Roaming authentication is to prove the mobile subscriber's legitimate identity to the foreign agency when he roams into a foreign place, and roaming authentication can be regarded as the integration of the above three. After making a simulation of our proposed authentication mechanism and analyzing the existed schemes, we summarize that the authentication mechanism based on the mentioned above in this paper and the encryption mechanism establish the integrate security framework of Mobile Payment together. This makes the parties of Mobile Payment apply the services which Mobile Payment provides credibly.

Fine-Grained and Traceable Key Delegation for Ciphertext-Policy Attribute-Based Encryption

  • Du, Jiajie;HelIl, Nurmamat
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.9
    • /
    • pp.3274-3297
    • /
    • 2021
  • Permission delegation is an important research issue in access control. It allows a user to delegate some of his permissions to others to reduce his workload, or enables others to complete some tasks on his behalf when he is unavailable to do so. As an ideal solution for controlling read access on outsourced data objects on the cloud, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has attracted much attention. Some existing CP-ABE schemes handle the read permission delegation through the delegation of the user's private key to others. Still, these schemes lack the further consideration of granularity and traceability of the permission delegation. To this end, this article proposes a flexible and fine-grained CP-ABE key delegation approach that supports white-box traceability. In this approach, the key delegator first examines the relations between the data objects, read permission thereof that he intends to delegate, and the attributes associated with the access policies of these data objects. Then he chooses a minimal attribute set from his attributes according to the principle of least privilege. He constructs the delegation key with the minimal attribute set. Thus, we can achieve the shortest delegation key and minimize the time of key delegation under the premise of guaranteeing the delegator's access control requirement. The Key Generation Center (KGC) then embeds the delegatee's identity into the key to trace the route of the delegation key. Our approach prevents the delegatee from combining his existing key with the new delegation key to access unauthorized data objects. Theoretical analysis and test results show that our approach helps the KGC transfer some of its burdensome key generation tasks to regular users (delegators) to accommodate more users.

A Model for Self-Authentication Based on Decentralized Identifier (탈중앙화 신원증명에 기반한 본인 인증 모델)

  • Kim, Ho-Yoon;Han, Kun-Hee;Shin, Seung-Soo
    • Journal of Convergence for Information Technology
    • /
    • v.11 no.11
    • /
    • pp.66-74
    • /
    • 2021
  • With the development of the Internet, user authentication technology that proves me online is improving. Existing ID methods pose a threat of personal information leakage if the service provider manages personal information and security is weak, and the information subject is to the service provider. In this study, as online identification technology develops, we propose a DID-based self-authentication model to prevent the threat of leakage of personal information from a centralized format and strengthen sovereignty. The proposed model allows users to directly manage personal information and strengthen their sovereignty over information topics through VC issued by the issuing agency. As a research method, a self-authentication model that guarantees security and integrity is presented using a decentralized identifier method based on distributed ledger technology, and the security of the attack method is analyzed. Because it authenticates through DID Auth using public key encryption algorithms, it is safe from sniffing, man in the middle attack, and the proposed model can replace real identity card.

A Study on Cooperation between Kerberos system and Credit-Control Server

  • Choi, Bae-Young;Lim, Hyung-Jin;Chung, Tai-Myoung
    • Proceedings of the Korea Society of Information Technology Applications Conference
    • /
    • 2005.11a
    • /
    • pp.281-284
    • /
    • 2005
  • Kerberos is system that offer authorization in internet and authentication service. Can speak that put each server between client and user in distributed environment and is security system of symmetry height encryption base that offer authentication base mutually. Kerberos authentication is based entirely on the knowledge of passwords that are stored on the Kerberos Server. A user proves her identity to the Kerberos Server by demonstrating Knowledge of the key. The fact that the Kerberos Server has access to the user's decrypted password is a rwsult of the fact that Kerberos does not use public key cryptogrphy. It is a serious disadvantage of the Kerbercs System. The Server must be physically secure to prevent an attacker from stealing the Kerberos Server and learning all of the user passwords. Kerberos was designend so that the server can be stateless. The Kerberos Server simply answers requests from users and issues tickets. This study focused on designing a SIP procy for interworking with AAA server with respect to user authentication and Kerberos System. Kerberos is security system of encryption base that offer certification function mutually between client application element and server application element in distributed network environment. Kerberos provides service necessary to control whether is going to approve also so that certain client may access to certain server. This paper does Credit-Control Server's function in AAA system of Diameter base so that can include Accounting information that is connected to Rating inside certification information message in Rating process with Kerberos system.

  • PDF

A SM2 Elliptic Curve Threshold Signature Scheme without a Trusted Center

  • Jie, Yan;Yu, Lu;Li-yun, Chen;Wei, Nie
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.2
    • /
    • pp.897-913
    • /
    • 2016
  • Threshold signature is very important in identity authentication and some other applications. In December 2010, Chinese Encryption Administration released the SM2 elliptic curve digital signature algorithm as the first standard of the digital signature algorithm in China. At present, the papers on the threshold signature scheme based on this algorithm are few. A SM2 elliptic curve threshold signature scheme without a trusted center is proposed according to the Joint-Shamir-RSS algorithm, the Joint-Shamir-ZSS algorithm, the sum or diff-SS algorithm, the Mul-SS algorithm, the Inv-SS algorithm and the PM-SS algorithm. The proposed scheme is analyzed from correctness, security and efficiency. The correctness analysis shows that the proposed scheme can realize the effective threshold signature. The security analysis shows that the proposed scheme can resist some kinds of common attacks. The efficiency analysis shows that if the same secret sharing algorithms are used to design the threshold signature schemes, the SM2 elliptic curve threshold signature scheme will be more efficient than the threshold signature scheme based on ECDSA.

Study on WP-IBE compliant Mobile IPSec (WP-IBE 적용 Mobile IPSec 연구)

  • Choi, Cheong Hyeon
    • Journal of Internet Computing and Services
    • /
    • v.14 no.5
    • /
    • pp.11-26
    • /
    • 2013
  • In the wireless Internet, it is so restrictive to use the IPSec. The MIPv4 IPSec's path cannot include wireless links. That is, the IPSec of the wireless Internet cannot protect an entire path of Host-to-Host connection. Also wireless circumstance keeps a path static during the shorter time, nevertheless, the IKE for IPSec SA agreement requires relatively long delay. The certificate management of IPSec PKI security needs too much burden. This means that IPSec of the wireless Internet is so disadvantageous. Our paper is to construct the Mobile IPSec proper to the wireless Internet which provides the host-to-host transport mode service to protect even wireless links as applying excellent WP-IBE scheme. For this, Mobile IPSec requires a dynamic routing over a path with wireless links. FA Forwarding is a routing method for FA to extend the path to a newly formed wireless link. The FA IPSec SA for FA Forwarding is updated to comply the dynamically extended path using Source Routing based Bind Update. To improve the performance of IPSec, we apply efficient and strong future Identity based Weil Pairing Bilinear Elliptic Curve Cryptography called as WP-IBE scheme. Our paper proposes the modified protocols to apply 6 security-related algorithms of WP-IBE into the Mobile IPSec. Particularly we focus on the protocols to be applied to construct ESP Datagram.