• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.3-11
• /
• 2009

Forward secrecy in an e-mail system means that the compromising of the long-term secret keys of the mail users and mail servers does not affect the confidentiality of the previous e-mail messages. Previous forward-secure e-mail protocols used the certified public keys of the users and thus needed PKI(Public Key Infrastructure). In this paper, we propose a password-based authenticated e-mail protocol providing forward secrecy. The proposed protocol does not require certified public keys and is sufficiently efficient to be executed on resource-restricted mobile devices.

• Journal of Digital Convergence
• /
• v.12 no.1
• /
• pp.389-395
• /
• 2014

In a biometric signature scheme, a user's biometric key is used to sign the document. It also requires the user be authenticated with biometric recognition method, prior to signing the document. Because the biometric recognition is launched every time the signature session started, it is not suitable for electronic commerce applications such as shopping malls where large number of documents to sign are required. Therefore, to commercialize biometric based signature schemes, the new proxy signature scheme is needed to ease the burden of the signer. In the proxy signature scheme, the signer can delegate signing activities to trustful third parties. In this study, the biometric based signature delegation method is proposed. The proposed scheme is suitable for applications where a lot of signing are required. It is consisted of biometric key generation, PKI based mutual authentication, signature generation and verification protocols.

• The KIPS Transactions:PartC
• /
• v.14C no.4
• /
• pp.331-340
• /
• 2007

Mobile network environments are the environments where mobile devices are distributed invisible in our daily lives so that we can conventionally use mobile services at my time and place. The fact that we can work with mobile devices regardless of time and place, however, means that we are also in security threat of leaking or forging the information. In particular, without solving privacy concern, the mobile network environments which serve convenience to use, harmonized without daily lives, on the contrary, will cause a serious malfunction of establishing mobile network surveillance infrastructure. On the other hand, as the mobile devices with various sizes and figures, public key cryptography techniques requiring heavy computation are difficult to be applied to the computational constrained mobile devices. In this paper, we propose efficient PKI-based user authentication and java-based cryptography module for the privacy-preserving in mobile network environments. Proposed system is support a authentication and digital signature to minimize encrypting and decrypting operation by compounding session key and public key based on Korean standard cryptography algorithm(SEED, KCDSA, HAS160) and certificate in mobile network environment. Also, it has been found that session key distribution and user authentication is safety done on PDA.

• Journal of KIISE:Information Networking
• /
• v.30 no.6
• /
• pp.720-728
• /
• 2003

Blind signature is such a signature scheme that conceals the contents of signature itself and who is the user of the signature make user's anonymity possible. For this reason, they are used in security services such as electronic cashes and electronic votes in which the behavior of actor should not be exposed. In this paper we propose an ID-based blind signature scheme from Gap Diffie-Hellman group. Its security is based on the hardness of Computational Diffie-Hellman Problem. Proposed scheme efficiently improve against existing blind signature scheme by using two-pass protocol between two users and by reducing computation process. Therefore it can be used efficiently in wireless PKI environment.

• The KIPS Transactions:PartC
• /
• v.17C no.4
• /
• pp.347-360
• /
• 2010

A condition access system (CAS) refers to a hardware-based system that allows only authenticated users to have access to contents. The CAS has many disadvantages found in that in the replacement of multiple service operator (MSO) a set-top box should be also changed and the smart-card often causes malfunction. To deal with the problems, exchangeable CAS (XCAS) was developed in 2009. However, in the XCAS, no method to authenticate a proper set-top box has been put forward. In this paper, we propose a novel program for set-top authentication in the XCAS. Additionally, we offer a format of certificate of authentication, and procedures of issuing the certificate for broadcasting services suitable for the XCAS. The technical method of authentication a set-top box that will be discussed is of high efficiency since in the MSO it requires only two subjects to communicate during the authentication in the MSO.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.481-485
• /
• 2006

분산 컴퓨팅 시스템에 관한 연구가 네트워크가 발달함에 따라 점차 다양한 분야에서 활발하게 이루어지고 있다. 하나의 컴퓨터의 성능으로는 처리하기 힘든 일을 여러 컴퓨터 시스템이 분산하여 처리함으로써 효율성을 극대화 시킬 수 있도록 하는 이 기술은 네트워크가 발달할 수록 점점 더 각광 받을 것이다. 본 논문에서는 분산 컴퓨팅 시스템에서 무결성, 기밀성을 보장하기 위해 인증 시스템을 이용한 보안 프로토콜을 제시한다.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.12 no.4
• /
• pp.476-482
• /
• 2009

As a result from Hasse's theorem it is not always possible to share a common key between any two ECC public keys. Even though ECC algorithm is more efficient than any other Encryption's with respect to the encryption strength per bit, ECC ElGamal algorithm can not be used to distribute a common key to ECC PKI owners. Approaching mathematical ways in a practical situation, we suggest possible conditions to share a common key with ECC PKI's. Using computer experiments, we also show that these suggestions are right. In the conditions, we can distribute a common key to proper peoples with ECC ElGamal algorithm.

• Convergence Security Journal
• /
• v.10 no.3
• /
• pp.9-14
• /
• 2010

The network architecture and analysis model for evaluating the information security are presented to distribute the reliable and secure multimedia digital contents. Using the firewall and IDS, the function of the proposed model includes the security range, related data collection/analysis, level evaluation and strategy proposal. To develop efficient automatic analysis tool, the inter-distribution algorithm and network design based on the traffic analysis between web-server and user are needed. Furthermore, the efficient algorithm and design of DRM/PKI also should be presented before the development of the automatic information security model.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2001.11a
• /
• pp.60-63
• /
• 2001

무선 이동통신의 발전으로 인해 많은 사용자가 발생하였다. 그러나 1세대나 2세대의 경우 이동통신서비스는 기본적으로 음성을 기반으로 서비스를 하였기 때문에 다른 멀티미디어 서비스와 같은 고속 무선 인터넷 통신 수요자의 요구를 충족시키지 못하고 있다. 향후 무선에서 음성위주의 서비스가 아닌 데이터와 이동 멀티미디어 서비스와 같은 서비스를 통해 얻을 수 있다. 하지만 무선망은 전송로가 노출되어 있어 정당하지 않는 사용자에 의한 불법적인 절취 사용과 도청등에 많은 문제점이 발생할 수 있다. 악의적인 제 3의 사용자가 공유되어 있는 문서에 대한 문제점뿐만 아니라 양자간의 계약 혹은 과금 정보에 있어 악의적인 목적을 막는 방법이 필요하다. 다음과 같은 방법에 대한 해결책으로써 문서에 대한 내용증명과 시점확인이 바로 그것이다. 본 논문에서는 앞에서 언급한 문제점을 해결하고자 유선에서 사용중에 있는 시점확인 서비스 혹은 내용 증명 서비스를 향후 발전할 IMT-2000에 적용하여 보았다. 제안한 방식은 IMT-2000에서의 개체를 그대로 이용하면서 효율적인 방식을 제안하였다.

• Annual Conference of KIPS
• /
• 2005.05a
• /
• pp.1221-1224
• /
• 2005

권한 정책은 정책 인증서, 사용-조건 인증서, 속성 인증서로 구성되며, 안전하고 신뢰성 있는 사용자의 권한을 제공한다. 다양한 형태의 사용자 인증, 무결성, 부인 방지의 보안 서비스를 제공하는 공개키 기반 구조는 비대면한 상황에서 사용자의 인증을 위해서 좋은 해결책을 제시하여 주고 있지만 지역적으로 떨어져 있는 컴퓨팅 환경에서 권한에 대한 해결책을 제시하기에는 미흡한 것 또한 사실이다. 따라서 본 논문에서는 분산 환경에서 분산된 사용자들이 사용할 수 있는 AAS 권한 모델을 제안하고, 리눅스 기반 아파치 웹 서버에서 AAS 모듈을 설계하였다.