• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.1
• /
• pp.55-60
• /
• 2020

In this paper, we propose an access control system using cryptography as a method to protect personal data in public blockchain. The proposed system is designed to encrypt data according to the access policy, store it in the blockchain, and decrypt only the person who satisfy the access policy. In order to improve performance and scalability, an encryption mechanism is implemented outside the blockchain. Therefore, data access performance could be preserved while cryptographic operations executed Furthermore it can also improve the scalability by adding new access control modules while preserving the current configuration of blockchain network. The encryption scheme is based on the attribute-based encryption (ABE). However, unlike the traditional ABE, the "retention period", is incorporated into the access structure to ensure the right to be forgotten. In addition, symmetric key cryptograpic algorithms are used for the performance of ABE. We implemented the proposed system in a public blockchain and conducted the performance evaluation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.41-48
• /
• 2018

Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.9_10
• /
• pp.441-451
• /
• 2008

Currently, the X.509 proxy certificate is widely used to delegate an entity's right to another entity in the computational grid environment. However it has two drawbacks: the potential security threat caused by intraceability of a delegation chain and the inefficiency caused by an interactive communication between the right grantor and the right grantee on the delegation protocol. To address these problems for computational grids, we propose a new delegation protocol without additional cost. We use an ID-based key generation technique to generate a proxy private key which is a means to exercise the delegated signing right. By applying the ID-based key generation technique, the proposed protocol has the delegation traceability and the non-interactive delegation property. Since the right delegation occurs massively in the computational grid environment, our protocol can contribute the security enhancement by providing the delegation traceability and the efficiency enhancement by reducing the inter-domain communication cost.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.47 no.1
• /
• pp.139-149
• /
• 2010

Random scalar countermeasures, which carry out the scalar multiplication by the ephemeral secret key, against the differential power analysis of ECIES and ECDH have been known to be secure against various power analyses. However, if an attacker can find this ephemeral key from the one power signal, these countermeasures can be analyzed. In this paper, we propose a new power attack method which can do this analysis. Proposed attack method can be accomplished while an attacker compares the elliptic curve doubling operations and we use the principle component analysis in order to ease this comparison. When we have actually carried out the proposed power analysis, we can perfectly eliminate the error of existing function for the comparison and find a private key from this elimination of the error.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.15-21
• /
• 2013

Due to the widespread propagation of mobile platforms such as smartphones and tablets, financial and e-commercial transactions based on these mobile platforms are growing rapidly. Unlike PCs, almost all mobile platforms do not provide physical keyboards or mice but provide virtual keypads using touchscreens. For this reason, an attacker attempts to obtain the coordinates of touches on the virtual keypad in order to get actual key values. To tackle this vulnerability, financial applications for mobile platforms use secure keypads, which change position of each key displayed on the virtual keypad. However, these secure keypads cannot protect users' private information more securely than the virtual keypads because each key has only 2 or 3 positions and moreover its probability distribution is not uniform. In this paper, we analyze secure keypads used by the most financial mobile applications, point out the limitation of the previous research, and then propose a more general and accurate attack method on the secure keypads.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.5
• /
• pp.2778-2791
• /
• 2017

In the age of big data, distributed data providers need to ensure the privacy, while data analysts need to mine the value of data. Therefore, how to find the privacy-utility tradeoff has become a research hotspot. Besides, the adversary may have the background knowledge of the data source. Therefore, it is significant to solve the privacy-utility tradeoff problem in the distributed environment with side information. This paper proposes a distributed privacy-utility tradeoff method using distributed lossy source coding with side information, and quantitatively gives the privacy-utility tradeoff region and Rate-Distortion-Leakage region. Four results are shown in the simulation analysis. The first result is that both the source rate and the privacy leakage decrease with the increase of source distortion. The second result is that the finer relevance between the public data and private data of source, the finer perturbation of source needed to get the same privacy protection. The third result is that the greater the variance of the data source, the slighter distortion is chosen to ensure more data utility. The fourth result is that under the same privacy restriction, the slighter the variance of the side information, the less distortion of data source is chosen to ensure more data utility. Finally, the provided method is compared with current ones from five aspects to show the advantage of our method.

• The Journal of the Korea Contents Association
• /
• v.12 no.2
• /
• pp.69-77
• /
• 2012

In the case of the password-based PKI technology, because it protects by using the password which is easy that user memorizes the private key, he has the problem about the password exposure. In addition, in the system of electronic bidding, the illegal use using the authentic certificate of the others increases. Recently, in order to solve this problem, the research about the PKI technology using the biometrics is actively progressed. If the bio information which the user inputs for the bio authentication is converted to the template, the digest access authentication in which the security is strengthened than the existing authentication technology can be built. Therefore, in this paper, we had designed and developed the system of electronic bidding which it uses the most widely used fingerprint information in the biometrics, it stores the user fingerprint information and certificate in the fingerprint security token and can authenticate the user. In case of using the system of electronic bidding of the public key infrastructure using the fingerprint information proposed in this paper the agent bid problem that it uses the certificate of the others in not only user authentication intensification but also system of electronic bidding can be concluded.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.6
• /
• pp.155-164
• /
• 2011

APP based on the smart phone is being utilized to various scopes such as medical services in hospitals, financing services at banks and credit card companies, and ubiquitous technologies in companies and homes etc. In this service environment, exposures of smart phones cause loss of assets including leaks of official/private information by outsiders. Though secret keys, pattern recognition technologies, and single image authentication techniques are being applied as protective methods, but they have problems in that accesses are possible by utilizing static key values or images like pictures. Therefore, this study proposes a face authentication technology for protecting smart phones from these dangerous factors and problems. The proposed technology authenticates users by extracting key frames of user's facial images by real time, and also controls accesses to the smart phone. Authentication information is composed of multiple key frames, and the user' access is controlled by distinction algorism of similarity utilizing DC values of image's pixel and luminance.

• Asian Pacific Journal of Cancer Prevention
• /
• v.17 no.6
• /
• pp.2841-2846
• /
• 2016

Background: Tobacco use is the single most important preventable risk factor for cancer. Surveillance of tobacco-related cancers (TRC) is critical for monitoring trends and evaluating tobacco control programmes. We analysed the trends of TRC and evaluated the population-based cancer registry (PBCR) in Delhi for simplicity, comparability, validity, timeliness and representativeness. Materials and Methods: We interviewed key informants, observed registry processes and analysed the PBCR dataset for the period 1988-2009 using the 2009 TRC definition of the International Agency for Research on Cancer. We calculated the percentages of morphologically verified cancers, death certificate-only (DCO) cases, missing values of key variables and the time between cancer diagnosis and registration or publication for the year 2009. Results: The number of new cancer cases increased from 5,854 to 15,244 (160%) during 1988-2009. TRC constituted 58% of all cancers among men and 47% among women in 2009. The age-adjusted incidence rates of TRC per 100,000 population increased from 64.2 to 97.3 among men, and from 66.2 to 69.2 among women during 1988-2009. Data on all cancer cases presenting at all major government and private health facilities are actively collected by the PBCR staff using standard paper-based forms. Data abstraction and coding is conducted manually following ICD-10 classifications. Eighty per cent of cases were morphologically verified and 1% were identified by death certificate only. Less than 1% of key variables had missing values. The median time to registration and publishing was 13 and 32 months, respectively. Conclusions: The burden of TRC in Delhi is high and increasing. The Delhi PBCR is well organized and generates high-quality, representative data. However, data could be published earlier if paper-based data are replaced by electronic data abstraction.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.2
• /
• pp.81-89
• /
• 2003

With the rapid development of information and communication technology, online dissemination increases rapidly. So, It becomes more important to protect information. Recently the authentication system using public key infrastructure (PKI) is being utilized as an information protection infrastructure for electronic business transactions. And the smartcard system makes the most use of such an infrastructure. But because the certification based on the current PKI provides oかy basic user certification information, the use has to be limited in various application services that need the identification and authorization information as well as face-to-face information of the user. In order to protect a system from various kinds backings and related treats, we have proposed angular and private key multiplexing for prevention of smartcard forgery and alteration based on a photopolymer cryptosystem. When smartcard becomes prone to forgery and alteration, we should be able to verify it. Also, our parer proposes a new authentication system using multi authentication based on PKI. The smartcard has an excellent advantage in security and moving.