• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권4호
• /
• pp.910-922
• /
• 2013

In 2008, Chin et al. proposed an efficient and provable secure identity-based identification scheme in the standard model. However, we discovered a subtle flaw in the security proof which renders the proof of security useless. While no weakness has been found in the scheme itself, a scheme that is desired would be one with an accompanying proof of security. In this paper, we provide a fix to the scheme to overcome the problem without affecting the efficiency as well as a new proof of security. In particular, we show that only one extra pre-computable pairing operation should be added into the commitment phase of the identification protocol to fix the proof of security under the same hard problems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권9호
• /
• pp.4576-4598
• /
• 2018

In big data age, flexible and affordable cloud storage service greatly enhances productivity for enterprises and individuals, but spontaneously has their outsourced data susceptible to integrity breaches. Provable Data Possession (PDP) as a critical technology, could enable data owners to efficiently verify cloud data integrity, without downloading entire copy. To address challenging integrity problem on multiple clouds for multiple owners, an identity-based batch PDP scheme was presented in ProvSec 2016, which attempted to eliminate public key certificate management issue and reduce computation overheads in a secure and batch method. In this paper, we firstly demonstrate this scheme is insecure so that any clouds who have outsourced data deleted or modified, could efficiently pass integrity verification, simply by utilizing two arbitrary block-tag pairs of one data owner. Specifically, malicious clouds are able to fabricate integrity proofs by 1) universally forging valid tags and 2) recovering data owners' private keys. Secondly, to enhance the security, we propose an improved scheme to withstand these attacks, and prove its security with CDH assumption under random oracle model. Finally, based on simulations and overheads analysis, our batch scheme demonstrates better efficiency compared to an identity based multi-cloud PDP with single owner effort.

• 한국인터넷방송통신학회논문지
• /
• 제8권6호
• /
• pp.15-20
• /
• 2008

증명 가능한 안전성은 암호에서 어떤 암호 시스템의 안전성을 정형적으로 증명하는데 널리 사용되어 왔다. 본 논문에서는, 적응적 선택 암호문 공격에 대해 안전하다고 증명된 Cramer-Shoup 공개키 암호 시스템을 분석하고, 그 안전성 증명이 일반적 의미에서의 적응적 선택 암호문 공격에 대해서는 완전하지 않음을 보인다. 향후 연구 방향으로는 크게 두 가지 방향을 생각할 수 있다. 첫째는, 일반적 의미에서의 적응적 선택 암호문 공격에 대해서 완전하도록 Cramer-Shoup 공개키 암호 시스템을 수정하는 것이며, 둘째는 현재의 Cramer-Shoup 공개키 암호 시스템에 대하여 성공적으로 적응적 선택 암호문 공격을 할 수 있는 예를 보이는 것이다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제15권9호
• /
• pp.3322-3347
• /
• 2021

Cloud Storage is the primary component of many businesses on cloud. Majority of the enterprises today are adopting a multicloud strategy to keep away from vendor lock-in and to optimize cost. Auditing schemes are used to ascertain the integrity of cloud data. Of these schemes, only the Provable Data Possession schemes (PDP) are resilient to key-exposure. These PDP schemes are devised using Public Key Infrastructure (PKI-) based cryptography, Identity-based cryptography, etc. PKI-based systems suffer from certificate-related communication/computational complexities. The Identity-based schemes deal with the exposure of only the auditing secret key (audit key). But with the exposure of both the audit key and the secret key used to update the audit key, the auditing process itself becomes a complete failure. So, an Identity-based PDP scheme with Parallel Key-Insulation is proposed for multiple cloud storage. It reduces the risk of exposure of both the audit key and the secret key used to update the audit key. It preserves the data privacy from the Third Party Auditor, secure against malicious Cloud Service Providers and facilitates batch auditing. The resilience to key-exposure is proved using the CDH assumption. Compared to the existing Identity-based multicloud schemes, it is efficient in integrity verification.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권7호
• /
• pp.2532-2553
• /
• 2014

In Asiacrypt 2003, Al-Riyami and Paterson proposed the notion of certificateless cryptography, a technique to remove key escrow from traditional identity-based cryptography as well as circumvent the certificate management problem of traditional public key cryptography. Subsequently much research has been done in the realm of certificateless encryption and signature schemes, but little to no work has been done for the identification primitive until 2013 when Chin et al. rigorously defined certificateless identification and proposed a concrete scheme. However Chin et al.'s scheme was proven in the random oracle model and Canetti et al. has shown that certain schemes provable secure in the random oracle model can be insecure when random oracles are replaced with actual hash functions. Therefore while having a proof in the random oracle model is better than having no proof at all, a scheme to be proven in the standard model would provide stronger security guarantees. In this paper, we propose the first certificateless identification scheme that is both efficient and show our proof of security in the standard model, that is without having to assume random oracles exist.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제5권3호
• /
• pp.607-625
• /
• 2011

Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권12호
• /
• pp.3261-3273
• /
• 2013

In the paper, we propose a novel adaptively secure hierarchical identity-based signature scheme from lattices. The size of signatures in our scheme is shortest among the existing hierarchical identity-based signature schemes from lattices. Our scheme is motivated by Gentry et al.'s signature scheme and Agrawal et al.'s hierarchical identity-based encryption scheme.

• 정보보호학회논문지
• /
• 제25권3호
• /
• pp.547-557
• /
• 2015

암호 알고리즘과 암호 프로토콜은 사용되는 키들의 기밀성이 유지된다는 가정 하에서 안전성을 보장받을 수 있다. 대부분의 암호시스템에는 전반적으로 사용되는 키들을 안전하게 관리하는 키관리 메커니즘이 필수 요소로 구현되어 있으며, 키관리 메커니즘의 내부에는 하나의 마스터키로부터 더 많은 종류의 키들을 생성하는 키유도함수(KDF)가 존재한다. NIST SP 800-108에서는 PRF-기반 KDF를 표준안으로 제안하고 있다. 본 논문에서는 KDF와 암호화 운영모드에 대한 증명가능 안전성 관점의 차이를 분석하고, PRF-기반 KDF 중 Counter 모드와 Feedback 모드에 대하여 핵심함수인 PRF의 입력값으로 카운터 값이 XOR과 연접 연산 형태로 입력되는 경우를 비교하여 안전성을 규명한다. 증명가능 안전성 관점에서 카운터 값이 XOR 형태로 입력되는 경우의 KDF는 안전하지 않은 반면, 연접 연산 형태로 삽입되는 경우의 KDF는 안전함을 증명한다.

• 정보처리학회논문지C
• /
• 제9C권4호
• /
• pp.573-580
• /
• 2002

3GPP의 비동기식 IMT-2000 시스템의 보안 구조에는 표준 무결성 알고리즘 f9가 있다. f9는 비동기식(W-CDMA) IMT-2000의 무선 구간에서 데이터 무결성과 시그널링 데이터의 출처를 인증하기 위한 메시지 인증 코드(MAC)를 계산하는 알고리즘으로 블록 암호 KASUMI에 기반한 CBC-MAC의 변형이다. 이 논문은 f9의 증명 가능한 안전성을 제공한다. 기반이 되는 블록 암호가 유사 랜덤 순열이면 어떤 공격자에 대해서도 f9가 안전함을 증명한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권8호
• /
• pp.2930-2947
• /
• 2014

With the rapid growth of the communication technology, intelligent terminals (i.e. PDAs and smartphones) are widely used in many mobile applications. To provide secure communication in mobile environment, in recent years, many user authentication schemes have been proposed. However, most of these authentication schemes suffer from various attacks and cannot provide provable security. In this paper, we propose a novel remote user mutual authentication scheme for multi-server environments using elliptic curve cryptography (ECC). Unlike other ECC-based schemes, the proposed scheme uses ECC in combination with a secure hash function to protect the secure communication among the users, the servers and the registration center (RC). Through this method, the proposed scheme requires less ECC-based operations than the related schemes, and makes it possible to significantly reduce the computational cost. Security and performance analyses demonstrate that the proposed scheme can solve various types of security problems and can meet the requirements of computational complexity for low-power mobile devices.