• Journal of KIISE:Information Networking
• /
• v.31 no.4
• /
• pp.353-362
• /
• 2004

Mobile Ad-Hoc network tends to expose scarce computing resources and various security threats because all traffics are carried in air along with no central management authority. To provide secure communication and save communication overhead, a scheme is inevitable to serurely establish session keys. However, most of key establishment methods for Ad-Hoc network focus on the distribution of a group key to all hosts and/or the efficient public key management. In this paper, a secure and efficient scheme is proposed to establish a session key between two Ad-Hoc nodes. The proposed scheme makes use of the secret sharing mechanism and the Diffie-Hellman key exchange method. For secure intra-cluster communication, each member node establishes session keys with its clusterhead, after mutual authentication using the secret shares. For inter-cluster communication, each node establishes session keys with its correspondent node using the public key and Diffie-Hellman key exchange method. The simulation results prove that the proposed scheme is more secure and efficient than that of the Clusterhead Authentication Based Method(1).

• Journal of KIISE:Information Networking
• /
• v.34 no.4
• /
• pp.296-304
• /
• 2007

This paper deals with essentially secure group management and key transfer methods in a wireless sensor network environment. To provide an efficient security service to a widespread network with a large number of sensor nodes, the network has to be made up by several security groups, and Group Key distribution and group management are needed. In this paper we propose a mechanism for efficiently constructing and managing a security node by constructing a group using an algorithm to construct a logical group. Previous Group Key Transport method has special condition. When Base Station transports Group Key, all sensor nodes must share Secret Key with Base Station before it is intended to be deployed. Hence, we also propose a Key transport mechanism without sharing Secret Key between Base Station and sensor node.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.757-759
• /
• 2002

본 논문에서는 ID 보안 기술에 기반을 둔 디지털서명, 키분배 기법을 이용하여 그룹 비밀키의 분배와 갱신을 위한 효율적인 프로토콜을 제안한다. 제안된 프로토콜의 안전성은 이산대수 문제에 근거하고 있으며 단말기의 저장능력과 처리의 능력이 적을 경우도 적절하게 운영될 수 있고, 그룹 내에서 제외하고자하는 통화자가 동시에 여러 명일 경우에도 적용한 수 있다. 또한 통화자의 변동 없이 그룹 비밀키를 변경하고자 하는 경우에도 용이하게 키를 갱신할 수 있도록 설계되었다.

• Bulletin of the Korean Mathematical Society
• /
• v.55 no.3
• /
• pp.717-734
• /
• 2018

By choosing defining set properly, several classes of linear codes with a few weights over the finite field ${\mathbb{F}}_p$ are constructed for an odd prime p, and the complete weight enumerators of these classes of codes are determined.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2001.06a
• /
• pp.514-517
• /
• 2001

정보보호를 위한 공개키 기반 구조의 구축은 사용자들에게 많은 미정을 줄 수 있다. 그러나 암호 키의 분실이나 불법적인 사용 등의 문제점을 내포하고 있다. 이러한 문제점을 해결할 수 있는 기술로서 공개키 기반 구조와 연동 가능한 키 복구 기술이 있으며, 현재 많은 연구가 진행중에 있다. 기존에 제안되어 있는 방식은 인증기관에게 저장공간을 요구하거나, 인증기관과 위탁기관간의 통신량이 증가하는 문제점을 가지고 있다. 본 논문에서는 이러한 문제점을 지적하고 이를 해결하는 변형된 SE-PKI 키 복구 시스템을 제안한다.

• Journal of Broadcast Engineering
• /
• v.20 no.1
• /
• pp.92-109
• /
• 2015

Broadcast encryption is a cryptographic primitive that allows a sender to securely broadcast a message to a set of receivers. The most influential broadcast encryption system was proposed in 2001 by Naor, Naor, Lotspiech, based on a pseudo-random generator and the Subset Difference (SD) method. In this paper, we suggest a new broadcast encryption system that is based on secret sharing and SD methods. On an efficiency aspect, our system achieves O(r) transmission cost, O($log^2n$) storage cost, and O(1) computational cost for the number n of users and the number r of revoked users. Compared to O(log n) computational cost in the previous SD method, our system has the advantage that it needs only constant-sized computational cost for decryption, regardless of the number n or r. On a security aspect, our system can achieve tighter security reduction than the previous SD method and the gap of security loss is about O(n log n). Moreover, our result shows that it is possible to give the effect of the SD method while using an information-theoretically secure key distribution technique as in the Complete Subtree method.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.518-522
• /
• 2003

We propose a new auction protocol scheme that uses the publicly verifiable secret sharing (PVSS) scheme. Unlike the existing scheme where a verifiable encryption scheme is employed when there is a dispute between a bidder and the auctioneer, the proposed scheme essentially removes the potential of a dispute. In addition, it has a robust registration phase and any entities participating in or observing the auction can verify the correctness of the auction process. The manager does not directly chooses the private key for the bidders, but only verifies the correctness between the private key and the public key, thereby improving the security, such as a bid submission of a malicious manager using the private key of a bidder.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.4
• /
• pp.998-1019
• /
• 2024

Mobile cloud computing is a very attractive service paradigm that outsources users' data computing and storage from mobile devices to cloud data centers. To protect data privacy, users often encrypt their data to ensure data sharing securely before data outsourcing. However, the bilinear and power operations involved in the encryption and decryption computation make it impossible for mobile devices with weak computational power and network transmission capability to correctly obtain decryption results. To this end, this paper proposes an outsourcing decryption algorithm of verifiable transformed ciphertext. First, the algorithm uses the key blinding technique to divide the user's private key into two parts, i.e., the authorization key and the decryption secret key. Then, the cloud data center performs the outsourcing decryption operation of the encrypted data to achieve partial decryption of the encrypted data after obtaining the authorization key and the user's outsourced decryption request. The verifiable random function is used to prevent the semi-trusted cloud data center from not performing the outsourcing decryption operation as required so that the verifiability of the outsourcing decryption is satisfied. Finally, the algorithm uses the authorization period to control the final decryption of the authorized user. Theoretical and experimental analyses show that the proposed algorithm reduces the computational overhead of ciphertext decryption while ensuring the verifiability of outsourcing decryption.

• Journal of KIISE:Computing Practices and Letters
• /
• v.10 no.3
• /
• pp.259-272
• /
• 2004

This paper suggests a new security architecture for facilitating secure OSGi service platform environment. The security architecture includes 1) user authentication mechanism, 2) bundle authentication mechanism, 3) key sharing mechanism, and 4) authorization mechanism. The user authentication mechanism supplies SSO(single sign-on) functions which are useful for safe and easy user authentications. The bundle authentication mechanism utilizes both PKI-based and MAC-based digital signatures for efficiently authenticating service bundles. The key sharing mechanism, which is performed during bootstrapping phase of a service gateway, supplies a safe way for sharing secret keys that are required for authentication mechanisms. Finally, the authorization mechanism suggests distributed authorization among service providers and an operator by establishing their own security policies. The main contributions of the parer are twofold. First, we examine several security requirements of current OSGi specification when its security functions can be applied in real OSGi environments. Second, we describe the ways to resolve the problems by means of designing and implementing concrete security mechanisms.

• The KIPS Transactions:PartC
• /
• v.18C no.6
• /
• pp.369-378
• /
• 2011

To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server. And we construct the model of access privilege management using AONT based XOR threshold Secret Sharing, In addition, our scheme enable to grant weight for access privilege using XOR Share. In chapter 4, we differentiate existing scheme and proposed scheme.