• 디지털산업정보학회논문지
• /
• 제13권4호
• /
• pp.13-23
• /
• 2017

In order to protect personal information and important information (confidential information, sales information, user information, etc.) in the internal network, companies and organizations apply encryption to the Server-To-Server or Server-To-Client communication section, And are experiencing difficulties due to the increasing number of known attacks and intelligent security attacks. In order to apply the existing S / W encryption technology, it is necessary to modify the application. In the financial sector, "Comprehensive Measures to Prevent the Recurrence of Personal Information Leakage in the Domestic Financial Sector" has been issued, and standard guidelines for financial computing security have been laid out, and it is required to expand the whole area of encryption to the internal network. In addition, even in environments such as U-Health and Smart Grid, which are based on the Internet of Things (IoT) environment, which is increasingly used, security requirements for each collection gateway and secure transmission of the transmitted and received data The requirements of the secure channel for the use of the standard are specified in the standard. Therefore, in this paper, we propose a secure encryption algorithm through mutual authentication and grouping for each node through H / W based Network Control Server (NCS) applicable to internal system and IoT environment provided by enterprises and organizations. We propose a protocol design that can set the channel.

• 인터넷정보학회논문지
• /
• 제12권2호
• /
• pp.123-133
• /
• 2011

본 논문은 영상감시용 네트워크 카메라가 원격지에 설치됨으로써 보안 환경 및 갱신으로부터 소외되어 발생하는 보안 취약성을 지적하고 이를 해결하기 위한 방안으로 네트워크 카메라로의 안전한 접속을 대행하기 위한 보안 프락시 서버 구조를 제안한다. 제안한 서버는 보안 네트워크상에 위치하여 대규모 네트워크 카메라 군에 대한 접속정보를 은닉하고 보안 관리자를 통하여 접속을 시도하는 클라이언트를 인증한다. 또한 그룹 키를 기반으로 하는 영상정보의 암호화 및 키의 갱신 기능을 통하여 영상정보에 대한 등급 지정과 클라이언트에 대한 등급별 안전한 영상 서비스를 제공한다. 제안한 서버를 다중의 네트워크 카메라를 대상으로 구현하여 실험함으로써 네트워크 카메라에 직접 접속하는 경우와 동등한 품질의 영상 서비스를 유지하면서 네트워크 카메라를 안전하게 보호할 수 있음을 확인하였다. 본 연구의 결과를 통하여 임의 접근이 가능한 기존의 네트워크 카메라에 대하여 안전하고 일관된 통합관리가 가능해질 것으로 사료된다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권1호
• /
• pp.119-131
• /
• 2013

With the explosive growth of computer networks, many remote service providing servers and multi-server network architecture are provided and it is extremely inconvenient for users to remember numerous different identities and passwords. Therefore, it is important to provide a mechanism for a remote user to use single identity and password to access multi-server network architecture without repetitive registration and various multi-server authentication schemes have been proposed in recent years. Recently, Tsaur et al. proposed an efficient and secure smart card based user authentication and key agreement scheme for multi-server environments. They claimed that their scheme satisfies all of the requirements needed for achieving secure password authentication in multi-server environments and gives the formal proof on the execution of the proposed authenticated key agreement scheme. However, we find that Tsaur et al.'s scheme is still vulnerable to impersonation attack and many logged-in users' attack. We propose an extended scheme that not only removes the aforementioned weaknesses on their scheme but also achieves user anonymity for hiding login user's real identity. Compared with other previous related schemes, our proposed scheme keeps the efficiency and security and is more suitable for the practical applications.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권2호
• /
• pp.892-905
• /
• 2018

In smart home environment, certificate based signature technology is being studied by communication with Internet of Things(IoT) device. However, block - chain technology has attracted much attention because of the problems such as single - point error and management overhead of the trust server. Among them, Keyless Signature Infrastructure(KSI) provides integrity by configuring user authentication and global timestamp of distributed server into block chain by using hash-based one-time key. In this paper, we provide confidentiality by applying group key and key management based on multi - solution chain. In addition, we propose a smart home environment that can reduce the storage space by using Extended Merkle Tree and secure and efficient KSI-based authentication and communication with enhanced security strength.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권2호
• /
• pp.924-944
• /
• 2017

Telecare Medical Information System (TMIS) helps the patients to gain the health monitoring information at home and access medical services over the mobile Internet. In 2015, Das et al proposed a secure and robust user AKA scheme for hierarchical multi-medical server environment in TMIS, referred to as DAKA protocol, and claimed that their protocol is against all possible attacks. In this paper, we first analyze and show DAKA protocol is vulnerable to internal attacks, impersonation attacks and stolen smart card attack. Furthermore, DAKA protocol also cannot provide confidentiality. We then propose a lightweight pseudonym AKA protocol for multi-medical server architecture in TMIS (short for PAKA). Our PAKA protocol not only keeps good security features declared by DAKA protocol, but also truly provides patient's anonymity by using pseudonym to protect sensitive information from illegal interception. Besides, our PAKA protocol can realize authentication and key agreement with energy-saving, extremely low computation cost, communication cost and fewer storage resources in smart card, medical servers and physical servers. What's more, the PAKA protocol is proved secure against known possible attacks by using Burrows-Abadi-Needham (BAN) logic. As a result, these features make PAKA protocol is very suitable for computation-limited mobile device.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권10호
• /
• pp.4198-4213
• /
• 2020

Data encryption, particularly application-level data encryption, is a common solution to protect data confidentiality and deal with security threats. Application-level encryption is a process in which data is encrypted before being sent to the database. However, cryptography transforms data and makes the query difficult to execute. Various studies have been carried out to find ways in order to implement a searchable encrypted database. In the current paper, we provide a new encrypting method and querying on encrypted data (ZSDB) for different data types. It is worth mentioning that the proposed method is based on secret sharing. ZSDB provides data confidentiality by dividing sensitive data into two parts and using the additional server as Dictionary Server. In addition, it supports required operations on various types of data, especially LIKE operator functioning on string data type. ZSDB dedicates the largest volume of execution tasks on queries to the server. Therefore, the data owner only needs to encrypt and decrypt data.

• 정보보호학회논문지
• /
• 제6권4호
• /
• pp.53-66
• /
• 1996

World Wide Web is a total solution for multi-media data transmission on Internet. Because of its characteristics like ease of use, support for multi-media data and smart graphic user interface, WWW has extended to cover all kinds of applications. The Secure Information Center(SIC) is a data transmission system using conventional cryptography between client and server on WWW. It's main function is to support the encryption of sending data. For encryption of data IDEA(International Data Encryption Algorithm) is used and for authentication mechanism MD5 hash function is used. Since Secure Information Center is used by many users, conventional cryptosystem is efficient in managing their secure interactions. However, there are some restrictions on sharing of same key and data transmission between client and server, for example the risk of key exposure and the difficulty of key sharing mechanisms. To solve these problems, the Secure Information Center provides encryption mechanisms and key management policies.

• 한국인터넷방송통신학회논문지
• /
• 제13권1호
• /
• pp.273-278
• /
• 2013

최근에, 멀티서버 환경을 위한 스마트 카드를 이용한 사용자 인증 방식이 실질적인 응용 분야에서 적용되고 있다. 2009년도에 Liao-Wang은 멀티서버를 위한 안전한 동적 ID 기반 원격 사용자 인증 방식을 제안하였다. 이 방식은 여러 종류의 가능한 공격에 안전하면서 사용자 익명성 보장하였다. 본 논문에서 우리는 Liao-Wang의 방식에 대한 안정성을 분석하고, Liao-Wang의 방식이 위조 공격, 패스워트 추측 공격, 세션키 공격 그리고 내부자 공격에 취약하다는 것을 보여준다. 추가로 Liao-Wang의 방식이 사용자와 서버간의 사용자 익명성 역시 제공하지 못한다는 것을 증명한다.

• 정보처리학회논문지C
• /
• 제12C권1호
• /
• pp.29-36
• /
• 2005

키 분배 프로토콜은 안전한 암호 시스템을 구성하기 위한 필수적인 요소이며, 키 분배 프로토콜에 대한 연구${\cdot}$개발은 꾸준히 이루어지고 있다. 공개키 암호 방식을 이용하는 대부분의 키 분배 프로토콜은 Diffie-Hellman 방식에 기반하므로 세션키 설정에 요구되는 계산량이 많아 무선 인터넷 환경에는 적용하기 어렵다. 본 논문에서는 proxy 서버론 이용하여 무선 단말기 사용자에게 요구되는 계산량을 줄일 수 있는 개선된 키 분배 프로토콜을 제안한다. 제안하는 방식은 두 사용자간에 키 분배가 이루어지는 기존의 키 분배 프로토콜의 안전성을 그대로 유지하면서 단말 사용자에게 요구되는 계산량을 줄일 수 있다는 장점이 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권2호
• /
• pp.826-845
• /
• 2017

Outsourcing computation is one of the most important applications in cloud computing, and it has a huge ability to satisfy the demand of data centers. Modular exponentiation computation, broadly used in the cryptographic protocols, has been recognized as one of the most time-consuming calculation operations in cryptosystems. Previously, modular exponentiations can be securely outsourced by using two untrusted cloud servers. In this paper, we present two practical and secure outsourcing modular exponentiations schemes that support only one untrusted cloud server. Explicitly, we make the base and the index blind by putting them into a matrix before send to the cloud server. Our schemes provide better performance in higher efficiency and flexible checkability which support single cloud server. Additionally, there exists another advantage of our schemes that the schemes are proved to be secure and effective without any cryptographic assumptions.