• Journal of Integrative Natural Science
• /
• v.14 no.2
• /
• pp.65-72
• /
• 2021

This paper discusses on the implementation of blockchain system, specifically the private system for Energy trading purpose. Blockchain is records bundled together in blocks and added to the chain after ledger is generated. All the blocks in the entire networks should be same contents and also only the permitted nodes can join the chain in the private blockchain system, thus not that same block and permitted nodes cannot be accepted in terms of proof-of-work phase. We implement the all stages which are necessary to process blockchain system. After coding the whole process, we test and conclude that the system is correctly working in terms of the functions implemented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.2
• /
• pp.751-765
• /
• 2012

Key establishment protocols are fundamental for establishing secure communication channels over public insecure networks. Security must be given the topmost priority in the design of a key establishment protocol. In this work, we provide a security analysis on two recent key establishment protocols: Harn and Lin's group key transfer protocol and Dutta and Barua's group key agreement protocol. Our analysis shows that both the Harn-Lin protocol and the Dutta-Barua protocol have a flaw in their design and can be easily attacked. The attack we mount on the Harn-Lin protocol is a replay attack whereby a malicious user can obtain the long-term secrets of any other users. The Dutta-Barua protocol is vulnerable to an unknown key-share attack. For each of the two protocols, we present how to eliminate their security vulnerabilities. We also improve Dutta and Barua's proof of security to make it valid against unknown key share attacks.

• Review of KIISC
• /
• v.28 no.3
• /
• pp.18-25
• /
• 2018

최근 블록체인 기술을 응용한 가상화폐에 대한 관심이 높아지면서 자본금이 많지 않은 사람들도 블록체인 네트워크에 참여하기 시작했다. 가장 유명한 가상화폐인 비트코인이 채택한 PoW 방식은 고성능 하드웨어의 과열된 열풍을 불어왔고 PoS 방식은 기존 지분이 많은 참여자들이 많이 존재하여 소수의 자본금을 가진 신규 참여자들이 네트워크에 새로 참여하기 어려운 환경이다. 따라서 본 논문에서는 기존 블록체인 증명방식인 PoW, PoS 방식보다 네트워크 참여를 위한 자본금이 적고 신규로 참여하더라도 리스크가 적은 PoP(Proof-of-Probability) 방식을 소개한다. PoP 방식은 블록을 생성할 시 실제 암호화된 해쉬와 수많은 가짜 해쉬를 각 노드들이 정렬하여 진짜 해쉬를 복호화하여 찾은 노드가 블록을 생성하는 방식이다. 또한 1개의 해쉬를 복호화하여 검증받을 때 1분의 대기시간을 두어 과열된 컴퓨팅파워 경쟁을 제한한다. 지분(Stake)이 많을수록 블록을 생성할 확률은 높아지지만 이는 PoS 방식처럼 절대적이지 않다. 이 방식을 이용한다면 지분을 많이 가진 유효성 검증자(Validators)에 의한 집중화를 피하며 블록체인 네트워크에 참여하려는 진입장벽도 낮출 수 있을 것 이다.

• ETRI Journal
• /
• v.37 no.3
• /
• pp.573-583
• /
• 2015

We introduce the idea of a forward-secure undetachable digital signature (FS-UDS) in this paper, which enables mobile agents to generate undetachable digital signatures with forward security of the original signer's signing key. The definition and security notion of an FS-UDS scheme are given. Then, the construction of a concrete FS-UDS scheme is proposed; and the proof of security for the proposed scheme is also provided. In the proposed scheme, mobile agents need not carry the signing key when they generate digital signatures on behalf of the original signer, so the signing key will not be compromised. At the same time, the encrypted function is combined with the original signer's requirement; therefore, misuse of the signing algorithm can be prevented. Furthermore, in the case where a hacker has accessed the signing key of the original signer, he/she is not able to forge a signature for any time period prior to when the key was obtained.

• Journal of the Korea Society of Computer and Information
• /
• v.23 no.9
• /
• pp.73-80
• /
• 2018

In this paper, we propose a new type of client server environment to improve the architecture vulnerable to hacking in an existing client server environment. On the server side, move the existing Web server to the client side and This is a way for clients to communicate only the data they need and suggests a structure that completely blocks the web attack itself to the server. This can completely prevent a server from being hacked, spreading malicious code and hacking data on a server. It also presents a new paradigm that will not affect servers even if malware is infected with client PCs. This paper validates the proposed environment through BBS (Big Bad Stick) hardware in the form of USB on the client side. This study proof that secure services are provided through encryption communication with server-side security equipment, indicating that this study is a system with new security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.12
• /
• pp.6188-6204
• /
• 2017

Over the years, more password-based authentication key agreement schemes using chaotic maps were susceptible to attack by off-line password guess attack. This work approaches this problem by a new method--new theorem of chaotic maps: $T_{a+b}(X)+T_{a-b}(X)=2T_a(X)T_b(X)$,(a>b). In fact, this method can be used to design two-party, three-party, even in N-party intelligently. For the sake of brevity and readability, only a two-party instance: a novel Two-party Password-Authenticated Key Agreement Protocol is proposed for resisting password guess attack in this work. Compared with the related literatures recently, our proposed scheme can be not only own high efficiency and unique functionality, but is also robust to various attacks and achieves perfect forward secrecy. For capturing improved ratio of security and efficiency intuitively, the paper firstly proposes a new parameter called security/efficiency ratio(S/E Ratio). The higher the value of the S/E Ratio, the better it is. Finally, we give the security proof and the efficiency analysis of our proposed scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.179-183
• /
• 2008

Recently, an efficient password-authenticated key exchange protocol based on RSA has been proposed by Park et al. with formal security proof. In this letter, we analyze their protocol, and show that it is not secure against an active adversary who performs a dictionary attack. Moreover, we analyze the performance of the proposed attack and show that the attack is a threatening attack against the protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.2
• /
• pp.69-74
• /
• 2004

Threshold digital signature is very useful for networks that have no infrastructure such as ad hoc network Up to date, research on threshold digital signature is mainly focused on RSA and DSA. Though Schnorr's digital signature scheme is very efficient in terms of both computation and communication. its hard structure using interactive proof prevents conversion to threshold version. This paper proposes an efficient threshold signature. scheme based on the Schnorr's signature. It has a desirable property of scalability and reduces runtime costs by precomputation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.3
• /
• pp.517-526
• /
• 2021

Recently, the acceleration of the development of quantum computers has raised the issue of the safety of factorization and discrete logarithm based digital signature schemes used in existing Internet environments. To solve the issue, several digital signature schemes are presented that are safe in post-quantum computing environments, including standardization work by the National Institute of Standards and Technology(NIST). In this paper, we design and present a multi-signature scheme based on the TACHYON announced by Behnia et al. in 2018 CCS conference, and prove the security. Multi-signature schemes are key techniques that can distribute the dependence of cryptocurrency-wallet on private keys in the cryptocurrency field, which has recently received much attention as an digital signature application, and many researchers and developers have recently been interested. The multi-signature scheme presented in this paper enables public key aggregation in a plain public key model, which does not require additional zero-knowledge proof, and can construct an effective scheme with only an aggregated public key.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4226-4241
• /
• 2014

Cloud storage provides an easy, cost-effective and reliable way of data management for users without the burden of local data storage and maintenance. Whereas, this new paradigm poses many challenges on integrity and privacy of users' data, since users losing grip on their data after outsourcing the data to the cloud server. In order to address these problems, recently, Worku et al. have proposed an efficient privacy-preserving public auditing scheme for cloud storage. However, in this paper, we point out the security flaw existing in the scheme. An adversary, who is on-line and active, is capable of modifying the outsourced data arbitrarily and avoiding the detection by exploiting the security flaw. To fix this security flaw, we further propose a secure and efficient privacy-preserving public auditing scheme, which makes up the security flaw of Worku et al.'s scheme while retaining all the features. Finally, we give a formal security proof and the performance analysis, they show the proposed scheme has much more advantages over the Worku et al.'s scheme.