• 정보보호학회논문지
• /
• 제14권6호
• /
• pp.69-78
• /
• 2004

수년간 두 명의 사용자 혹은 세 명의 사용자 사이의 키교환 프로토콜을 위한 안전성 모델이 정의 되어왔다. 또한 최근에는 그룹키 관리 기법에 대한 안전성 모델에 관한 연구가 진행되고 있다. 그 결과 분산 방식의 그룹키 교환 기법을 위한 안전성 모델과 증명 가능한 프로토콜들이 다양하게 제시되고 있다. 그러나 중앙 분배 방식의 그룹키 분배 기법에 대해서는 구체적인 안전성 모델이나 증명 가능한 프로토콜에 대해 거의 언급되지 않았다. 본 논문에서는 중앙 분배 방식의 그룹키 분배 기법을 위한 안전성 요구 조건과 안전성 모델에 대해 설명한다: 이 모델은 강력한 사용자 공모 공격(strong user corruption attack) 능력을 지니고 있는 공격자에 의해 제어되는 채널에서 정의된다. 본 논문에서는 이 안전성 모델에 기반하여 기존의 중앙 분배 방식의 그룹키 기법을 안전성이 증명 가능한 기법으로 전환할 수 있는 변환 모듈을 제시하고자 한다.

• Journal of Communications and Networks
• /
• 제15권1호
• /
• pp.1-7
• /
• 2013

Most of the provably-secure proxy signature schemes rely on the average-case hardness problems such as the integer factorization problems and the discrete logarithm problems. Therefore, those schemes are insecure to quantum analysis algorithms, since there exist quantum algorithms efficiently solving the factorization and logarithm problems. To make secure proxy signature schemes against quantum analysis, some lattice-based proxy signature schemes are suggested. However, none of the suggested lattice-based proxy signature schemes is proxy-protected in the adaptive security model. In the paper, we propose a provably-secure ID-based proxy signature scheme based on the lattice problems. Our scheme is proxy-protected in the adaptive security model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권6호
• /
• pp.3316-3332
• /
• 2019

In a transitive signature scheme, a signer wants to authenticate edges in a dynamically growing and transitively closed graph. Using transitive signature schemes it is possible to authenticate an edge (i, k), if the signer has already authenticated two edges (i, j) and (j, k). That is, it is possible to make a signature on (i, k) using two signatures on (i, j) and (j, k). We propose the first transitive signature schemes for undirected graphs from lattices. Our first scheme is provably secure in the random oracle model and our second scheme is provably secure in the standard model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제5권3호
• /
• pp.607-625
• /
• 2011

Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권4호
• /
• pp.2219-2236
• /
• 2017

With cloud storage services, users can handle an enormous amount of data in an efficient manner. However, due to the widespread popularization of cloud storage, users have raised concerns about the integrity of outsourced data, since they no longer possess the data locally. To address these concerns, many auditing schemes have been proposed that allow users to check the integrity of their outsourced data without retrieving it in full. Yuan and Yu proposed a public auditing scheme with a deduplication property where the cloud server does not store the duplicated data between users. In this paper, we analyze the weakness of the Yuan and Yu's scheme as well as present modifications which could improve the security of the scheme. We also define two types of adversaries and prove that our proposed scheme is secure against these adversaries under formal security models.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권4호
• /
• pp.1832-1853
• /
• 2018

The personal health record (PHR) system is a promising application that provides precise information and customized services for health care. To flexibly protect sensitive data, attribute-based encryption has been widely applied for PHR access control. However, escrow, exposure and abuse of private keys still hinder its practical application in the PHR system. In this paper, we propose a coordinated ciphertext policy attribute-based access control with user accountability (CCP-ABAC-UA) for the PHR system. Its coordinated mechanism not only effectively prevents the escrow and exposure of private keys but also accurately detects whether key abuse is taking place and identifies the traitor. We claim that CCP-ABAC-UA is a user-side lightweight scheme. Especially for PHR receivers, no bilinear pairing computation is needed to access health records, so the practical mobile PHR system can be realized. By introducing a novel provably secure construction, we prove that it is secure against selectively chosen plaintext attacks. The analysis indicates that CCP-ABAC-UA achieves better performance in terms of security and user-side computational efficiency for a PHR system.

• ETRI Journal
• /
• 제22권4호
• /
• pp.25-31
• /
• 2000

Design of secure and efficient public-key encryption schemes under weaker computational assumptions has been regarded as an important and challenging task. As far as ElGamal-type encryption schemes are concerned, some variants of the original ElGamal encryption scheme based on weaker computational assumption have been proposed: Although security of the ElGamal variant of Fujisaki-Okamoto public -key encryption scheme and Cramer and Shoup's encryption scheme is based on the Decisional Diffie-Hellman Assumption (DDH-A), security of the recent Pointcheval's ElGamal encryption variant is based on the Computational Diffie-Hellman Assumption (CDH-A), which is known to be weaker than DDH-A. In this paper, we propose new ElGamal encryption variants whose security is based on CDH-A and the Elliptic Curve Computational Diffie-Hellman Assumption (EC-CDH-A). Also, we show that the proposed variants are secure against the adaptive chosen-ciphertext attack in the random oracle model. An important feature of the proposed variants is length-efficiency which provides shorter ciphertexts than those of other schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권6호
• /
• pp.2534-2553
• /
• 2020

Recently, numerous certificateless encryption (CLE) schemes have been introduced. The security proofs of most schemes are given under the random oracle model (ROM). In the standard model, the adversary is able to calculate the hash function instead of asking the challenger. Currently, there is only one scheme that was proved to be secure in SM. In this paper, we constructed a new CLE scheme and gave the security proofs in SM. In the new scheme, the size of the storage space required by the system is constant. The computation cost is lower than other CLE schemes due to it needs only two pairing operations.

• ETRI Journal
• /
• 제34권3호
• /
• pp.421-428
• /
• 2012

An aggregate signature scheme is a digital signature scheme that allows aggregation of n distinct signatures by n distinct users on n distinct messages. In this paper, we present an aggregate signcryption scheme (ASC) that is useful for reducing the size of certification chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols. The new ASC scheme combines identity-based encryption and the aggregation of signatures in a practical way that can simultaneously satisfy the security requirements for confidentiality and authentication. We formally prove the security of the new scheme in a random oracle model with respect to security properties IND-CCA2, AUTH-CMA2, and EUF-CMA.

• 정보보호학회논문지
• /
• 제15권1호
• /
• pp.67-76
• /
• 2005

Bresson 등은 최근에 발표한 논문에서 무선 네트워크 환경에 적합한 그룹 키 동의 방식을 제안하였고 이의 안전성을 증명하였다. 하지만 본 논문에서는 Bresson 등이 제안한 그룹 키 동의 방식이 여려가지 공격에 취약함을 보임으로써 안전성 증명에 오류가 있음을 입증한다.