• Title/Summary/Keyword: proxy key server

Search Result 28, Processing Time 0.017 seconds

De-Centralized Information Flow Control for Cloud Virtual Machines with Blowfish Encryption Algorithm

  • Gurav, Yogesh B.;Patil, Bankat M.
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.12
    • /
    • pp.235-247
    • /
    • 2021
  • Today, the cloud computing has become a major demand of many organizations. The major reason behind this expansion is due to its cloud's sharing infrastructure with higher computing efficiency, lower cost and higher fle3xibility. But, still the security is being a hurdle that blocks the success of the cloud computing platform. Therefore, a novel Multi-tenant Decentralized Information Flow Control (MT-DIFC) model is introduced in this research work. The proposed system will encapsulate four types of entities: (1) The central authority (CA), (2) The encryption proxy (EP), (3) Cloud server CS and (4) Multi-tenant Cloud virtual machines. Our contribution resides within the encryption proxy (EP). Initially, the trust level of all the users within each of the cloud is computed using the proposed two-stage trust computational model, wherein the user is categorized bas primary and secondary users. The primary and secondary users vary based on the application and data owner's preference. Based on the computed trust level, the access privilege is provided to the cloud users. In EP, the cipher text information flow security strategy is implemented using the blowfish encryption model. For the data encryption as well as decryption, the key generation is the crucial as well as the challenging part. In this research work, a new optimal key generation is carried out within the blowfish encryption Algorithm. In the blowfish encryption Algorithm, both the data encryption as well as decryption is accomplishment using the newly proposed optimal key. The proposed optimal key has been selected using a new Self Improved Cat and Mouse Based Optimizer (SI-CMBO), which has been an advanced version of the standard Cat and Mouse Based Optimizer. The proposed model is validated in terms of encryption time, decryption time, KPA attacks as well.

Smart Card Certification-Authority Distribution Scheme using Attributes-Based Re-Encryption (속성기반 재 암호화를 이용한 스마트카드 인증권한 분배스킴)

  • Seo, Hwa-Jeong;Kim, Ho-Won
    • IEMEK Journal of Embedded Systems and Applications
    • /
    • v.5 no.3
    • /
    • pp.168-174
    • /
    • 2010
  • User authentication is an important requirement to provide secure network service. Therefore, many authentication schemes have been proposed to provide secure authentication, such as key agreement and anonymity. However, authority of scheme is limited to one's self. It is inefficient when authenticated users grant a certification to other users who are in an organization which has a hierarchical structure, such as a company or school. In this paper, we propose the first authentication scheme to use Attributes-Based Re-encryption that creates a certification to other users with specified attributes. The scheme, which has expanded from Rhee et al. scheme, has optimized computation performance on a smart card, ensuring the user's anonymity and key agreement between users and server.

Implementation of an Internet Telephony Service that Overcomes the Firewall Problem (방화벽 문제를 극복한 인터넷 전화 서비스의 구현)

  • 손주영
    • Journal of Advanced Marine Engineering and Technology
    • /
    • v.27 no.1
    • /
    • pp.65-75
    • /
    • 2003
  • The internet telephony service is one of the successful internet application services. VoIP is the key technology for the service to come true. VoIP uses H.323 or SIP as the standard protocol for the distributed multimedia services over the internet environment, in which QoS is not guaranteed. VoIP carries the packetized voice by using the RTP/UDP/IP protocol stack. The UDP-based internet services cause the data transmission problem to the users behind the internet firewall. So does the internet telephony service. The users are not able to listen the voices of the counter-parts on the public internet or PSTN. It makes the problem more difficult that the internet telephony service addressed in this paper uses only one UDP port number to send the voice data of all sessions from gateway to terminal node. In this paper, two schemes including the usage of dummy UDP datagrams, and the protocol conversion are suggested. The implementation of one of the schemes, the protocol conversion, and the performance evaluation are described in detail.

Automatic Extraction of Dependencies between Web Components and Database Resources in Java Web Applications

  • Oh, Jaewon;Ahn, Woo Hyun;Kim, Taegong
    • Journal of information and communication convergence engineering
    • /
    • v.17 no.2
    • /
    • pp.149-160
    • /
    • 2019
  • Web applications typically interact with databases. Therefore, it is very crucial to understand which web components access which database resources when maintaining web apps. Existing research identifies interactions between Java web components, such as JavaServer Pages and servlets but does not extract dependencies between the web components and database resources, such as tables and attributes. This paper proposes a dynamic analysis of Java web apps, which extracts such dependencies from a Java web app and represents them as a graph. The key responsibility of our analysis method is to identify when web components access database resources. To fulfill this responsibility, our method dynamically observes the database-related objects provided in the Java standard library using the proxy pattern, which can be applied to control access to a desired object. This study also experiments with open source web apps to verify the feasibility of the proposed method.

An Efficient Broadcast Encryption System with Delegation of Decryption (복호화 위임을 제공하는 효율적인 브로드캐스트 암호시스템)

  • Han, Su Min;Park, Seung Hwan;Park, Jong Hwan;Lee, Dong Hoon
    • Journal of Broadcast Engineering
    • /
    • v.18 no.5
    • /
    • pp.758-770
    • /
    • 2013
  • In a Broadcast Encryption System, a sender sends an encrypted message to a large set of receivers at once over an insecure channel and it enables only users in a target set to decrypt the message with their private keys. In 2005, Boneh et al. proposed a fully collusion-resistant public key broadcast encryption in which the ciphertext and the privatekey sizes are constant. In general, pairing-based broadcast encryption system is efficient in bandwidth and storing aspects than non-pairing based broadcast encryption system, however, it requires many computational costs that resource-constrained devices is not suit to be applied. In this paper, we propose a Broadcast Encryption scheme(called BEWD) that user can decrypt a ciphertext more efficiently. The scheme is based on Boneh et al.scheme. More precisely, it reduces receiver's computational costs by delegating pairing computation to a proxy server which computation is required to receiver in Boneh et al.scheme. Furthermore, the scheme enables a user to check if the proxy server compute correctly. We show that our scheme is secure against selective IND-RCCA adversaries under l-BDHE assumption.

Efficient Virtual Machine Migration for Mobile Cloud Using PMIPv6 (모바일 클라우드 환경에서 PMIPv6를 이용한 효율적인 가상머신 마이그레이션)

  • Lee, Tae-Hee;Na, Sang-Ho;Lee, Seung-Jin;Kim, Myeong-Eeob;Huh, Eui-Nam
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37B no.9
    • /
    • pp.806-813
    • /
    • 2012
  • In a cloud computing environment, various solutions were introduced to provide the service to users such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) and Desktop as a Service (DaaS). Nowadays, Mobile as a Service (MaaS) to provide the mobility in a cloud environment. In other words, users must have access to data and applications even when they are moving. Thus, to support the mobility to a mobile Thin-Client is the key factor. Related works to support the mobility for mobile devices were Mobile IPv6 and Proxy Mobile IPv6 which showed performance drawbacks such as packet loss during hand-over which could be very critical when collaborating with cloud computing environment. The proposed model in this paper deploys middleware and replica servers to support the data transmission among cloud and PMIPv6 domain. It supports efficient mobility during high-speed movement as well as high-density of mobile nodes in local mobility anchor. In this paper, through performance evaluation, the proposed scheme shows the cost comparison between previous PMIPv6 and verifies its significant efficiency.

Interworking of SIP Authentication with DIAMETER and Security Analysis (SIP와 DIAMETER의 인증 연동 및 안전성 분석)

  • 박성준;정수환;이병길;김현곤
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.3C
    • /
    • pp.426-435
    • /
    • 2004
  • The DIAMETER protocol provides Authentication, Authorization, and Accounting (AAA) transactions across the Internet. SIP(Session Initiation Protocol) will be used for new types of signaling, such as instant messaging and application level mobility across networks. And SIP will be a major signaling protocol for next generation wireless networks. But the Digest authentication scheme is not using a secure method of user authentication in SIP, and it is vulnerable to man-in-the-middle attacks or dictionary attacks. This study focused on designing a SIP proxy for interworking with AAA server with respect to user authentication and security analysis. We compared and analyzed the security aspects of the scenarios and propose two proposals that a response which include the user address and password-based mutual authentication and key agreement protocol. It is claimed to be more secure against common attacks than current scenarios.

Cooperative Video Streaming and Active Node Buffer Management Technique in Hybrid CDN/P2P Architecture

  • Lee, Jun Pyo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.24 no.11
    • /
    • pp.11-19
    • /
    • 2019
  • Recently, hybrid CDN/P2P video streaming architecture is specially designed and deployed to achieve the scalability of P2P networks and the desired low delay and high throughput of CDNs. In this paper, we propose a cooperative video streaming and active node buffer management technique in hybrid CDN/P2P architecture. The key idea of this streaming strategy is to minimize network latency such as jitter and packet loss and to maximize the QoS(quality of service) by effectively and efficiently utilizing the information sharing of file location in CDN's proxy server which is an end node located close to a user and P2P network. Through simulation, we show that the proposed cooperative video streaming and active node buffer management technique based on CDN and P2P network improves the performance of realtime video streaming compared to previous methods.