• The Journal of Society for e-Business Studies
• /
• v.10 no.1
• /
• pp.121-134
• /
• 2005

The MANET has many problems in security despite of its many advantages such as supporting the mobility of nodes, independence of the fixed infrastructure, and quick network establishment. In particular, in establishing security, the traditional certification service has many difficult problems in applying to the MANET because of its safety, expandability, and availability. In this paper, a secure and effective distributed certification service method was proposed using the Secret Sharing scheme and the Threshold Digital Signature scheme in providing certification services in the MANET. In the proposed distributed certification service, certain nodes of relatively high safety among the mobile nodes consisting of the MANET, were set as privileged nodes, from which the process of issuing a certification started. The proposed scheme solved problem that the whole network security would be damaged by the intrusion to one node in the Centralized Architecture and the Hierarchical Architecture. And it decreased the risk of the exposure of the personal keys also in the Fully Distributed Architecture as the number of the nodes containing the partial confidential information of personal keys decreased. By the network simulation, the features and availability of the proposed scheme was evaluated and the relation between the system parameters was analyzed.

• Journal of Digital Convergence
• /
• v.12 no.11
• /
• pp.233-239
• /
• 2014

Ultra high-resolution content, the file size is very large, therefore existing encoding techniques, it is not possible to transmit via the network. Efficient use of the network encoder HEVC corporation can be transferred. Compression requires a lot of time because it requires a distributed transcoding system. Distributed transcoding system is a distributed data store, and then encoded using a large number of nodes. The disadvantage of distributed transcoding system for distributed information is exposed or vulnerable to attack by internal managers. In this paper, when the super high definition content transcoding, distributed transcoding system does not guarantee the confidentiality of the problem to solve. We are using SNA, HEVC encoded content data encrypted using the secret distributing scheme was. Consequently, secure shared transcoding is possible, the internal administrator could prevent the attack.

• The KIPS Transactions:PartC
• /
• v.18C no.6
• /
• pp.369-378
• /
• 2011

To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server. And we construct the model of access privilege management using AONT based XOR threshold Secret Sharing, In addition, our scheme enable to grant weight for access privilege using XOR Share. In chapter 4, we differentiate existing scheme and proposed scheme.

• ETRI Journal
• /
• v.34 no.2
• /
• pp.235-244
• /
• 2012

An identity-based strong designated verifier signature scheme provides restricted verifiability only for a verifier designated by a signer and proper privacy for the signer. In this paper, we show that strong designated verifier signature schemes do not satisfy the self-unverifiability requirement in the sense that not only exposure of the verifier's secret key but also of the signer's secret key enables an attacker to verify signatures, which should have been the exclusive right of the verifier. We also present a generic method to construct a strong identity-based designated verifier signature scheme with self-unverifiability from identity-based key encapsulation and identity-based key sharing schemes. We prove that a scheme constructed from our method achieves unforgeability, non-transferability, and self-unverifiability if the two underlying components are secure. To show the advantage of our method, we present an example that outputs short signatures and we analyze its performance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.863-874
• /
• 2021

Distributed key generation (DKG) with trustless setup is a cryptographic protocol that distributes Shamir secret shares of a private key to participants while keeping the actual private key hidden to the participants. Also, by extending it to a threshold signature protocol, digital signatures can be generated without construction of private keys. This paper proposes a recovery protocol maintaining trustless setup assumptions, in particular to the useful (1,3) share structure. The proposed protocol meets same levels of security requirements with DKG in terms of correctness and secrecy. The protocol can also enable delegation and revocation of digital sign rights for blockchain-based asset management.

• The KIPS Transactions:PartC
• /
• v.17C no.5
• /
• pp.399-406
• /
• 2010

Many problems are arisen due to the weakness in the security and invasion to privacy by malicious attacker or internal users while various data services are available in ubiquitous network environment. The matter of controlling security for various contents and large capacity of data has appeared as an important issue to solve this problem. The allocation methods of Ito, Saito and Nishizeki based on traditional polynomial require all shares to restore the secret information shared. On the contrary, the secret information can be restored if the shares beyond the threshold value is collected. In addition, it has the effect of distributed DBMS operation which distributes and restores the data, especially the flexibility in realization by using parameters t,v,k in combinatorial design which has regularity in DB server and share selection. This paper discuss the construction of new share allocation method and data distribution/storage management with the application of matrix structure of t-(v,k,1) design for allocating share when using secret sharing in management scheme to solve the matter of allocating share.

• Journal of Information Processing Systems
• /
• v.8 no.2
• /
• pp.375-388
• /
• 2012

PVSS stands for publicly verifiable secret sharing. In PVSS, a dealer shares a secret among multiple share holders. He encrypts the shares using the shareholders' encryption algorithms and publicly proves that the encrypted shares are valid. Most of the existing PVSS schemes do not employ an ElGamal encryption to encrypt the shares. Instead, they usually employ other encryption algorithms like a RSA encryption and Paillier encryption. Those encryption algorithms do not support the shareholders' encryption algorithms to employ the same decryption modulus. As a result, PVSS based on those encryption algorithms must employ additional range proofs to guarantee the validity of the shares obtained by the shareholders. Although the shareholders can employ ElGamal encryptions with the same decryption modulus in PVSS such that the range proof can be avoided, there are only two PVSS schemes based on ElGamal encryption. Moreover, the two schemes have their drawbacks. One of them employs a costly repeating-proof mechanism, which needs to repeat the dealer's proof at least scores of times to achieve satisfactory soundness. The other requires that the dealer must know the discrete logarithm of the secret to share and thus weakens the generality and it cannot be employed in many applications. A new PVSS scheme based on an ElGamal encryption is proposed in this paper. It employs the same decryption modulus for all the shareholders' ElGamal encryption algorithms, so it does not need any range proof. Moreover, it is a general PVSS technique without any special limitation. Finally, an encryption-improving technique is proposed to achieve very high efficiency in the new PVSS scheme. It only needs a number of exponentiations in large cyclic groups that are linear in the number of the shareholders, while all the existing PVSS schemes need at least a number of exponentiations in large cyclic groups that are linear in the square of the number of the shareholders.

• Journal of Internet of Things and Convergence
• /
• v.7 no.1
• /
• pp.1-7
• /
• 2021

The IoT market continues to expand and grow, but the security threat to IoT devices is also increasing. However, it is difficult to apply the security technology applied to the existing system to IoT devices that have a problem of resource limitation. Therefore, in this paper, we present a service that can improve the security of IoT devices by presenting authentication and lightweight cryptographic algorithms that can reduce the overhead of applying security features, taking into account the nature of resource limitations of IoT devices. We want to apply these service to home network IoT equipment to provide security. The authentication and lightweight cryptographic algorithm application protocols presented in this paper have secured the safety of the service through the use of LEA encryption algorithms and secret key generation by users, IoT devices and server in the IoT environment. Although there is no difference in speed from randomly generating secret keys in experiments, we verify that the problem of resource limitation of IoT devices can be solved by additionally not applying logic for secret key sharing to IoT devices.

• Journal of Internet Computing and Services
• /
• v.6 no.3
• /
• pp.17-30
• /
• 2005

A PAK(Password-Authenticated Key Exchange) protocol is used as a protocol to provide both the mutual authentication and allow the communication entities to share the session key for the subsequent secure communication, using the human-memorable portable short-length password, In this paper, we propose distributed key exchange protocols applicable to a smartcard using the MTI(Matsumoto, Takashima, Imai) key distribution protocol and PAK protocol. If only one server keeps the password verification data which is used for password authentication protocol. then It could easily be compromised by an attacker, called the server-compromised attack, which results in impersonating either a user or a server, Therefore, these password verification data should be distributed among the many server using the secret sharing scheme, The Object of this paper Is to present a password-based key exchange protocol which is to allow user authentication and session key distribution, using the private key in a smartcard and a password typed by a user. Moreover, to avoid the server-compromised attack, we propose the distributee key exchange protocols using the MTI key distribution protocol, And we present the security analysis of the proposed key exchange protocol and compare the proposed protocols with the existing protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.63-70
• /
• 2009

Recently, in the security token based authentication system, there is an increasing trend of using fingerprint for the token holder verification, instead of passwords. However, the security of the fingerprint data is particularly important as the possible compromise of the data will be permanent. In this paper, we propose an approach for secure fingerprint verification by distributing both the secret and the computation based on the fuzzy vault(a cryptographic construct which has been proposed for crypto-biometric systems). That is, a user fingerprint template which is applied to the fuzzy vault is divided into two parts, and each part is stored into a security token and a server, respectively. At distributing the fingerprint template, we consider both the security level and the verification accuracy. Then, the geometric hashing technique is applied to solve the fingerprint alignment problem, and this computation is also distributed over the combination of the security token and the server in the form of the challenge-response. Finally, the polynomial can be reconstructed from the accumulated real points from both the security token and the server. Based on the experimental results, we confirm that our proposed approach can perform the fuzzy vault-based fingerprint verification more securely on a combination of a security token and a server without significant degradation of the verification accuracy.