• Journal of Communications and Networks
• /
• 제17권5호
• /
• pp.453-462
• /
• 2015

Body area networks (BANs) have emerged as an enabling technique for e-healthcare systems, which can be used to continuously and remotely monitor patients' health. In BANs, the data of a patient's vital body functions and movements can be collected by small wearable or implantable sensors and sent using shortrange wireless communication techniques. Due to the shared wireless medium between the sensors in BANs, it may be possible to have malicious attacks on e-healthcare systems. The security and privacy issues of BANs are becoming more and more important. To provide secure and correct association of a group of sensors with a patient and satisfy the requirements of data confidentiality and integrity in BANs, we propose a novel enhanced secure sensor association and key management protocol based on elliptic curve cryptography and hash chains. The authentication procedure and group key generation are very simple and efficient. Therefore, our protocol can be easily implemented in the power and resource constrained sensor nodes in BANs. From a comparison of results, furthermore, we can conclude that the proposed protocol dramatically reduces the computation and communication cost for the authentication and key derivation compared with previous protocols. We believe that our protocol is attractive in the application of BANs.

• 정보보호학회논문지
• /
• 제16권1호
• /
• pp.105-114
• /
• 2006

USN은 모든 사물에 컴퓨팅과 통신기능 및 센싱 기능을 부여하여 언제, 어디서나, 통신이 가능한 환경을 구축하는 네트워크로서, 향후에는 다양한 센싱 기능이 추가되어 이들 간의 네트워크가 구축되는 형태로 발전할 것이다. 따라서 본 논문에서는 무선 센서 네트워크를 무인 경비 시스템에 적용할 경우 나타날 수 있는 정보 보안상의 취약점을 도출하고, 현재 제안된 보안 프로토콜 중에서 SNEP(Secure Network Encryption Protocol)을 사용하여 안전한 무선 센서네트워크를 만들고자 한다. 그러나 SNEP에 사용한 CBC-MAC은 메시지의 길이가 가변일 경우 안전하지 못하기 때문에, 오직 한 개의키를 갖으면서도 임의의 길이 메시지도 안전하게 취급할 수 있는 OMAC(One-Key CBC-MAC)를 SNEP에 적용한 새로운 기법인 OMAC-SNEP을 제안하고, 구현하였다. 따라서 본 OMAC-SNEP 기법은 무인 경비시스템은 물론 기타의 무선 센서 네트워크에서도 널리 활용이 가능할 것이라 생각된다.

• 한국통신학회논문지
• /
• 제36권8B호
• /
• pp.1028-1037
• /
• 2011

최근 Selim등은 공개키 암호 기반의 프라이버시를 제공하기 위해 다중-컨텍스트 RFID 인증 프로토콜을 제안하였다. 하지만 Selim등이 제안한 프로토콜은 리더와 태그 간의 인증을 수행하는 과정에서 공개키 기반의 암호 알고리즘을 사용하므로 수동형 태그에는 적합하지 않을 뿐만 아니라 상호 인증 부재로 인한 위장 공격에 취약하다. 위와 같은 효율성 문제와 보안 취약점 해결을 위해 본 논문에서는 각각 다른 영역에서 단일 수동형 태그와 다양한 목적을 제공하는 리더들 간의 상호 인증을 제공함으로써 프라이버시 침해와 태그 위장 공격을 방지하며, 중계 공격과 서비스 거부 공격에 안전한 다중-컨텍스트 RFID 상호 인증 프로토콜을 제안한다. 결론적으로 제안한 프로토콜은 RFID 리더로부터 수집된 공간과 시간의 정보를 토대로 안전한 상호 인증이 수행되고, 수동형 태그에 적합하도록 안전한 일방향 해쉬 함수와 대칭키 암호 연산을 수행함으로써 강한 보안성과 높은 연산 효율성을 제공한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권11호
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• Journal of Information Processing Systems
• /
• 제13권1호
• /
• pp.152-173
• /
• 2017

Mobile phones are the most common communication devices in history. For this reason, the number of mobile subscribers will increase dramatically in the future. Therefore, the determining the location of a mobile station will become more and more difficult. The mobile station must be authenticated to inform the network of its current location even when the user switches it on or when its location is changed. The most basic weakness in the GSM authentication protocol is the unilateral authentication process where the customer is verified by the system, yet the system is not confirmed by the customer. This creates numerous security issues, including powerlessness against man-in-the-middle attacks, vast bandwidth consumption between VLR and HLR, storage space overhead in VLR, and computation costs in VLR and HLR. In this paper, we propose a secure authentication mechanism based new mobility management method to improve the location management in the GSM network, which suffers from a lot off drawbacks, such as transmission cost and database overload. Numerical analysis is done for both conventional and modified versions and compared together. The numerical results show that our protocol scheme is more secure and that it reduces mobility management costs the most in the GSM network.

• International Journal of Computer Science & Network Security
• /
• 제24권6호
• /
• pp.41-48
• /
• 2024

Existing PoS (Point of Sale) based payment frameworks are vulnerable as the Payment Application's integrity in the smart phone and PoS are compromised, vulnerable to reverse engineering attacks. In addition to these existing PoS (Point of Sale) based payment frameworks do not perform point-to-point encryption and do not ensure communication security. We propose a Smart and Secure PoS (SSPoS) Framework which overcomes these attacks. Our proposed SSPoS framework ensures point-to-point encryption (P2PE), Application hardening and Application wrapping. SSPoS framework overcomes repackaging attacks. SSPoS framework has very less communication and computation cost. SSPoS framework also addresses Heartbleed vulnerability. SSPoS protocol is successfully verified using Burrows-Abadi-Needham (BAN) logic, so it ensures all the security properties. SSPoS is threat modeled and implemented successfully.

• 한국정보과학회논문지:시스템및이론
• /
• 제33권1_2호
• /
• pp.110-118
• /
• 2006

양자간 암호학 프로토콜 디자인에서 잘 고려되지 않는 사항 중에 동시 메시지 전송이 있다. 즉, 듀플렉스(duplex) 채널을 사용해서 통신하는 두 파티는 동시에 메시지를 보낼 수 있다. 하지만 대부분의 양자간 키 교환 프로토콜은 두 파티가 교대로 메시지를 보내는 하프 듀플렉스(half-duplex) 채널을 가정해서 디자인되었다. 이 논문에서 우리는 듀플렉스 채널을 사용할 경우에 동시 메시지 전송을 사용해서 좀 더 효율적인 양자간 키 교환 프로토콜을 설계할 수 있음을 보인다 이 논문에서는 세 개의 안전성 증명 가능한 1-라운드 양자간 키 교환 프로토콜들을 제안한다. 첫 번째 프로토콜은 가장 효율적이며, 세션키 독립성(key independence)을 보장한다. 두 번째 프로토콜은 세션키 독립성과 더불어 전방위 안전성(forward secrecy)을 보장한다. 세 번째 프로토콜은 두 번째 프로토콜과 같은 안전성을 보장하지만, 표준모델(standard model)에서 안전성이 증명된다. 우리가 제안하는 프로토콜들은 최초의 안전성 증명이 가능하면서 전방위 안전성을 제공하는 1-라운드 양자간 키 교환 프로토콜이다.

• 한국멀티미디어학회논문지
• /
• 제7권12호
• /
• pp.1708-1718
• /
• 2004

In this paper, we are concerned with a digital fingerprinting scheme for multi-purchase where a buyer wants to buy more than a digital content. If we apply previous schemes to multi-purchase protocol, the number of execution of registration step and decryption key should be increased in proportion to that of digital contents to be purchased in order to keep unlinkability. More worse, most of fingerprinting schemes in the literature are based on either secure multi-party computation or general zero-knowledge proofs with very high computational complexity. These high complexities complicate materialization of fingerprinting protocol more and more. In this paper, we propose a multi-purchase fingerprinting scheme with lower computational complexity. In the proposed scheme, a buyer executes just one-time registration step regardless of the number of contents to be purchased. The number of decryption key is constant and independent of the number of contents to be purchased. We can also reduce the computational costs of buyers by introducing a concept of proxy-based fingerprinting protocol.

• 한국컴퓨터정보학회논문지
• /
• 제8권3호
• /
• pp.138-143
• /
• 2003

정보통신과 네트워크의 발전으로 인하여 유/무선망의 통합이 일반화되어가고 있다. 이러한 시점에서 무선환경에서 데이터 통신을 위한 프로토콜로서 WAP이 사용되고 있다. 이러한 WAP에서 안전한 통신을 위하여 개발된 WTLS는 인터넷 프로토콜인 TCP/IP에서 사용되는 TLS를 무선환경에 맞도록 최적화한 것이다. 그러나 WTLS는 WAP 보안문제, 종간 문제, 소비전력 등의 문제점을 가지고 있다. 그러므로 본 논문에서는 WTLS의 단점들을 없애고자 WTLS에 사용되는 암호알고리즘을 제안하였다. 제안된 알고리즘은 단일형태가 아닌 혼합형 알고리즘을 사용하기 때문에 계산상의 복잡도를 줄여 소비전력 및 보안문제를 해결할 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제7권5호
• /
• pp.1313-1327
• /
• 2013

How to make people keep both the confidentiality of the sensitive data and the privacy of their real identity in communication networks has been a hot topic in recent years. Researchers proposed privacy-preserving authenticated key exchange protocols (PPAKE) to answer this question. However, lots of PPAKE protocols need users to remember long secrets which are inconvenient for them. In this paper we propose a lightweight three-party privacy-preserving authentication key exchange (3PPAKE) protocol using smart card to address the problem. The advantages of the new 3PPAKE protocol are: 1. The only secrets that the users need to remember in the authentication are their short passwords; 2. Both of the users can negotiate a common key and keep their identity privacy, i.e., providing anonymity for both users in the communication; 3. It enjoys better performance in terms of computation cost and security. The security of the scheme is given in the random oracle model. To the best of our knowledge, the new protocol is the first provably secure authentication protocol which provides anonymity for both users in the three-party setting.