• Review of KIISC
• /
• v.19 no.6
• /
• pp.75-85
• /
• 2009

아이디 기반 암호의 개념과 발전과정들을 소개한다. 또한, 다양한 응용들에 대해서 살펴보고 아직까지 해결되지 않은 몇 가지 문제들에 대해 소개한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06d
• /
• pp.67-71
• /
• 2010

아이디 기반 암호 체계는 공개키를 생성하기 위하여 별도의 정보 교환을 하지 않고, 사용자의 신원을 확인할 수 있는 고유 정보를 이용하여 공개키를 생성함으로써 효율적인 공개키 생성 및 관리가 가능하다. 또한 대리 서명 기법은 원 서명자가 부득이하게 서명을 할 수 없을 경우 자신이 선택한 대리 서명자에게 서명 권한을 위임함으로써 대리 서명자가 원 서명자 대신 서명을 할 수 있는 기능을 제공하는 기법이다. Signcryption 기법은 하나의 기법으로 서명과 암호화 모두를 수행 할 수 있다. 위 기법들의 장점을 한번에 취할 수 있는 기법이 아이디 기반 대리 Signcryption 기법이다. 본 논문에서는 아이디 기반 대리 Signcryption 기법을 이해하기 위해 필요한 기반 지식과 아이디 기반 대리 Signcryption 기법에 대하여 기술하고자 한다.

• Journal of KIISE:Information Networking
• /
• v.37 no.1
• /
• pp.72-83
• /
• 2010

Group communication in a wireless mesh network is complicated due to dynamic intermediate mesh points, access control for communications between different administrative domains, and the absence of a centralized network controller. Especially, many-to-many multicasting in a dynamic mesh network can be modeled by a decentralized framework where several subgroup managers control their members independently and coordinate the inter-subgroup communication. In this study, we propose a topology-matching decentralized group key management scheme that allows service providers to update and deliver their group keys to valid members even if the members are located in other network domains. The group keys of multicast services are delivered in a distributed manner using the identity-based encryption scheme. Identity-based encryption facilitates the dynamic changes of the intermediate relaying nodes as well as the group members efficiently. The analysis result indicates that the proposed scheme has the advantages of low rekeying cost and storage overhead for a member and a data relaying node in many-to-many multicast environment. The proposed scheme is best suited to the settings of a large-scale dynamic mesh network where there is no central network controller and lots of service providers control the access to their group communications independently.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.04a
• /
• pp.263-264
• /
• 2016

클라우드 컴퓨팅은 장점으로 인해 대중화되고 있지만, 자신의 자원에 대한 제어를 클라우드 제공자에게 의존하는 문제가 있다. 이러한 클라우드 시스템의 보안 문제를 해결하기 위해 암호화 기법을 이용한 다양한 기법들이 제안되었으나 확장성 문제로 인해, 아직도 많은 기법들이 제안되고 있다. 본 논문에서는 속성 기반(attribute-based) 접근 제어 기법에서 사용되는 속성을 이용하여 속성을 기반으로 하는 암호화 기법을 제안한다. 이를 위해 XACML를 통해 주체 및 자원과 환경 속성을 표현하며 인증과 권한 검증을 위한 메시지 교환을 위해 SAML 기술을 제안한다. 이를 통해 속성으로 표현된 암호화된 자원에 대한 접근 제어 방법을 제안한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.449-455
• /
• 2021

This paper proposes an encryption web transaction attack detection system based on the existing web application monitoring system. Although there was difficulty in detecting attacks on the encrypted web traffic because the existing web traffic security systems detect and defend attacks based on encrypted packets in the network area of the encryption section between the client and server, by utilizing the technology of the web application monitoring system, it is possible to detect various intelligent cyber-attacks based on information that is already decrypted in the memory of the web application server. In addition, since user identification is possible through the application session ID, statistical detection of attacks such as IP tampering attacks, mass web transaction call users, and DDoS attacks are also possible. Thus, it can be considered that it is possible to respond to various intelligent cyber attacks hidden in the encrypted traffic by collecting and detecting information in the non-encrypted section of the encrypted web traffic.

• Journal of Internet Computing and Services
• /
• v.19 no.5
• /
• pp.55-66
• /
• 2018

Since existing server-based authentications use vulnerable password-based authentication, illegal leak of personal data occurs frequently. Since this can cause illegal ID compromise, alternative authentications have been studied. Recently token-based authentications like OAuth 2.0 or JWT have been used in web sites, however, they have a weakness that if a hacker steals JWT token in the middle, they can obtain plain authentication data from the token, So we suggest a new authentication method using the verification token of authentic code to encrypt authentication data with effective time. The verification is to compare an authentication code from decryption of the verification-token with its own code. Its crypto-method is based on do XOR with ECDH session key, which is so fast and efficient without overhead of key agreement. Our method is outstanding in preventing the personal data leakage.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.563-565
• /
• 2008

In this paper, we construct an efficient fuzzy identity-based encryption scheme in the random oracle model. The fuzzy identity-based encryption is an extension of identity-based encryption schemes where a user's public key is represented as his identity. Our construction requires constant number of bilinear map operations for decryption and the size of private key is small compared with the previous fuzzy identity-based encryption of Sahai-Waters. We also presents that our fuzzy identity-based encryption can be converted to attribute-based encryption schemes.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2009.01a
• /
• pp.245-248
• /
• 2009

무선네트워크 환경에서 인증과 암호화를 함으로서 보안이 강화되는 효과가 있으나 무선네트워크를 이용하는 이용자들에 대한 권한이 동일하게 부여되면 접근성에 문제점이 대두됨에 따라 이용자 그룹별로 인터넷 이용에 대한 접근권한을 제어함으로서 다양한 학내 구성원, 계약직, 방문자, 시민 등 에게 보안측면과 운영성에 편리성을 가져올 수 있다. 관리자기 정책을 만들어 각각의 액세스포인트에 정책을 적용하고 사용자가 인증을 받을 때 인증서버에서 사용자에 대한 필터아이디를 액세스포인트에 전달해줌으로서 사용자에 대한 정책규칙이 적용된다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.3
• /
• pp.57-63
• /
• 2011

The internet is currently becoming popularized and generalized in our daily life. Recently, a lot of hacking tools have appeared on the internet. And damage size and seriousness the measurement is impossible. The password security protects oneself and information is the tool which is essential for from the internet, if this emphasizes no matter how, does not go to extremes. If applies a encryption, a 7 character password is sufficient, so long as attackers don't pick easily guessed values. In this paper, entering password using the virtual keyboard, I propose a new and improved one time password algorithm using information a part of ID and final approval time.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.20-34
• /
• 2009

We newly propose a multiple and unlinkable identity-based public key encryption scheme which allows the use of a various number of identity-based public keys in different groups or applications while keeping a single decryption key so that the decryption key can decrypt every ciphertexts encrypted with those public keys. Also our scheme removes the use of certificates as well as the key escrow problem so it is functional and practical. Since our public keys are unlinkable, the user's privacy can be protected from attackers who collect and trace the user information and behavior using the known public keys. Furthermore, we suggest a decryption key renewal protocol to strengthen the security of the single decryption key. Finally, we prove the security of our scheme against the adaptive chosen-ciphertext attack under the random oracle model.