• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.75-88
• /
• 2007

Current electronic voting systems are not sufficient to satisfy trustworthy elections as they do not provide any proof or confirming evidence of their honesty. This lack of trustworthiness is the main reason why e-voting is not widespread even though e-voting is expected to be more efficient than the current plain paper voting. Many experts believe that the only way to assure voters that their intended votes are casted is to use paper receipts. In this paper, we propose an efficient scheme for issuing receipts to voters in an e-voting environment using the well-known cut-and-choose method. Our scheme does not require any special printers or scanners, nor frequent observations of voting machines. In addition, our scheme is more secure than the previous schemes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.111-122
• /
• 2008

Web service is defined to support interoperable machine to machine interaction over a network and defined as distributed technologies. Recently in web service environment, security has become one of the most critical issues. An attacker may expose user privacy and service information without authentication. Furthermore, the users of web services must temporarily delegate some or all of their behalf. This results in the exposure of user privacy information by agents. We propose a delegation model for providing safety of web service and user privacy in ubiquitous computing environments. In order to provide safety of web service and user privacy, XML-based encryption and a digital signature mechanism need to be efficiently integrated. In this paper, we propose web service management server based on XACML, in order to manage services and policies of web service providers. For this purpose, we extend SAML to declare delegation assertions transferred to web service providers by delegation among agents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.3
• /
• pp.103-118
• /
• 2002

To provide the privacy of transmitted message over network the use of cryptographic system is increasing gradually. Because the security and reliability of the cryptographic system is totally rely on the key, the key management is the most important part of the cryptographic system. Although there are a lot of security products providing encryption, the security of the key exchange protocols used in the product are not mostly proved yet. Therefore, we have to study properties and operation of key agreement protocols based on elliptic curve in ANSI X9.63. furthermore, we analyze the security of their protocols under passive and active attacker models and propose the most suitable application field taking the feature of the protocols into account.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.71-80
• /
• 2002

To provide the confidentiality of messages transmitted over the network, the use of cryptographic system is increasing gradually and the hybrid cryptosystem, which combines the advantages of the symmetric cryptosystem and the public key cryptosystem is widely used. In this paper, we proposes a new hybrid cryptosystem capable of providing implicit authentication for the sender of the ciphertext by means of the 1-pass key distribution protocol that offers implicit key authentication, hash function and symmetric cryptosystem. Also, we describe some examples such as the Diffie-Hellman based system and the Nyberg-Ruppel based system. The proposed hybrid cryptosystem is an efficient more than general public key cryptosystems in the aspect of computation work and provides implicit authentication for the sender without additional increase of the communication overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.85-98
• /
• 2003

Computational power of IC chip is improved day after day producing IC chips holding co-processor continuously. Also a lot of wireless terminals which IC chip embedded in are produced in order to provide simple and various services in the wireless terminal market. However it is difficult to apply the key distribution protocol under wired communication environment to wireless communication environment. Because the computational power of co-processor embedded in IC chip under wireless communication environment is less than that under wired communication environment. In this paper, we propose the hey distribution protocol appropriate for wireless communication environment which diminishes the computational burden of server and client by using co-processor that performs cryptographic operations and makes up for the restrictive computational power of terminal. And our proposal is satisfied with the security requirements that are not provided in existing key distribution protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.71-84
• /
• 2003

Self-certified public keys need not be accompanied with a separate certificate to be authenticated by other users because the public keys are computed by both the authority and the user. At this point, verifiable self-certified public keys are proposed that can determine which is wrong signatures or public keys if public keys are used in signature scheme and then verification of signatures does not succeed. To verify these public keys, key generation center's public key trusted by users is required. If all users trust same key generation center, public keys can be verified simply. But among users in different domains, rusty relationship between two key generation centers must be accomplished. In this paper we propose inter-domain verifiable self-certified public keys that can be verified without certificate between users under key generation centers whose trusty relationship is accomplished. Also we present the execution of signature and key distribution between users under key generation centers use different public key parameters.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.149-161
• /
• 2003

Partially blind signature scheme allows the signer to insert non-removable common information into his blind signature. Blind signatures providing with both users privacy and data authenticity are one of key parts of information systems, such anonymous electronic cash and electronic voting as typical examples. Partially blind signature, with which all expired e-cash but for still-alive can be removed from the banks database, copes well with the problem of unlimited growth of the banks' database in an electronic cash system. In this paper we propose an efficient ID-based partially blind signature scheme using the Weil-pairing on Gap Diffie-Hellman group. The security of our scheme relies on the hardness of Computational Diffie-Hellman Problem. The proposed scheme provides higher efficiency than existing partially blind signature schemes by using three-pass protocol between two participants, the signer and requesters also by reducing the computation load. Thus it can be efficiently used in wireless environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.1
• /
• pp.45-53
• /
• 2006

In this paper, we propose a method for enlarging quantization steps of a QIM watermarking scheme which determines the perceptual quality and robustness of the watermarked images. In general, increasing the quantization steps leads to good robustness but poor perceptual quality of watermarked images and vice versa. However, if we choose the quantization steps considering the expected quantization results as well as the original images, we can increase both robustness and perceptual quality of the watermarked images.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.119-126
• /
• 2006

In order to improve voters' reliability in electronic voting system, voter verifiable receipt technique is being actively researched. Since the receipt should be verifiable not only inside but also outside a polling place, it satisfies the requirements, individual verifiability and receipt-freeness. In the previous researches, there are some problems that special paper and printer is necessary or frequent monitoring is needed to confirm the voting machine's trustworthiness. In this paper, we propose a new receipt issuing scheme. Our scheme does not require any special equipments such as special paper and printer or optical scanner. In addition to that it does not require voters to trust any devices in the polling station and there is no need of frequent observations to the voting machines.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.117-130
• /
• 2012

Recently, smartphone has being most popular mobile device in mobile market, not around the world, but in domestic. In Korea, there are about 710 million people are using smartphone in 2010, and it is expected that about 1 billion people will use smartphone in next year. However, with exponential growth of smartphone, several security issues come to the fore. Because, the smartphone store various private information to provide user customized services, smartphone security can be regarded most critical issues than security of other devices. However, leak of awareness for security may cause many security accidents in present. Therefore, in this paper, we analyze security features of smartphone and propose a protection profile based on Common Criteria v3.1. Our work can be distributed for developer and user of smartphone to estimate security of smartphone.