• Journal of Digital Convergence
• /
• v.14 no.10
• /
• pp.287-293
• /
• 2016

Wireless sensor networks (WSNs) have many applications and are deployed in a wide variety of areas. They are often deployed in potentially adverse or even hostile environment so that there are concerns on security issues in these WSNs. Recently, an anonymous user authentication and key agreement scheme (AUAKAS) was proposed based on symmetric cryptosystem in WSNs. It is claimed in AUAKAS that it assures security against different types of attacks including impersonation attacks. However, this paper shows that AUAKAS does not cope from user impersonation attack and gateway impersonation attack from the legally registered user on the gateway. The security analysis could guide the required features of the security scheme to be satisfied.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.563-577
• /
• 2018

In order to support secure communication in VANET(Vehicular Ad hoc Network), messages exchanged between vehicles or between vehicle and infrastructure must be authenticated. In this paper, we propose a hierarchical anonymous authentication system for VANET. The proposed system model reduces the overhead of PKG, which is a problem of previous system, by generating private keys hierarchically, thereby enhancing practicality. We also propose a two-level hierarchical identity-based signature(TLHIBS) scheme without pairings so that improve efficiency. The proposed scheme protects the privacy of the vehicle by satisfying conditional privacy and supports batch verification so that efficiently verifies multiple signatures. Finally, The security of the proposed scheme is proved in the random oracle model by reducing the discrete logarithm problem(DLP) whereas the security proof of the previous ID-based signatures for VANET was incomplete.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1643-1660
• /
• 2016

Connectivity and trust in social networks have been exploited to propose applications on top of these networks, including routing, Sybil defenses, and anonymous communication systems. In these networks, and for such applications, connectivity ensures good performance of applications while trust is assumed to always hold, so as collaboration and good behavior are always guaranteed. In this paper, we study the impact of differential behavior of users on performance in typical social network-enabled routing applications. We classify users into either collaborative or rational (probabilistically collaborative) and study the impact of this classification and the associated behavior of users on the performance of such applications, including random walk-based routing, shortest path based routing, breadth-first-search based routing, and Dijkstra routing. By experimenting with real-world social network traces, we make several interesting observations. First, we show that some of the existing social graphs have high routing costs, demonstrating poor structure that prevents their use in such applications. Second, we study the factors that make probabilistically collaborative nodes important for the performance of the routing protocol within the entire network and demonstrate that the importance of these nodes stems from their topological features rather than their percentage of all the nodes within the network.

• Journal of Information Processing Systems
• /
• v.8 no.1
• /
• pp.175-190
• /
• 2012

Shuffling is an effective method to build a publicly verifiable mix network to implement verifiable anonymous channels that can be used for important cryptographic applications like electronic voting and electronic cash. One shuffling scheme by Groth is claimed to be secure and efficient. However, its soundness has not been formally proven. An attack against the soundness of this shuffling scheme is presented in this paper. Such an attack compromises the soundness of the mix network based on it. Two new shuffling protocols are designed on the basis of Groth's shuffling and batch verification techniques. The first new protocol is not completely sound, but is formally analyzed in regards to soundness, so it can be applied to build a mix network with formally proven soundness. The second new protocol is completely sound, so is more convenient to apply. Formal analysis in this paper guarantees that both new shuffling protocols can be employed to build mix networks with formally provable soundness. Both protocols prevent the attack against soundness in Groth's scheme. Both new shuffling protocols are very efficient as batch-verification-based efficiency-improving mechanisms have been adopted. The second protocol is even simpler and more elegant than the first one as it is based on a novel batch cryptographic technique.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.5
• /
• pp.1450-1470
• /
• 2023

In a Vehicular Cloud (VC) network, an announcement protocol plays a critical role in promoting safety and efficiency by enabling vehicles to disseminate safety-related messages. The reliability of message exchange is essential for improving traffic safety and road conditions. However, verifying the message authenticity could lead to the potential compromise of vehicle privacy, presenting a significant security challenge in the VC network. In contrast, if any misbehavior occurs, the accountable vehicle must be identifiable and removed from the network to ensure public safety. Addressing this conflict between message reliability and privacy requires a secure protocol that satisfies accountability properties while preserving user privacy. This paper presents a novel announcement protocol for secure communication in VC networks that utilizes group signature to achieve seemingly contradictory goals of reliability, privacy, and accountability. We have developed the first comprehensive announcement protocol for VC using group signature, which has been shown to improve the performance efficiency and feasibility of the VC network through performance analysis and simulation results.

• Journal of Multimedia Information System
• /
• v.1 no.1
• /
• pp.23-43
• /
• 2014

With the rapidity of the development on electronic technology, various mobile devices are produced to make human life more convenient. The user is always in constant search of middle with ease of deployment. Therefore, the development of infrastructure and application with ubiquitous nature gets a growing keen interest. Recently, the number of pervasive network services is expanding into ubiquitous computing environment. To get desired services, user presents personal details about this identity, location and private information. The information transmitted and the services provided in pervasive computing environments (PCEs) are exposed to eavesdropping and various attacks. Therefore, the need to protect this environment from illegal accesses has become extremely urgent. In this paper, we propose an anonymous authentication and access control scheme to secure the interaction between mobile users and services in PCEs. The proposed scheme integrates a biometric authentication in PKI model. The proposed authentication aims to secure access remote in PCE for guaranteeing reliability and availability. Our authentication concept can offer pervasive network service users convenience and security.

• Journal of Information Technology Applications and Management
• /
• v.20 no.2
• /
• pp.177-191
• /
• 2013

Social network has been expected to increase the value of social capital through online user interactions which remove geographical boundary. However, online users in social networks face challenges of assessing whether the anonymous user and his/her providing information are reliable or not because of limited experiences with a small number of users. Therefore. it is vital to provide a successful trust model which builds and maintains a web of trust. This study aims to propose a prediction method for the interpersonal trust which measures the level of trust about information provider in Facebook. To develop the prediction method. we first investigated behavioral research for trust in social science and extracted 5 antecedents of trust : lenience, ability, steadiness, intimacy, and similarity. Then we measured the antecedents from the history of interactive behavior and built prediction models using the two decision trees and a computational model. We also applied the proposed method to predict interpersonal trust between Facebook users and evaluated the prediction accuracy. The predicted trust metric has dynamic feature which can be adjusted over time according to the interaction between two users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.667-678
• /
• 2016

Due to a development of the cable/wireless network infra, the traffic as big as unable to compare with the past is being served through the internet, the traffic is increasing every year following the change of the network paradigm such as the object internet, especially the traffic of about 1.6 zettabyte is expected to be distributed through the network in 2018. As the network traffic increases, the performance of the security infra is developing together to deal with the bulk terabyte traffic in the security equipment, and is generating hundreds of thousands of security events every day such as hacking attempt and the malignant code. Efficiently analyzing and responding to an event on the attack attempt detected by various kinds of security equipment of company is one of very important assignments for providing a stable internet service. This study attempts to overcome the limit of study such as the detection of Tor network traffic using the existing low-latency by classifying the anonymous network by means of the suggested algorithm about the event detected in the security infra.

• Journal of Internet Computing and Services
• /
• v.18 no.2
• /
• pp.1-11
• /
• 2017

There are two kinds of wireless network access to a certain place by using smart devices - 1) open (anonymous) - access and 2) user-authorized access. The open-access is a non-authorization connection method which does not need to require Smart device's user authorized information. It means open-access use only user's SSID (Service Set Identifier) information to access the wireless AP devices following public wireless network standard. This access mechanism is not suitable to use all of public wireless networks because users have to get all wireless network information around them. As a result, huge data for smart devices should be one of the most critical overload problems for them. Secondly, the user-authorized access method uses wireless network information (SSID and password) chosen by the users. So, the users have to remember and use the network access information data manually whenever accessing the network. Like open-access, this access method also has the operational and inconvenient problem for the users - manually inputting access information whenever connecting to the network. To overcome this problem in both schemes, we propose two improved wireless network access methods: 1) the implementation of automatic AP connection mechanism using user-authorization and iBeacon messages, and 2) SSID registration form for public wireless networks.

• Journal of Digital Convergence
• /
• v.18 no.9
• /
• pp.57-62
• /
• 2020

Smart home based on Internet of things (IoT) is rapidly emerging as an exciting research and industry field. However, security and privacy have been critical issues due to the open feature of wireless communication channel. As a step towards this direction, Shuai et al. proposed an anonymous authentication scheme for smart home environment using Elliptic curve cryptosystem. They provided formal proof and heuristic analysis and argued that their scheme is secure against various attacks including de-synchronization attack, mobile device loss attack and so on, and provides user anonymity and untraceability. However, this paper shows that Shuai et al.'s scheme does not provide user anonymity nor untraceability, which are very important features for the contemporary IoT network environment.