• The Journal of Society for e-Business Studies
• /
• v.12 no.4
• /
• pp.29-36
• /
• 2007

Recently, Jaiswal et al. proposed a protocol to improve the multi-agent negotiation test-bed which was proposed by Collins et al. Using publish/subscribe system, time-release cryptography and anonymous communication, their protocol gives an improvement on the old one. However, it is shown that the protocol also has some security weaknesses: such as replay data attack and DOS (denial-of-service) attack, anonymity disclosure, collusion between customers and a certain supplier. So proposed protocol reduces DOS attack and avoids replay data attack by providing ticket token and deal sequence number to the supplier. And it is proved that the way that market generates random number to the supplier is better than the supplier do by himself in guaranteeing anonymity. Market publishes interpolating polynomial for sharing the determination process data. It avoids collusion between customer and a certain supplie

• Journal of Korea Multimedia Society
• /
• v.7 no.7
• /
• pp.922-933
• /
• 2004

In recent years, peer-to-peer network have a greate deal of attention for distributed computing or collaborative application, and work of ID-based public key systems have been focusing on the area of cryptography. In this paper, we propose ID-based group key management protocols for secure communication in autonomous peer group. Each member obtains his public/private key pair derived from his identification string from Private Key Generator. No central server participates in group key management protocol instead, all group members share the burden of group key management by the collaboration of themselves, so that our scheme avoids the single point of failure problem. In addition, our scheme considers the nature of dynamic peer group such as frequent joining and leaving of a member.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.5
• /
• pp.968-988
• /
• 2010

Anonymous hierarchical identity based encryption (HIBE) is an extension of identity based encryption (IBE) that can use an arbitrary string like an e-mail address for a public key, and it additionally provide the anonymity of identity in ciphertexts. Using the anonymous HIBE schemes, it is possible to construct anonymous communication systems and public key encryption with keyword search. This paper presents an anonymous HIBE scheme with constant size ciphertexts under prime order symmetric bilinear groups, and shows that it is secure under the selective security model. Previous anonymous HIBE schemes were constructed to have linear size ciphertexts, to use composite order bilinear groups, or to use asymmetric bilinear groups that is a special type of bilinear groups. Our construction is the first efficient anonymous HIBE scheme that has constant size ciphertexts and that uses prime order symmetric bilinear groups. Compared to the previous scheme of composite order bilinear groups, ours is ten times faster. To achieve our construction, we first devise a novel cancelable random blinding technique. The random blinding property of our technique provides the anonymity of our construction, and the cancellation property of our technique enables decryption.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.924-944
• /
• 2017

Telecare Medical Information System (TMIS) helps the patients to gain the health monitoring information at home and access medical services over the mobile Internet. In 2015, Das et al proposed a secure and robust user AKA scheme for hierarchical multi-medical server environment in TMIS, referred to as DAKA protocol, and claimed that their protocol is against all possible attacks. In this paper, we first analyze and show DAKA protocol is vulnerable to internal attacks, impersonation attacks and stolen smart card attack. Furthermore, DAKA protocol also cannot provide confidentiality. We then propose a lightweight pseudonym AKA protocol for multi-medical server architecture in TMIS (short for PAKA). Our PAKA protocol not only keeps good security features declared by DAKA protocol, but also truly provides patient's anonymity by using pseudonym to protect sensitive information from illegal interception. Besides, our PAKA protocol can realize authentication and key agreement with energy-saving, extremely low computation cost, communication cost and fewer storage resources in smart card, medical servers and physical servers. What's more, the PAKA protocol is proved secure against known possible attacks by using Burrows-Abadi-Needham (BAN) logic. As a result, these features make PAKA protocol is very suitable for computation-limited mobile device.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4527-4547
• /
• 2018

Signcryption is a cryptographic primitive that provides authentication (signing) and confidentiality (encrypting) simultaneously at a lower computational cost and communication overhead. With the proposition of certificateless public key cryptography (CLPKC), certificateless signcryption (CLSC) scheme has gradually become a research hotspot and attracted extensive attentions. However, many of previous CLSC schemes are constructed based on time-consuming pairing operation, which is impractical for mobile devices with limited computation ability and battery capacity. Although researchers have proposed pairing-free CLSC schemes to solve the issue of efficiency, many of them are in fact still insecure. Therefore, the challenging problem is to keep the balance between efficiency and security in CLSC schemes. In this paper, several existing CLSC schemes are cryptanalyzed and a new CLSC scheme without pairing based on elliptic curve cryptosystem (ECC) is presented. The proposed CLSC scheme is provably secure against indistinguishability under adaptive chosen-ciphertext attack (IND-CCA2) and existential unforgeability under adaptive chosen-message attack (EUF-CMA) resting on Gap Diffie-Hellman (GDH) assumption and discrete logarithm problem in the random oracle model. Furthermore, the proposed scheme resists the ephemeral secret leakage (ESL) attack, public key replacement (PKR) attack, malicious but passive KGC (MPK) attack, and presents efficient computational overhead compared with the existing related CLSC schemes.

• Journal of Digital Convergence
• /
• v.11 no.11
• /
• pp.675-682
• /
• 2013

This paper tries to solve the problems which previous methods have the model using smart card for protecting digital contents. This study provides a contents distribution model to protect the rights of author, distributor, and user as well as user's information by using technologies such as cryptography, DRM(Digital Right Management), access control, etc. The proposed system is evaluated as the most safety model compared with previous methods because it not only solves the problems which the previous methods have, but also protects four type of risks such as use of contents which other mobile devices download, the attack on the key to decode the message, the attack on leaking the contents, and the internal attack such as an illegal reproduction.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.4C
• /
• pp.356-364
• /
• 2003

Presently, etwork is being in the existence as an influence can not be neglected. This rapid progress of network has gone with development of mobile network and information communication. But the development of network can generate serous social problems. So, it is highly required to control security of network. These problems related security will be developed and keep up to confront with anti-security part such as hacking, cracking. There's no way to preserve security from hacker or cracker without delvelopping new cryptographic algorithm or keeping the state of anti-cryptanalysis in a prescribed time by means of extendig key-length. Worldwidely, many researchers for network security are trying to handle these problems. In this paper, we proposed a new block cryptosystem. The Block cipher-Secure Electronic Xenogenesis Algorithm(B-SEXA) which is capable to cipher regardless of key distribution or key-length for these definite problem is proposed and designed in hardware. B-SEXA increase secret level from using a MDP and MLP in maximum is proposed to prevent cryptograpy analysis. The designed B-SEXA in this paper performed synthesization and simulation using Synopsys Vwe. 1999.10 and VHDL.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.11
• /
• pp.617-625
• /
• 2004

We propose an efficient stream authentication scheme that is an improvement of PCC scheme by using information dispersal algorithm. The drawback of PCC scheme is that received packets for each group are verifiable only if the signature packet of the group is successfully received. The proposed scheme processes the signature packet by introducing some amount of redundancy and splitting the result into pieces, which are then transmitted. The receiver is able to reconstruct the signature packet if the number of the received pieces is larger than the threshold. It is shown that under the same communication overhead verification probability of the proposed scheme is higher than that of SAIDA. Moreover, its computational cost is lower than that of SAIDA.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.7_8
• /
• pp.417-425
• /
• 2003

We propose an efficient one-time signature scheme for stream authentication by improving HORS. When one-time signatures are used for authenticating live streams, one of the most serious drawbacks is that its large signature size yields high communication overhead. Compared with the previous one-time signature schemes, proposed scheme has the smallest signature size. Moreover, verification overhead is very low. Compared with the previous schemes for stream authentication, signing overhead of our scheme is larger than that of HORS but much lower than those of BiBa or Powerball. Moreover, signing operation can be trivially parallelized without any additional risk because it does not require sharing of the secret key between distributed servers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.8
• /
• pp.4006-4024
• /
• 2017

Internet of Things (IoT) will transform our daily life by making different aspects of life smart like smart home, smart workplace, smart health and smart city etc. IoT is based on network of physical objects equipped with sensors and actuators that can gather and share data with other objects or humans. Secure communication is required for successful working of IoT. In this paper, a total of 13 lightweight cryptographic algorithms are evaluated based on their implementation results on 8-bit, 16-bit, and 32-bit microcontrollers and their appropriateness is examined for resource-constrained scenarios like IoT. These algorithms are analysed by dissecting them into their logical and structural elements. This paper tries to investigate the relationships between the structural elements of an algorithm and its performance. Association rule mining is used to find association patterns among the constituent elements of the selected ciphers and their performance. Interesting results are found on the type of element used to improve the cipher in terms of code size, RAM requirement and execution time. This paper will serve as a guideline for cryptographic designers to design improved ciphers for resource constrained environments like IoT.