• 한국콘텐츠학회논문지
• /
• 제1권1호
• /
• pp.74-82
• /
• 2001

시각암호는 정보보호 분야에서 중요한 정보를 암호화하여 복수 회원에게 분산시킨 후 회원의 합의에 의하여 해독이 가능하게 하는 thresholding scheme을 디지털 시스템인 아닌 인간의 시각 시스템으로 복호가 가능하게 하였다. 그러나 이러한 방법은 표현의 한계로 인하여 몇 가지 문제점을 안고 있었다. 이후 인간의 시각을 대신하여 레이저를 사용하는 광시각암호가 제안되어 광학 시스템에 암호 기법을 적용할 수 있게 되었다. 그러나 이 시스템은 기존의 시각 암호의 문제점을 완전히 극복하지 못함으로 인하여 또 다른 문제를 발생하였다. 이것은 데이터 처리 시스템을 시각에서 광학으로 전환하는 과정에서 발생하기 때문에 문제의 분석과 해결 역시 광학적으로 접근하는 것이 타당하다. 본 논문에서는 상관기를 이용하여 광시각 암호의 처리에서 발생하는 잡음의 정도와 암호 특성을 주파수 관점에서 분석한다.

• 디지털콘텐츠학회 논문지
• /
• 제13권4호
• /
• pp.531-538
• /
• 2012

시각암호는 복잡한 암호학적 연산 없이 분산된 영상을 중첩함으로써, 인간의 시각에 의해 비밀영상을 직접 복원할 수 있는 방법이다. 최근까지 시각암호 분야는 크게 복호화 된 영상의 해상도를 향상시키기 위한 비밀 분산법, 분산된 영상의 크기가 변하지 않는 비밀 분산법 그리고 크기조절에 강인한 비밀 분산법 등에 관하여 연구되고 있다. 시각암호 그 자체는 단순히 분산된 영상만 이용하기 때문에 공격받기 쉽다. 따라서 비밀영상을 안전하게 공유할 수 있는 시각암호 구조가 필요하기 때문에 본 논문에서는 실제 사용될 수 있는 기본적인 시각암호 구조에서 커버영상을 이용해 개선된 시각암호 구조를 제안한다. 제안된 방법은 커버영상의 변조를 줄임으로써 steganalysis를 어렵게 하여 확률적으로 높은 안전성을 제공한다. 또한 잡음을 생성하지 않고, 비밀영상을 온전히 복원할 수도 있음을 보였다.

• 대한전자공학회논문지SD
• /
• 제40권3호
• /
• pp.10-18
• /
• 2003

본 논문에서는 마흐-젠더 간섭계에서 진행파의 위상정보와 직교 편광을 이용하여 광학적 암호화 시스템을 제안하였다. 두 개의 서로 직교편광의 가간섭성에 의해 간섭현상이 제거되기 때문에 복호 영상이 안정하다. 암호화 과정에서는 원 영상이 수직편광과 수평편광간의 상대적인 위상차에 의해 랜덤한 편광상태를 가지는 영상으로 암호화 된다. 따라서 랜덤한 편광분포로부터 원 영상의 정보를 알 수 없다. 영상을 복호화하기 위해서는 암호화된 영상의 랜덤한 편광분포를 서로 직교하는 두 성분으로 나누고 키영상을 간섭계에 수직 경로에 위치시킨다. 복호 영상은 검광기를 사용하여 세기형태로 재생하였다.

• 한국인터넷방송통신학회논문지
• /
• 제12권5호
• /
• pp.67-74
• /
• 2012

현재 유료 동영상 콘텐츠는 보안 취약점을 이용하여 제 3자가 취득할 수 있는 문제점이 있다. 본 연구에서는 제3자의 위법적인 다운로드를 차단하기 위하여 상용화되어 사용 중인 동영상 암호화 방식을 분석하였다. 그리고 기존에 있던 방식인 주소 암호화 방식과 암호화 프로토콜을 사용하는 방식에 추가하여 프로그램 자체에서 암호화 및 복호화를 하여 송, 수신하는 방식을 제안하였다. 성능평가를 위해서 암호화를 통한 인코딩과 디코딩 지연시간을 최대한으로 줄이면서 보안 향상을 이룰 수 있는지를 가지고 기존의 방식과 비교 분석하였다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제12권3호
• /
• pp.1315-1329
• /
• 2018

Ciphertext-policy attribute-based encryption (CP-ABE) associates ciphertext with access policies. Only when the user's attributes satisfy the ciphertext's policy, they can be capable to decrypt the ciphertext. Expressivity and security are the two directions for the research of CP-ABE. Most of the existing schemes only consider monotonic access structures are selectively secure, resulting in lower expressivity and lower security. Therefore, fully secure CP-ABE schemes with non-monotonic access structure are desired. In the existing fully secure non-monotonic access structure CP-ABE schemes, the attributes that are set is bounded and a one-use constraint is required by these projects on attributes, and efficiency will be lost. In this paper, to overcome the flaw referred to above, we propose a new fully secure non-monotonic access structure CP-ABE. Our proposition enforces no constraints on the scale of the attributes that are set and permits attributes' unrestricted utilization. Furthermore, the scheme's public parameters are composed of a constant number of group elements. We further compare the performance of our scheme with former non-monotonic access structure ABE schemes. It is shown that our scheme has relatively lower computation cost and stronger security.

• Journal of Information Processing Systems
• /
• 제14권5호
• /
• pp.1087-1101
• /
• 2018

As cloud computing has become a widespread technology, malicious attackers can obtain the private information of users that has leaked from the service provider in the outsourced databases. To resolve the problem, it is necessary to encrypt the database prior to outsourcing it to the service provider. However, the most existing data encryption schemes cannot process a query without decrypting the encrypted databases. Moreover, because the amount of the data is large, it takes too much time to decrypt all the data. For this, Programmable Order-Preserving Secure Index Scheme (POPIS) was proposed to hide the original data while performing query processing without decryption. However, POPIS is weak to both order matching attacks and data count attacks. To overcome the limitations, we propose a group order-preserving data encryption scheme (GOPES) that can support efficient query processing over the encrypted data. Since GOPES can preserve the order of each data group by generating the signatures of the encrypted data, it can provide a high degree of data privacy protection. Finally, it is shown that GOPES is better than the existing POPIS, with respect to both order matching attacks and data count attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권7호
• /
• pp.3339-3352
• /
• 2016

In ciphertext-policy attribute-based encryption (CP-ABE) scheme, a user's secret key is associated with a set of attributes, and the ciphertext is associated with an access policy. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the access policy specified in the ciphertext. In the present schemes, access policy is sent to the decryptor along with the ciphertext, which means that the privacy of the encryptor is revealed. In order to solve such problem, we propose a CP-ABE scheme with hidden access policy, which is able to preserve the privacy of the encryptor and decryptor. And what's more in the present schemes, the users need to do excessive calculation for decryption to check whether their attributes match the access policy specified in the ciphertext or not, which makes the users do useless computation if the attributes don't match the hidden access policy. In order to solve efficiency issue, our scheme adds a testing phase to avoid the unnecessary operation above before decryption. The computation cost for the testing phase is much less than the decryption computation so that the efficiency in our scheme is improved. Meanwhile, our new scheme is proved to be selectively secure against chosen-plaintext attack under DDH assumption.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제10권5호
• /
• pp.2394-2406
• /
• 2016

ABE has become an effective tool for data protection in cloud computing. However, since users possessing the same attributes share the same private keys, there exist some malicious users exposing their private keys deliberately for illegal data sharing without being detected, which will threaten the security of the cloud system. Such issues remain in many current ABE schemes since the private keys are rarely associated with any user specific identifiers. In order to achieve user accountability as well as provide key exposure protection, in this paper, we propose a key-insulated ciphertext policy attribute based encryption with key exposure accountability (KI-CPABE-KEA). In our scheme, data receiver can decrypt the ciphertext if the attributes he owns match with the self-centric policy which is set by the data owner. Besides, a unique identifier is embedded into each user's private key. If a malicious user exposes his private key for illegal data sharing, his identity can be exactly pinpointed by system manager. The key-insulation mechanism guarantees forward and backward security when key exposure happens as well as provides efficient key updating for users in the cloud system. The higher efficiency with proved security make our KI-CPABE-KEA more appropriate for secure data sharing in cloud computing.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제11권5호
• /
• pp.2646-2659
• /
• 2017

Equipped with the advantages of flexible access control and fine-grained authentication, attribute based signcryption is diffusely designed for security preservation in many scenarios. However, realizing efficient key evolution and reducing the calculation costs are two challenges which should be given full consideration in attribute based cryptosystem. In this paper, we present a key-policy attribute based signcryption scheme (KP-ABSC) with delegated computation and efficient key updating. In our scheme, an access structure is embedded into user's private key, while ciphertexts corresponds a target attribute set. Only the two are matched can a user decrypt and verify the ciphertexts. When the access privileges have to be altered or key exposure happens, the system will evolve into the next time slice to preserve the forward security. What's more, data receivers can delegate most of the de-signcryption task to data server, which can reduce the calculation on client's side. By performance analysis, our scheme is shown to be secure and more efficient, which makes it a promising method for data protection in data outsourcing systems.

• Journal of Communications and Networks
• /
• 제14권6호
• /
• pp.682-691
• /
• 2012

Key agreement protocol is a fundamental protocol in cryptography whereby two or more participants can agree on a common conference key in order to communicate securely among themselves. In this situation, the participants can securely send and receive messages with each other. An adversary not having access to the conference key will not be able to decrypt the messages. In this paper, we propose a novel identity-based authenticated multi user key agreement protocol employing a symmetric balanced incomplete block design. Our protocol is built on elliptic curve cryptography and takes advantage of a kind of bilinear map called Weil pairing. The protocol presented can provide an identification (ID)-based authentication service and resist different key attacks. Furthermore, our protocol is efficient and needs only two rounds for generating a common conference key. It is worth noting that the communication cost for generating a conference key in our protocol is only O($\sqrt{n}$) and the computation cost is only O($nm^2$), where $n$ implies the number of participants and m denotes the extension degree of the finite field $F_{p^m}$. In addition, in order to resist the different key attack from malicious participants, our protocol can be further extended to provide the fault tolerant property.