• Journal of the Korean Institute of Intelligent Systems
• /
• v.23 no.6
• /
• pp.558-564
• /
• 2013

Wireless sensor networks (WSNs) contain limited energy resources and are left in open environments. Since these sensor nodes are self-operated, attacks such as sinkhole attacks are possible as they can be compromised by an adversary. The sinkhole attack may cause to change initially constructed routing paths, and capture of significant information at the compromised node. A localized encryption and authentication protocol (LEAP) has been proposed to authenticate packets and node states by using four types of keys against the sinkhole attack. Even though this novel approach can securely transmits the packets to a base station, the packets are forwarded along the constructed paths without checking the next hop node states. In this paper, we propose the next hop node selection method to cater this problem. Our proposed method evaluates the next hop node considering three factors (i.e., remaining energy level, number of shared keys, and number of filtered false packets). When the suitability criterion for next hop node selection is satisfied against a fix threshold value, the packet is forwarded to the next hop node. We aim to enhance energy efficiency and a detour of attacked areas to be effectively selected Experimental results demonstrate validity of the proposed method with up to 6% energy saving against the sinkhole attack as compared to the LEAP.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.2
• /
• pp.23-36
• /
• 2005

The main obstacle hindering the wide deployment of identity-based cryptosystem is that the entity responsible for creating the private key has too much power. As a result, private keys are no longer private. One obvious solution to this problem is to apply the threshold technique. However, this increases the authentication computation, and communication cost during the key issuing phase. In this paper, we propose a new effi ient model for issuing multiple private keys in identity-based encryption schemes based on the Weil pairing that also alleviates the key escrow problem. In our system, the private key of a user is divided into two components, KGK (Key Description Key) and KUD(Key Usage Desscriptor), which are issued separately by different parties. The KGK is issued in a threshold manner by KIC (Key Issuing Center), whereas the KW is issued by a single authority called KUM (Key Usage Manager). Changing KW results in a different private key. As a result, a user can efficiently obtain a new private key by interacting with KUM. We can also adapt Gentry's time-slot based private key revocation approach to our scheme more efficiently than others. We also show the security of the system and its efficiency by analyzing the existing systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1553-1571
• /
• 2018

Currently, many of schemes for smart grid data aggregation are based on a one-level gateway (GW) topology. Since the data aggregation granularity in this topology is too single, the control center (CC) is unable to obtain more fine-grained data aggregation results for better monitoring smart grid. To improve this issue, Shen et al. propose an efficient privacy-preserving cube-data aggregation scheme in which the system model consists of two-level GW. However, a risk exists in their scheme that attacker could forge the signature by using leaked signing keys. In this paper, we propose a secure and fine-grained electricity consumption aggregation scheme for smart grid, which employs the homomorphic encryption to implement privacy-preserving aggregation of users' electricity consumption in the two-level GW smart grid. In our scheme, CC can achieve a flexible electricity regulation by obtaining data aggregation results of various granularities. In addition, our scheme uses the forward-secure signature with backward-secure detection (FSBD) technique to ensure the forward-backward secrecy of the signing keys. Security analysis and experimental results demonstrate that the proposed scheme can achieve forward-backward security of user's electricity consumption signature. Compared with related schemes, our scheme is more secure and efficient.

• Journal of Korea Society of Industrial Information Systems
• /
• v.12 no.1
• /
• pp.101-107
• /
• 2007

In this paper, we proposed an stable optical security system using interferometer and cascaded phase keys. For the encryption process, a BPCGH(binary phase computer generated hologram) that reconstructs the origial image is designed, using an iterative algorithm and the resulting hologram is regarded as the image to be encrypted. The BPCGH is encrypted through the exclusive-OR operation with the random generated phase key image. For the decryption process, we cascade the encrypted image and phase key image and interfere with reference wave. Then decrypted hologram image is transformed into phase information. Finally, the origianl image is recovered by an inverse Fourier transformation of the phase information. During this process, interference intensity is very sensitive to external vibrations. a stable interference pattern is obtained using self-pumped phase-conjugate minor made of the photorefractive material. In the proposed security system, without a random generated key image, the original image can not be recovered. And we recover another hologram pattern according to the key images, so can be used an authorized system.

• The KIPS Transactions:PartC
• /
• v.8C no.1
• /
• pp.75-87
• /
• 2001

The Conditional Access System is the complete system for ensuring that broadcasting services are only accessible to those who are entitled to receive them. Four major parts to this system are scrambling, descrambling, authentication and encryption. For the proper operation, which means hard-to- break and uninterrupted service, secure key management and efficient delivery mechanism are very important design factors to this system. Performance analysis is another important factor to this system that is used in massive subscriber environment. In this thesis, one of the secure and efficient key management mechanisms is proposed. For the secrecy of this mechanism, hierarchical stacking of keys and key generation matrix are proposed. For the proof of efficient delivery of those keys, simulation results and performance analysis. which is based on queuing analysis, are presented. Lastly, optimal key generation and delivery period, maximal and minimal key deliver time, and communication capacity for data collection are presented for various subscriber volume.

• Journal of KIISE:Information Networking
• /
• v.28 no.3
• /
• pp.309-320
• /
• 2001

This paper deals with security issues in a mobile agent system, especially protecting agent data from malicious agent servers. For this purpose, one-time key generation system, OKGS in short, is proposed. In OKGS, we integrate notions of a one-way hash function and a coupler. One-way function plays a major role in ensuring confidentiality and integrity of agent data. And the notion of a coupler is used to establish inter-relationship among consecutive encryption keys for agent data, i.e. all agent keys form a unidirectional chain. With these two features of OKGS, therefore, only the agent owner, who creates the agent bearing data, can decrypt and protect all the agent data which are gathered in the itinerary.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.4
• /
• pp.73-78
• /
• 2018

In this paper, we consider a system where multiple sources are encrypted in separated nodes and sent through their respective public communication channels into a joint sink node. We are interested at the problem on protecting the security of an already existing system such above, which is found out to have correlated encryption keys. In particular, we focus on finding a solution without introducing additional secret keys and with minimal modification to minimize the cost and the risk of bringing down an already running system. We propose a solution under a security model where an eavesdropper obtains all ciphertexts, i.e., encrypted sources, by accessing available public communication channels. Our main technique is to use encoders of universal function to encode the ciphertexts before sending them to public communication channels.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.85-92
• /
• 2010

There is an authentication method for participants with an encrypted ID and password as a symmetric-key in multilateral video conferencing. It is hard to manage when the security-keys makes many while the transportation processing for the encryption and decryption get complicated when the video conferencing involves a number of participants and the third party as an attackers to gain unauthorized symmetric-key to access video conference which makes a problem less secrecy. This study suggests three ways to enhance security in video conference: first, we present PKI-based X.509 certificate for authenticating the participants of multilateral conferencing and we suggest to encode and decode the video conference media data using a secrecy key created by each of the conference participants; second, a more secured multilateral video conferencing can be expected in a group communication by using the participants secrecy key in creating and distributing group keys, where the group key will be renewed whenever there is change in the group member; and finally, we suggest to encode the RTP payload of the media data before transmission.

• The KIPS Transactions:PartC
• /
• v.8C no.6
• /
• pp.731-740
• /
• 2001

Multi-distributed web cluster model expanding conventional cluster system is the cluster system which processes large-scaled work demanded from users with parallel computing method by building a number of system nodes on open network into a single imaginary network. Multi-distributed web cluster model on the structured characteristics exposes internal system nodes by an illegal third party and has a potential that normal job performance is impossible by the intentional prevention and attack in cooperative work among system nodes. This paper presents the mutual authentication protocol of system nodes through key division method for the authentication of system nodes concerned in the registration, requirement and cooperation of service code block of system nodes and collecting the results and then designs SNKDC which controls and divides symmetrical keys of the whole system nodes safely and effectively. SNKDC divides symmetrical keys required for performing the work of system nodes and the system nodes transmit encoded packet based on the key provided. Encryption packet given and taken between system nodes is decoded by a third party or can prevent the outflow of information through false message.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.2
• /
• pp.33-43
• /
• 2006

In order to provide the efficient personalized services, the organizations and the companies collect and manage the personal information. However, there have been increasing privacy concerns since the personal information might be misused and spread over in public by the database administrators or the information users. Even in the systems in which organizations or companies control access to personal information according to their access policy in order to protect personal information, it is not easy to fully reflect the information subjects' intention on the access control to their own Personal information. This paper proposes a policy-based access control mechanism for the personal information which prevents unauthorized information users from illegally accessing the personal information and enables the information subjects to control access over their own information. In the proposed mechanism, the individuals' personal information which is encrypted with different keys is stored into the directory repository. For the access control, information subjects set up their own access control policy for their personal information and the policies are used to provide legal information users with the access keys.