• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.192-193
• /
• 2019

클라우드 스토리지는 다양한 영역에서 이용가능하다. 일반적으로 데이터 저장, 이용에 사용되지만 추가적으로 데이터의 공유에 이용될 수도 있다. 이를 활용하여 단순 데이터 공유 및 데이터 구독 서비스 등 다양한 영역에 이용될 수 있다. 프록시 재암호화는 이러한 환경에서 데이터를 제 3자에게 안전하게 전달하기 위해 제안되었다. 프록시 재암호화는 데이터 소유자가 데이터를 암호화 한 뒤, 프록시에 보관하고, 위임자의 요청에 따라 데이터 소유자가 재암호화 키를 생성하여 프록시가 암호화된 데이터를 재차 암호화 할 수 있도록 한다. 프록시 재암호화는 암호화된 데이터를 제 3자에게 전달하기 위해 복호화 할 필요가 없기 때문에 데이터 원본을 노출 없이 안전하게 전달할 수 있다. 하지만 이러한 과정에서 프록시와 위임자가 결탁하여 데이터 소유자의 개인키를 복구하거나 재암호화 키를 위조하는 등의 위협이 발생할 수 있다. 이를 공모(결탁)공격이라 한다. 본 연구에서는 프록시 재암호화 기술에서 발생할 수 있는 공모공격을 방지하여, 보다 안전하게 이용할 수 있는 방법을 제시한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.449-455
• /
• 2021

This paper proposes an encryption web transaction attack detection system based on the existing web application monitoring system. Although there was difficulty in detecting attacks on the encrypted web traffic because the existing web traffic security systems detect and defend attacks based on encrypted packets in the network area of the encryption section between the client and server, by utilizing the technology of the web application monitoring system, it is possible to detect various intelligent cyber-attacks based on information that is already decrypted in the memory of the web application server. In addition, since user identification is possible through the application session ID, statistical detection of attacks such as IP tampering attacks, mass web transaction call users, and DDoS attacks are also possible. Thus, it can be considered that it is possible to respond to various intelligent cyber attacks hidden in the encrypted traffic by collecting and detecting information in the non-encrypted section of the encrypted web traffic.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.10
• /
• pp.2481-2490
• /
• 2015

The issue of PHR is maintained on the server will be in the hospital. PHR information stored on the server, such as a patient's illness and treatment is very sensitive information. Therefore, patients should be guaranteed the protection of privacy. In addition, the PHR should be allowed to group access of it's approach. Therefore, in this paper the proposed group signature using hierarchical identity-based encryption schemes into can guarantee the PHR data privacy. The session key generated by group signature, it is use a tiered approach. The generated session keys safe PHR data transmission is possible. The proposed method is average 80% than the PKI encryption and ID-based encryption rather than average 50% the algorithm processing is more efficient

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.1
• /
• pp.12-18
• /
• 2013

In 2012, Woosik Bae proposed a DAP3-RS(Design of Authentication Protocol for Privacy Protection in RFID Systems) using the hash function and AES(Advanced Encryption Standard) algorithm to hide Tag's identification and to generates variable data in every session. He argued that the DAP3-RS is safe from spoofing attack, replay attack, traffic analysis and etc. Also, the DAP3-RS resolved problem by fixed metaID of Hash-Lock protocol using AES algorithm. However, unlike his argue, attacker can pass authentication and traffic analysis using by same data and fixed hash value on the wireless. We proposed authentication protocol based on AES algorithm. Also, our protocol is secure and efficient in comparison with the DAP3-RS.

• The KIPS Transactions:PartC
• /
• v.18C no.4
• /
• pp.207-212
• /
• 2011

Vehicular Ad Hoc Network(VANET) is a communication technology between vehicles and vehicles(V2V) or vehicles and infrastructures(V2I) for offering a number of practical applications. Considering the importance of communicated information through VANET, data authentication, confidentiality and integrity are fundamental security elements. Recently, to enhance a security of VANET in various circumstances, message authentication is widely researched by many laboratories. Among of them, Zhang. et. al. is an efficient method to authenticate the message with condition of anonymity in dense space. In the scheme, to obtain the vehicular ID with condition of anonymity, the k-anonymity is used. However it has a disadvantage, which conducts hash operations in case of determining the vehicular ID. In the paper, we present a location based algorithm using received signal strength for the location based authentication and encryption technique as well, and to enhance the accuracy of algorithm we apply a location determination technique over the 3-dimensional space.

• The KIPS Transactions:PartC
• /
• v.14C no.6
• /
• pp.463-470
• /
• 2007

Revocation is one of the main difficulties faced in implementing Public Key Infrastructures(PHs). Boneh, Ding and Tsudik first introduced a mediated cryptography for obtaining immediate revocation of RSA keys used in PKIs. Their method is based on the idea that each user's private key can be split into two random shares, one of which is given to the user and the other to an online security mediator(SEM). Thus any signature or decryption must be performed as a cooperation between a user and his/her associated SEM and revocation is achieved by instructing the mediator SEM to stop cooperating the user. Recently, Libert and Quisquater showed that the fast revocation method using a SEcurity Mediator(SEM) in a mRSA can be applied to the Boneh-Franklin identify based encryption and GDH signature schemes. In this paper we propose a mediated identity based signature(mIBS) with batch verification which apply the SEM architecture to an identity based signature. Libert's GDH siganture scheme is not forward secure even though forward security is an important and desirable feature for signature schemes. We propose an efficient key udating mediated signature scheme, mKUS based on mIBS and analyze its security and efficiency.

• The Journal of the Korea Contents Association
• /
• v.13 no.4
• /
• pp.17-22
• /
• 2013

Impersonation attack, based on vulnerable security of SIP, facilitate a intruder to take malicious actions such as toll fraud and session hijacking. This paper suggests a new technique for a countermeasure. When receiving a register request message, registrar checks whether the value of Form header or the value of Call-ID header is stored in location server or not. If the record containing either of them are stored and periodically updated, we regard that message as impersonation attack and discard it. Since this technique uses the information stored in server instead of adding encryption mechanism for user authentication, it can easily build securer SIP environment.

• Journal of Korea Multimedia Society
• /
• v.8 no.4
• /
• pp.525-535
• /
• 2005

A password-based authenticated tripartite key exchange protocol based on A. Joux's protocol was proposed. By using encryption scheme with shared password, we can resolve man-in-the-middle attack and lack of authentication problems. We also suggested a scheme to avoid the offline dictionary attack to which symmetric encryption schemes are vulnerable. The proposed protocol does not require a trusted party which is required in certificate or identity based authentication schemes. Therefore in a ad hoc network which is difficult to install network infrastructure, the proposed protocol would be very useful. The proposed protocol is more efficient in computation aspect than any existing password-based authenticated tripartite key exchange protocols. When it is used as a base line protocol of tree based group key exchange protocol, the computational weak points of the proposed protocol are compensated.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1692-1706
• /
• 2004

Recently, there are rapid development of information and communication and rapid growth of e-business users. Therefore we try to solve security problem on the internet environment which charges from wire internet to wireless internet or wire/wireless internet. Since the wireless mobile environment is limited, researches such as small size, end-to-end and privacy security are performed by many people. Wireless e-business adopts credit card WPP protocol and AIP protocol proposed by ASPeCT. WAP, one of the protocol used by WPP has weakness of leaking out information from WG which conned wire and wireless communication. certification chain based AIP protocol requires a lot of computation time and user IDs are known to others. We propose a Micro-Payment protocol based on credit card. Our protocol use the encryption techniques of the public key with ID to ensure the secret of transaction in the step of session key generation. IDs are generated using ECC based Weil Paring. We also use the certification with hidden electronic sign to transmit the payment result. The proposed protocol solves the privacy protection and Non-repudiation p개blem. We solve not only the safety and efficiency problem but also independent of specific wireless platform. The protocol requires the certification organization attent the certification process of payment. Therefore, other domain provide also receive an efficient and safe service.

• Journal of the Institute of Convergence Signal Processing
• /
• v.8 no.1
• /
• pp.51-57
• /
• 2007

In this paper we introduce the concept of MPLS-based VPN and propose a scheme for providing VPN services in MPLS networks. Furthermore, we design the control components and the operational procedures and evaluated the performance of traditional VPN implementation methods and MPLS-based VPN. In this scheme it is possible to solve several problems that IP-based VPN pertains via the allocation of VPN ID and virtual space without tunneling, thereby providing effective VPN services. In other words, the MPLS-based VPN scheme uses MPLS networking technology together with the PSTN which can achieve a perfect segregation of user traffic on per-customer basis in a physical link and can guarantee high reliability and security levels. Specially, in the perspective of customers, it can save networking facilities installation and maintenance costs considerably. On the contrary, it possesses some shortcomings in that its deployment tends to be restricted within an ISP's network boundary and it is vulnerable to external security break-ins when going through public networks such as the Internet due to its lack of data encryption capability.