• Journal of Information Processing Systems
• /
• v.13 no.4
• /
• pp.970-986
• /
• 2017

Certificateless public key cryptography (CL-PKC) is a new benchmark in modern cryptography. It not only simplifies the certificate management problem of PKC, but also avoids the key escrow problem of the identity based cryptosystem (ID-PKC). In this article, we propose a certificateless blind signature protocol which is based on elliptic curve cryptography (CLB-ECC). The scheme is suitable for the wireless communication environment because of smaller parameter size. The proposed scheme is proven to be secure against attacks by two different kinds of adversaries. CLB-ECC is efficient in terms of computation compared to the other existing conventional schemes. CLB-ECC can withstand forgery attack, key only attack, and known message attack. An e-cash framework, which is based on CLB-ECC, has also been proposed. As a result, the proposed CLB-ECC scheme seems to be more effective for applying to real life applications like e-shopping, e-voting, etc., in handheld devices.

• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.1-9
• /
• 2010

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.563-577
• /
• 2018

In order to support secure communication in VANET(Vehicular Ad hoc Network), messages exchanged between vehicles or between vehicle and infrastructure must be authenticated. In this paper, we propose a hierarchical anonymous authentication system for VANET. The proposed system model reduces the overhead of PKG, which is a problem of previous system, by generating private keys hierarchically, thereby enhancing practicality. We also propose a two-level hierarchical identity-based signature(TLHIBS) scheme without pairings so that improve efficiency. The proposed scheme protects the privacy of the vehicle by satisfying conditional privacy and supports batch verification so that efficiently verifies multiple signatures. Finally, The security of the proposed scheme is proved in the random oracle model by reducing the discrete logarithm problem(DLP) whereas the security proof of the previous ID-based signatures for VANET was incomplete.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04a
• /
• pp.441-444
• /
• 2001

본 논문은 이동 에이전트 시스템이 안고 있는 보안 문제를 해결하고자 하였다. 제안된 프로토콜은 이동 에이전트 및 에이전트 시스템 보안 위험에 대처하기 위하여 ID를 이용한 키 분배 기법과 fit-Shamir 디지털 서명 방식에 기초한 다중 서명 방법을 이용하여 에이전트와 에이전트 플랫폼의 양방향 인증, 실행 결과 데이터의 보호, 생명성 보장을 함께 처리하였으며 중간 검증이 가능하도록 제안되어 불필요한 오버헤드를 갖지 않도록 하였다. 제안된 이동 에이전트 보안 프로토콜을 적용하였을 때 얻을 수 있는 장점은 첫째, 이동에이전트의 생명성을 보장할 수 있으며 둘째, 에이전트의 실행 결과 데이터의 기밀성, 무결성을 보장할 수 있고, 세째, 에이전트 실행의 전 단계를 매 시스템마다 검증함으로써 변경, 삭제 등의 문제가 발생하는 즉시 발견할 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.3-10
• /
• 2007

In this paper, we show that the status certificate-based encryption(SCBE) scheme proposed at ICISC 2004 and the certificateless signature(CLS) scheme proposed at EUC workshops 2006 are insecure. Both schemes are claimed that an adversary has no advantage if it controls only one of two participants making a cryptographic key such as a decryption key in SCBE or a signing key in CLS. But we will show that an adversary considered in the security model of each scheme can generate a valid cryptographic key by replacing the public key of a user.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.16 no.4
• /
• pp.430-435
• /
• 2006

In this paper, we propose a method based on multimodal biometrics system using the face and signature under ubiquitous computing environments. First, the face and signature images are obtained by PDA and then these images with user ID and name are transmitted via WLAN(Wireless LAN) to the server and finally the PDA receives verification result from the server. The multimodal biometrics recognition system consists of two parts. In client part located in PDA, user interface program executes the user registration and verification process. The server consisting of the PCA and LDA algorithm shows excellent face recognition performance and the signature recognition method based on the Kernel PCA and LDA algorithm for signature image projected to vertical and horizontal axes by grid partition method. The proposed algorithm is evaluated with several face and signature images and shows better recognition and verification results than previous unimodal biometrics recognition techniques.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.703-707
• /
• 2008

Nowadays, Internet becomes an essential element in our life. We can make use of numerous on-line services through Internet such as information search, on-line shopping, e-mail service, etc. But, while getting the benefits of Internet service, invasion of our privacy frequently occurs because on-line service providers tend to request excessive or unnecessary personal information. So, there have been some researches on anonymous authentication, which means that user can authenticate herself, not revealing her identity or personal information. But, most of the researches are not somewhat applicable to current authentication infrastructure. In this paper, we propose a pseudonym-based anonymous PKI with short group signature. Using our proposed scheme, we can provide anonymity with conditional traceability to current PKI.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.64-77
• /
• 2009

A proxy re-encryption scheme allows Alice to temporarily delegate the decryption rights to Bob via a proxy. Alice gives the proxy a re-encryption key so that the proxy can convert a ciphertext for Alice into the ciphertext for Bob. Recently, ID-based proxy re-encryption schemes are receiving considerable attention for a variety of applications such as distributed storage, DRM, and email-forwarding system. And a non-interactive identity-based proxy re-encryption scheme was proposed for achieving CCA-security by Green and Ateniese. In the paper, we show that the identity-based proxy re-encryption scheme is unfortunately vulnerable to a collusion attack. The collusion of a proxy and a malicious user enables two parties to derive other honest users' private keys and thereby decrypt ciphertexts intended for only the honest user. To solve this problem, we propose two ID-based proxy re-encryption scheme schemes, which are proved secure under CPA and CCA in the random oracle model. For achieving CCA-security, we present self-authentication tag based on short signature. Important features of proposed scheme is that ciphertext structure is preserved after the ciphertext is re-encrypted. Therefore it does not lead to ciphertext expansion. And there is no limitation on the number of re-encryption.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.9_10
• /
• pp.441-451
• /
• 2008

Currently, the X.509 proxy certificate is widely used to delegate an entity's right to another entity in the computational grid environment. However it has two drawbacks: the potential security threat caused by intraceability of a delegation chain and the inefficiency caused by an interactive communication between the right grantor and the right grantee on the delegation protocol. To address these problems for computational grids, we propose a new delegation protocol without additional cost. We use an ID-based key generation technique to generate a proxy private key which is a means to exercise the delegated signing right. By applying the ID-based key generation technique, the proposed protocol has the delegation traceability and the non-interactive delegation property. Since the right delegation occurs massively in the computational grid environment, our protocol can contribute the security enhancement by providing the delegation traceability and the efficiency enhancement by reducing the inter-domain communication cost.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.10
• /
• pp.4250-4267
• /
• 2015

Although many revocable group signature schemes has been proposed in vehicular ad hoc networks (VANETs), the existing schemes suffer from long computation delay on revocation that they cannot adapt to the dynamic VANETs. Based on Chinese remainder theorem and Schnorr signature algorithm, this paper proposes an efficient revocable group signature scheme in VANETs. In the proposed scheme, it only need to update the corresponding group public key when a member quits the group, and in the meanwhile the key pairs of unchanged group members are not influenced. Furthermore, this scheme can achieve privacy protection by making use of blind certificates. Before joining to the VANETs, users register at local trusted agencies (LTAs) with their ID cards to obtain blind certificates. The blind certificate will be submitted to road-side units (RSUs) to verify the legality of users. Thus, the real identities of users can be protected. In addition, if there is a dispute, users can combine to submit open applications to RSUs against a disputed member. And LTAs can determine the real identity of the disputed member. Moreover, since the key pairs employed by a user are different in different groups, attackers are not able to track the movement of users with the obtained public keys in a group. Furthermore, performance analysis shows that proposed scheme has less computation cost than existing schemes.