• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.3299-3315
• /
• 2019

Deniable authentication (DA) is a protocol in which a receiver can generate an authenticator that is probabilistically indistinguishable from a sender. DA can be applied in many scenarios that require user privacy protection. To enhance the security of DA, in this paper, we construct a new deniable authenticated encryption (DAE) scheme that realizes deniable authentication and confidentiality in a logical single step. Compared with existing approaches, our approach provides proof of security and is efficient in terms of performance analysis. Our scheme is in an identity-based environment; thus, it avoids the public key certificate-based public key infrastructure (PKI). Moreover, we provide an example that shows that our protocol is applicable for e-voting systems.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.05a
• /
• pp.204-207
• /
• 2022

The uses of drones are increasing despite the fact that many of us are still skeptical. In the near future, the data that will be created and used by them will be very voluminous, hence the need to find an architecture that allows good identity management and access control in a decentralized way while guaranteeing security and privacy. In this article, we propose an architecture using hyperledger fabric blockchain platform which will manage the identity in a secure way starting with the registration of the drones on the network then an access control thanks to Public Key Infrastructure (PKI) and membership service provider (MSP) to enable decision-making within the system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3322-3347
• /
• 2021

Cloud Storage is the primary component of many businesses on cloud. Majority of the enterprises today are adopting a multicloud strategy to keep away from vendor lock-in and to optimize cost. Auditing schemes are used to ascertain the integrity of cloud data. Of these schemes, only the Provable Data Possession schemes (PDP) are resilient to key-exposure. These PDP schemes are devised using Public Key Infrastructure (PKI-) based cryptography, Identity-based cryptography, etc. PKI-based systems suffer from certificate-related communication/computational complexities. The Identity-based schemes deal with the exposure of only the auditing secret key (audit key). But with the exposure of both the audit key and the secret key used to update the audit key, the auditing process itself becomes a complete failure. So, an Identity-based PDP scheme with Parallel Key-Insulation is proposed for multiple cloud storage. It reduces the risk of exposure of both the audit key and the secret key used to update the audit key. It preserves the data privacy from the Third Party Auditor, secure against malicious Cloud Service Providers and facilitates batch auditing. The resilience to key-exposure is proved using the CDH assumption. Compared to the existing Identity-based multicloud schemes, it is efficient in integrity verification.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.563-577
• /
• 2018

In order to support secure communication in VANET(Vehicular Ad hoc Network), messages exchanged between vehicles or between vehicle and infrastructure must be authenticated. In this paper, we propose a hierarchical anonymous authentication system for VANET. The proposed system model reduces the overhead of PKG, which is a problem of previous system, by generating private keys hierarchically, thereby enhancing practicality. We also propose a two-level hierarchical identity-based signature(TLHIBS) scheme without pairings so that improve efficiency. The proposed scheme protects the privacy of the vehicle by satisfying conditional privacy and supports batch verification so that efficiently verifies multiple signatures. Finally, The security of the proposed scheme is proved in the random oracle model by reducing the discrete logarithm problem(DLP) whereas the security proof of the previous ID-based signatures for VANET was incomplete.

• International Journal of Computer Science & Network Security
• /
• v.24 no.3
• /
• pp.23-28
• /
• 2024

The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.959-972
• /
• 2021

Decentralized Identity is based on the concept of self-sovereign identity, in which holders manage and provide their own credentials. However, a procedure is required to obtain credentials from issuers, and there is a risk of mess personal information leaking due to negligence of the issuers. In this paper, we propose a peer decentralized identity system based on Peer DID technology that allows only participants to verify their identity in 1:1 or 1:N small groups by matching the holder with the issuer. It is directly connected to a mobile device using short-range wireless communications such as bluetooth, and the holders create and provide their own credentials in person to the other party, thus fully realizing the self-sovereignty identity. The proposed system can simplify the identification process, improve security and privacy, and reduce costs. Furthermore, an extended architecture is possible to connect the proposed system and the distributed ledger to identify users in other domains. In the future, based on various technologies, it is also necessary to expand research on identity systems that can be utilized for human-to-thing and things-to-things authentication.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.20-34
• /
• 2009

We newly propose a multiple and unlinkable identity-based public key encryption scheme which allows the use of a various number of identity-based public keys in different groups or applications while keeping a single decryption key so that the decryption key can decrypt every ciphertexts encrypted with those public keys. Also our scheme removes the use of certificates as well as the key escrow problem so it is functional and practical. Since our public keys are unlinkable, the user's privacy can be protected from attackers who collect and trace the user information and behavior using the known public keys. Furthermore, we suggest a decryption key renewal protocol to strengthen the security of the single decryption key. Finally, we prove the security of our scheme against the adaptive chosen-ciphertext attack under the random oracle model.

• The Journal of Information Systems
• /
• v.30 no.4
• /
• pp.119-152
• /
• 2021

The concept of Self-Sovereign Identity (SSI) has emerged to overcome the limitations of traditional centralized personal identity management systems in our society. Therefore, in this study, 36 seminal researches out of 112 collected studies were investigated with a systematic literature review method to deliver a core common definition as well as the research trends on SSI in the socioeconomic, legal and technological fields. SSI studies in the legal field have mainly considered the conflicts with relevant laws such as General Data Protection Regulation (GDPR) and privacy protection laws. The study of SSI in the technology field have looked at the trends of the technical components to implement SSI and discussed the necessities of establishing standards to increase interoperability for SSI diffusion worldwide. This study ultimately derived the core definition of SSI from a various academic fields as "a trust-based personal identity management system that enables autonomous self-identification by a identity owner without a centralized system or 3rd party intervention". The results of this study contribute to the understanding of the essential SSI concept which were varied on different research fields and industries. The results also provide a foundation for discovering various SSI-based business models, applications as well as future research opportunities. Furthermore, this study suggested that SSI must be developed with interdisciplinary manner among the socioeconomic, legal, and technological fields to be practically applicable system to enable autonomous self-identification by a identity owner in our society.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.2
• /
• pp.57-66
• /
• 2013

Wireless Sensor Networks consist of small, inexpensive, low-powered sensor nodes that communicate with each other. To achieve a low communication cost in a resource constrained network, a novel concept of signcryption has been applied for secure communication. Signcryption enables a user to perform a digital signature for providing authenticity and public key encryption for providing message confidentiality simultaneously in a single logical step with a lower cost than that of the sign-then-encrypt approach. Ring signcryption maintains the signer's privacy, which is lacking in normal signcryption schemes. Signcryption can provide confidentiality and authenticity without revealing the user's identity of the ring. This paper presents the security notions and an evaluation of an ID-based ring signcryption scheme for wireless sensor networks. The scheme has been proven to be better than the existing schemes. The proposed scheme was found to be secure against adaptive chosen ciphertext ring attacks (IND-IDRSC-CCA2) and secure against an existential forgery for adaptive chosen message attacks (EF-IDRSC-ACMA). The proposed scheme was found to be more efficient than scheme for Wireless Sensor Networks reported by Qi. et al. based on the running time and energy consumption.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.29-42
• /
• 2019

As online services become more and more popular due to the development of IT, non-face-to-face transactions are continuously increasing rather than face-to-face transactions. The personal identity proofing service(PIPS) based on the alternative method of the resident registration number is used for the purpose of confirming the identity of the other party on the Internet. However, in the case of the current PIPS, the personal information of the PIPS user is excessively provided to the online service provider. As a result, privacy problems of online users, shortage of choice of information providing options, and lack of differentiation of authentication methods are becoming problems. Therefore, this paper proposes a method to improve the PIPS based on the current resident registration number alternative method and to provide a method to differentiate the provision of excessive personal information. In the proposed method, we analyze trends and current status of overseas online PIPS in order to provide a method of providing differentiation of personal information and proposes an effective improvement method applicable to domestic.