• Title/Summary/Keyword: Identity-based Encryption

Search Result 80, Processing Time 0.02 seconds

An Improved One Round Authenticated Group Key Agreement (개선된 원 라운드 인증 그룹 키 합의 프로토콜)

  • Kim, Ho-Hee;Kim, Soon-Ja
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.1
    • /
    • pp.3-10
    • /
    • 2013
  • Several identity-based and authenticated key agreement protocols have been proposed. It remains at issue to design secure identity based and authenticated key agreement protocols. In this paper, we propose a one round authenticated group key agreement protocol which uses one more key pair as well as the public key and private key of typical IBE(Identity-Based Encryption) system. The proposed protocol modified Shi et al.'s protocol and He et al.'s protocol. The public and private keys and the signature process of our protocol are simpler than them of their protocols. Our protocol is secure and more efficient than their protocols in communication and computation costs.

Identity-Based Proxy Re-encryption with Multi-delegation (복호화 권한을 양도할 수 있는 ID 기반의 대리 재 암호화 기법)

  • Kim, Ki-Tak;Park, Jong-Hwan;Lee, Dong-Hoon
    • Proceedings of the Korean Society of Broadcast Engineers Conference
    • /
    • 2008.02a
    • /
    • pp.73-75
    • /
    • 2008
  • 1984년 Shamir에 의해 ID 기반의 암호시스템에 대한 개념이 소개된 이후로 많은 연구가 이루어져 왔다. ID 기반의 암호시스템에서는 복호화 할 수 있는 자를 암호화 하는 자가 선택하여 암호화 하기 때문에 정당한 복호화 권한을 가지고 있는 자만이 복호화를 할 수 있다. 이러한 복호화 권한은 어플리케이션에 따라 양도할 수 있어야 한다. 예를 들어 네트워크 스토리지의 경우는 정당한 권한을 가진 자에게 암호화 되어 저장되어 있는 컨텐츠를 복호화 할 수 있도록 권한을 양도해 주어야 한다. 대리 재 암호화(Proxy Re-encryption)은 복호화 권한을 다른 사람에게 양도할 수 있는 기법에 관한 것이다. 재 암호화 기법은 DRM과 같은 방송 통신 환경에 적합하게 사용될 수 있다. 본 논문에서는 ID 기반에서 복호화 권한을 적법하게 양도할 수 있는 재 암호화 기법을 제안한다.

  • PDF

Cloud Security and Privacy: SAAS, PAAS, and IAAS

  • Bokhari Nabil;Jose Javier Martinez Herraiz
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.3
    • /
    • pp.23-28
    • /
    • 2024
  • The multi-tenancy and high scalability of the cloud have inspired businesses and organizations across various sectors to adopt and deploy cloud computing. Cloud computing provides cost-effective, reliable, and convenient access to pooled resources, including storage, servers, and networking. Cloud service models, SaaS, PaaS, and IaaS, enable organizations, developers, and end users to access resources, develop and deploy applications, and provide access to pooled computing infrastructure. Despite the benefits, cloud service models are vulnerable to multiple security and privacy attacks and threats. The SaaS layer is on top of the PaaS, and the IaaS is the bottom layer of the model. The software is hosted by a platform offered as a service through an infrastructure provided by a cloud computing provider. The Hypertext Transfer Protocol (HTTP) delivers cloud-based apps through a web browser. The stateless nature of HTTP facilitates session hijacking and related attacks. The Open Web Applications Security Project identifies web apps' most critical security risks as SQL injections, cross-site scripting, sensitive data leakage, lack of functional access control, and broken authentication. The systematic literature review reveals that data security, application-level security, and authentication are the primary security threats in the SaaS model. The recommended solutions to enhance security in SaaS include Elliptic-curve cryptography and Identity-based encryption. Integration and security challenges in PaaS and IaaS can be effectively addressed using well-defined APIs, implementing Service Level Agreements (SLAs), and standard syntax for cloud provisioning.

A Study on Improvement Methods for Encrytion and Authentication in Batt le Field Management System(C4I) (전장관리체계(C4I)에서의 암호 및 인증방법 개선 방안에 관한연구)

  • Lee, Won Man;Koo, Woo Kwon;Park, Tae Hyeong;Lee, Dong Hoon
    • Convergence Security Journal
    • /
    • v.12 no.6
    • /
    • pp.39-50
    • /
    • 2012
  • Battlefield management systems are operated by the Public Key Infrastructure (PKI) and cryptographic equipment is distributed through the personal delivery to the enemy has deodorizing prone to structure. In addition, Per person each battlefield management system (C4I) encryption key operate and authentication module to manage multiple encryption so, encryption key operating is restrictions. Analysis of the problems of this public key infrastructure(PKI), Identity-Based Cryptosystem(IBC) and Attribute-Based Cryptosystem(ABC) to compare construct the future of encrypt ion and authentication system were studied. Authentication method for the connection between the system that supports data encryption and secure data communication, storage, and communication scheme is proposed.

Study on Improvement of Weil Pairing IBE for Secret Document Distribution (기밀문서유통을 위한 Weil Pairing IBE 개선 연구)

  • Choi, Cheong-Hyeon
    • Journal of Internet Computing and Services
    • /
    • v.13 no.2
    • /
    • pp.59-71
    • /
    • 2012
  • PKI-based public key scheme is outstanding in terms of authenticity and privacy. Nevertheless its application brings big burden due to the certificate/key management. It is difficult to apply it to limited computing devices in WSN because of its high encryption complexity. The Bilinear Pairing emerged from the original IBE to eliminate the certificate, is a future significant cryptosystem as based on the DDH(Decisional DH) algorithm which is significant in terms of computation and secure enough for authentication, as well as secure and faster. The practical EC Weil Pairing presents that its encryption algorithm is simple and it satisfies IND/NM security constraints against CCA. The Random Oracle Model based IBE PKG is appropriate to the structure of our target system with one secret file server in the operational perspective. Our work proposes modification of the Weil Pairing as proper to the closed network for secret file distribution[2]. First we proposed the improved one computing both encryption and message/user authentication as fast as O(DES) level, in which our scheme satisfies privacy, authenticity and integrity. Secondly as using the public key ID as effective as PKI, our improved IBE variant reduces the key exposure risk.

A Study on the Certification System in Electromic Commerce (전자상거래(電子商去來)의 인증체계(認證體系)에 관한 고찰(考察))

  • Ha, Kang Hun
    • Journal of Arbitration Studies
    • /
    • v.9 no.1
    • /
    • pp.367-390
    • /
    • 1999
  • The basic requirements for conducting electronic commerce include confidentiality, integrity, authentication and authorization. Cryptographic algorithms, make possible use of powerful authentication and encryption methods. Cryptographic techniques offer essential types of services for electronic commerce : authentication, non-repudiation. The oldest form of key-based cryptography is called secret-key or symmetric encryption. Public-key systems offer some advantages. The public key pair can be rapidly distributed. We don't have to send a copy of your public key to all the respondents. Fast cryptographic algorithms for generating message digests are known as one-way hash function. In order to use public-key cryptography, we need to generate a public key and a private key. We could use e-mail to send public key to all the correspondents. A better, trusted way of distributing public keys is to use a certification authority. A certification authority will accept our public key, along with some proof of identity, and serve as a repository of digital certificates. The digital certificate acts like an electronic driver's license. The Korea government is trying to set up the Public Key Infrastructure for certificate authorities. Both governments and the international business community must involve archiving keys with trusted third parties within a key management infrastructure. The archived keys would be managed, secured by governments under due process of law and strict accountability. It is important that all the nations continue efforts to develop an escrowed key in frastructure based on voluntary use and international standards and agreements.

  • PDF

On the HIDE based Group Signature for Secure Personal Healthcare Record Service (안전한 개인의료정보 서비스를 위한 HIDE 기반의 그룹서명)

  • Cho, Young-bok;Woo, Sung-hee;Lee, Sang-ho;Park, Jong-bae
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.19 no.10
    • /
    • pp.2481-2490
    • /
    • 2015
  • The issue of PHR is maintained on the server will be in the hospital. PHR information stored on the server, such as a patient's illness and treatment is very sensitive information. Therefore, patients should be guaranteed the protection of privacy. In addition, the PHR should be allowed to group access of it's approach. Therefore, in this paper the proposed group signature using hierarchical identity-based encryption schemes into can guarantee the PHR data privacy. The session key generated by group signature, it is use a tiered approach. The generated session keys safe PHR data transmission is possible. The proposed method is average 80% than the PKI encryption and ID-based encryption rather than average 50% the algorithm processing is more efficient

A New Efficient Private Key Reissuing Model for Identity-based Encryption Schemes Including Dynamic Information (동적 ID 정보가 포함된 신원기반 암호시스템에서 효율적인 키 재발급 모델)

  • Kim, Dong-Hyun;Kim, Sang-Jin;Koo, Bon-Seok;Ryu, Kwon-Ho;Oh, Hee-Kuck
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.2
    • /
    • pp.23-36
    • /
    • 2005
  • The main obstacle hindering the wide deployment of identity-based cryptosystem is that the entity responsible for creating the private key has too much power. As a result, private keys are no longer private. One obvious solution to this problem is to apply the threshold technique. However, this increases the authentication computation, and communication cost during the key issuing phase. In this paper, we propose a new effi ient model for issuing multiple private keys in identity-based encryption schemes based on the Weil pairing that also alleviates the key escrow problem. In our system, the private key of a user is divided into two components, KGK (Key Description Key) and KUD(Key Usage Desscriptor), which are issued separately by different parties. The KGK is issued in a threshold manner by KIC (Key Issuing Center), whereas the KW is issued by a single authority called KUM (Key Usage Manager). Changing KW results in a different private key. As a result, a user can efficiently obtain a new private key by interacting with KUM. We can also adapt Gentry's time-slot based private key revocation approach to our scheme more efficiently than others. We also show the security of the system and its efficiency by analyzing the existing systems.

Security and Authentication System for Bluetooth Mobile Phone (블루투스 모바일 폰을 위한 보안인증 시스템)

  • S.P, Balakannan;Lee, Moon-Ho;B, Karthik.
    • Proceedings of the KIEE Conference
    • /
    • 2007.04a
    • /
    • pp.261-263
    • /
    • 2007
  • Authentication is a mechanism to establish proof of identities, the authentication process ensure that. Who a particular user is. Nowadays PC and laptop user authentication systems are always done once a hold until s explicitly revoked by the user, or asking the user to frequently reestablish his identity which encouraging him to disable authentication. Zero-Interaction Authentication (ZIA) provides solution to this problem. In ZIA,. a user wears a small authentication token that communicates with a laptop over a short-range, wireless link. ZIA combine authentication with a file encryption. Here we proposed a Laptop-user Authentication Based Mobile phone (LABM). In our model of authentication, a user uses his Bluetooth-enabled mobile phone, which work as an authentication token that provides the authentication for laptop over a Bluetooth wireless link, m the concept of transient authentication with our combining It with encryption file system. The user authenticate to the mobile phone infrequently. In turn, the mobile phone continuously authenticates to the laptop by means of the short-range, wireless link.

  • PDF

Password-Based Authenticated Tripartite Key Exchange Protocol (패스워드 기반 인증된 3자 키 교환 프로토콜)

  • Lee, Sang-Gon;Lee, Hoon-Jae;Park, Jong-Wook;Yoon, Jang-Hong
    • Journal of Korea Multimedia Society
    • /
    • v.8 no.4
    • /
    • pp.525-535
    • /
    • 2005
  • A password-based authenticated tripartite key exchange protocol based on A. Joux's protocol was proposed. By using encryption scheme with shared password, we can resolve man-in-the-middle attack and lack of authentication problems. We also suggested a scheme to avoid the offline dictionary attack to which symmetric encryption schemes are vulnerable. The proposed protocol does not require a trusted party which is required in certificate or identity based authentication schemes. Therefore in a ad hoc network which is difficult to install network infrastructure, the proposed protocol would be very useful. The proposed protocol is more efficient in computation aspect than any existing password-based authenticated tripartite key exchange protocols. When it is used as a base line protocol of tree based group key exchange protocol, the computational weak points of the proposed protocol are compensated.

  • PDF