• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.9
• /
• pp.4742-4770
• /
• 2019

Cloud computing provides a broad range of services like operating systems, hardware, software and resources. Availability of these services encourages data owners to outsource their intensive computations and massive data to the cloud. However, considering the untrusted nature of cloud server, it is essential to encrypt the data before outsourcing it to the cloud. Unfortunately, this leads to a challenge when it comes to providing search functionality for encrypted data located in the cloud. To address this challenge, this paper presents a public key encryption with equality test for heterogeneous systems (PKE-ET-HS). The PKE-ET-HS scheme simulates certificateless public encryption with equality test (CLE-ET) with the identity-based encryption with equality test (IBE-ET). This scheme provides the authorized cloud server the right to actuate the equivalence of two messages having their encryptions performed under heterogeneous systems. Basing on the random oracle model, we construct the security of our proposed scheme under the bilinear Diffie-Hellman (BDH) assumption. Eventually, we evaluate the size of storage, computation complexities, and properties with other related works and illustrations indicate good performance from our scheme.

• Journal of KIISE:Information Networking
• /
• v.37 no.1
• /
• pp.72-83
• /
• 2010

Group communication in a wireless mesh network is complicated due to dynamic intermediate mesh points, access control for communications between different administrative domains, and the absence of a centralized network controller. Especially, many-to-many multicasting in a dynamic mesh network can be modeled by a decentralized framework where several subgroup managers control their members independently and coordinate the inter-subgroup communication. In this study, we propose a topology-matching decentralized group key management scheme that allows service providers to update and deliver their group keys to valid members even if the members are located in other network domains. The group keys of multicast services are delivered in a distributed manner using the identity-based encryption scheme. Identity-based encryption facilitates the dynamic changes of the intermediate relaying nodes as well as the group members efficiently. The analysis result indicates that the proposed scheme has the advantages of low rekeying cost and storage overhead for a member and a data relaying node in many-to-many multicast environment. The proposed scheme is best suited to the settings of a large-scale dynamic mesh network where there is no central network controller and lots of service providers control the access to their group communications independently.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2007.02a
• /
• pp.154-157
• /
• 2007

It has been widely believed that one can obtain $\iota$-Hierarchical Identity Based Encryption (HIBE) scheme secure against chosen ciphetext attacks from ($\iota$+1)-HIBE scheme secure against chosen plaintext attacks. In this paper, however, we show that when applying two concrete HIBE schemes that Boneh et al. [1, 2] proposed, chosen ciphertext secure $\iota$-HIBE schemes are directly derived from chosen plaintext secure $\iota$-HIBE schemes. Our constructions are based on a one-time signature-based transformation that Canetti et at.[3] proposed. The security of our schemes is proved in the selective-ID suity model without using random oracles.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1343-1356
• /
• 2013

Cloud computing has emerged as perhaps the hottest development in information technology at present. This new computing technology requires that the users ensure that their infrastructure is safety and that their data and applications are protected. In addition, the customer must ensure that the provider has taken the proper security measures to protect their information. In order to achieve fine-grained and flexible access control for cloud computing, a new construction of hierarchical attribute-based encryption(HABE) with Ciphertext-Policy is proposed in this paper. The proposed scheme inherits flexibility and delegation of hierarchical identity-based cryptography, and achieves scalability due to the hierarchical structure. The new scheme has constant size ciphertexts since it consists of two group elements. In addition, the security of the new construction is achieved in the standard model which avoids the potential defects in the existing works. Under the decision bilinear Diffie-Hellman exponent assumption, the proposed scheme is provable security against Chosen-plaintext Attack(CPA). Furthermore, we also show the proposed scheme can be transferred to a CCA(Chosen-ciphertext Attack) secure scheme.

• Journal of Information Processing Systems
• /
• v.16 no.3
• /
• pp.599-611
• /
• 2020

With the application and promotion of biometric technology, biometrics has become more and more important to identity authentication. In order to ensure the privacy of the user, the biometrics cannot be stored or manipulated in plaintext. Aiming at this problem, this paper analyzes and summarizes the scheme and performance of the existing biometric authentication system, and proposes an iris-based ciphertext authentication system based on fully homomorphic encryption using the FV scheme. The implementation of the system is partly powered by Microsoft's SEAL (Simple Encrypted Arithmetic Library). The entire system can complete iris authentication without decrypting the iris feature template, and the database stores the homomorphic ciphertext of the iris feature template. Thus, there is no need to worry about the leakage of the iris feature template. At the same time, the system does not require a trusted center for authentication, and the authentication is completed on the server side directly using the one-time MAC authentication method. Tests have shown that when the system adopts an iris algorithm with a low depth of calculation circuit such as the Hamming distance comparison algorithm, it has good performance, which basically meets the requirements of real application scenarios.

• ETRI Journal
• /
• v.28 no.4
• /
• pp.444-452
• /
• 2006

Biometric-based authentication can provide a strong security guarantee of the identity of users. However, the security of biometric data is particularly important as any compromise of the biometric data will be permanent. In this paper, we propose a secure and efficient protocol to transmit fingerprint images from a fingerprint sensor to a client by exploiting the characteristics of the fingerprint images. Because the fingerprint sensor is computationally limited, a standard encryption algorithm may not be applied to the full fingerprint images in real-time to guarantee the integrity and confidentiality of the fingerprint images transmitted. To reduce the computational workload on the resource-constrained sensor, we apply the encryption algorithm to a nonce for integrity and to a specific bitplane of each pixel of the fingerprint image for confidentiality. Experimental results show that the integrity and confidentiality of the fingerprint images can be guaranteed without any leakage of the fingerprint ridge information and can be completed in real-time on embedded processors.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.607-614
• /
• 2009

Recently, Lu et al. proposed an efficient conditional privacy preservation protocol, named ECPP, based on group signature scheme for generating anonymous certificates from roadside units (RSUs). However, ECPP does not provide unlinkability and traceability when multiple RSUs are compromised. In this paper, we make up for the limitations and propose a robust and efficient anonymous authentication protocol without loss of efficiency as compared with ECPP. Furthermore, in the proposed protocol, RSUs can issue multiple anonymous certificates to an OBU to alleviate system overheads for mutual authentication between OBUs and RSUs. In order to achieve these goals, we consider a universal re-encryption scheme and identity-based key establishment scheme as our building blocks. Several simulations are conducted to verify the efficiency and effectiveness of the proposed protocol by comparing with those of the existing ECPP.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.6
• /
• pp.3280-3298
• /
• 2019

Vehicular ad-hoc networks (VANETs) have become increasingly significant in intelligent transportation systems, they play a great role in improving traffic safety and efficiency. In the deployment of intelligent VANETs, intelligent vehicles can efficiently exchange important or urgent traffic information and make driving decisions. Meanwhile, secure data communication and vehicle's identity privacy have been highlighted. To cope with these security issues, in this paper, we construct an efficient anonymous authentication scheme with secure communication in intelligent VANETs. Combing the ElGamal encryption technique with a modified Schnorr signature technique, the proposed scheme provides secure anonymous authentication process for encrypted message in the vehicle-to-infrastructure communication model, and achieves identity privacy, forward security, and reply attack resistance simultaneously. Moreover, except the trusted authority (TA), any outside entity cannot trace the real identity of an intelligent vehicle. The proposed scheme is designed on an identity-based system, which can remove the costs of establishing public key infrastructure (PKI) and certificates management. Compared with existing authentication schemes, the proposed scheme is much more practical in intelligent VANETs.

• ETRI Journal
• /
• v.34 no.3
• /
• pp.421-428
• /
• 2012

An aggregate signature scheme is a digital signature scheme that allows aggregation of n distinct signatures by n distinct users on n distinct messages. In this paper, we present an aggregate signcryption scheme (ASC) that is useful for reducing the size of certification chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols. The new ASC scheme combines identity-based encryption and the aggregation of signatures in a practical way that can simultaneously satisfy the security requirements for confidentiality and authentication. We formally prove the security of the new scheme in a random oracle model with respect to security properties IND-CCA2, AUTH-CMA2, and EUF-CMA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.3-10
• /
• 2013

Several identity-based and authenticated key agreement protocols have been proposed. It remains at issue to design secure identity based and authenticated key agreement protocols. In this paper, we propose a one round authenticated group key agreement protocol which uses one more key pair as well as the public key and private key of typical IBE(Identity-Based Encryption) system. The proposed protocol modified Shi et al.'s protocol and He et al.'s protocol. The public and private keys and the signature process of our protocol are simpler than them of their protocols. Our protocol is secure and more efficient than their protocols in communication and computation costs.