• Title/Summary/Keyword: Privacy Authorization

Search Result 39, Processing Time 0.031 seconds

Security Architecture and Authentication Protocol in Portable Internet (휴대인터넷의 보안 구조 및 인증 프로토콜)

  • Lee, Ji-Yong;Choo, Yeon-Seong;Ahn, Jeong-Cheol;Ryu, Dae-Hyeon
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • v.9 no.1
    • /
    • pp.872-875
    • /
    • 2005
  • Portable Internet extended from wireless LAN has a large cell size, similar to a wireless mobile communication, and can provides the seamless service which offers middle-low speed mobility. IEEE 802.16e, the international standard of Portable Internet, uses PKMv2(Privacy Key Management) protocol for authorization and key exchange between a MSS(Mobile Subscriber Station) and a BS(Base Station). This paper first reviews and studies overall security architecture of TTA HPi standard and IEEE 802.16e which supports mobility based on WMAN(Wireless Metropolitan Area Network) standard(IEEE 802.16)

  • PDF

An ID-based Broadcast Encryption Scheme for Cloud-network Integration in Smart Grid

  • Niu, Shufen;Fang, Lizhi;Song, Mi;Yu, Fei;Han, Song
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.9
    • /
    • pp.3365-3383
    • /
    • 2021
  • The rapid growth of data has successfully promoted the development of modern information and communication technologies, which are used to process data generated by public urban departments and citizens in modern cities. In specific application areas where the ciphertext of messages generated by different users' needs to be transmitted, the concept of broadcast encryption is important. It can not only improve the transmission efficiency but also reduce the cost. However, the existing schemes cannot entirely ensure the privacy of receivers and dynamically adjust the user authorization. To mitigate these deficiencies, we propose an efficient, secure identity-based broadcast encryption scheme that achieves direct revocation and receiver anonymity, along with the analysis of smart grid solutions. Moreover, we constructed a security model to ensure wireless data transmission under cloud computing and internet of things integrated devices. The achieved results reveal that the proposed scheme is semantically secure in the random oracle model. The performance of the proposed scheme is evaluated through theoretical analysis and numerical experiments.

Data Access Control Scheme Based on Blockchain and Outsourced Verifiable Attribute-Based Encryption in Edge Computing

  • Chao Ma;Xiaojun Jin;Song Luo;Yifei Wei;Xiaojun Wang
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.7
    • /
    • pp.1935-1950
    • /
    • 2023
  • The arrival of the Internet of Things and 5G technology enables users to rely on edge computing platforms to process massive data. Data sharing based on edge computing refines the efficiency of data collection and analysis, saves the communication cost of data transmission back and forth, but also causes the privacy leakage of a lot of user data. Based on attribute-based encryption and blockchain technology, we design a fine-grained access control scheme for data in edge computing, which has the characteristics of verifiability, support for outsourcing decryption and user attribute revocation. User attributes are authorized by multi-attribute authorization, and the calculation of outsourcing decryption in attribute encryption is completed by edge server, which reduces the computing cost of end users. Meanwhile, We implemented the user's attribute revocation process through the dual encryption process of attribute authority and blockchain. Compared with other schemes, our scheme can manage users' attributes more flexibly. Blockchain technology also ensures the verifiability in the process of outsourcing decryption, which reduces the space occupied by ciphertext compared with other schemes. Meanwhile, the user attribute revocation scheme realizes the dynamic management of user attribute and protects the privacy of user attribute.

Anonymity for Low-Power Sensor Node in Ubiquitous Network (유비쿼터스 네트워크에서 저 전력 센서노드의 익명성)

  • Kim, Dong-Myung;Woo, Sung-Hee;Lee, Sang-Ho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.1 s.39
    • /
    • pp.177-184
    • /
    • 2006
  • The sensors in a ubiquitous network are limited because of the low power and ultra light weight, so many studies have revolved around the sensor. This study improves the process of the registration and authorization and suggests a way to minimize discloser of privacy by using an alias. We introduce RA(Relay Agent) for the restrict function of sensor node, and improve anonymity for private information of each sensor node by assigning alias from SM(Service Manager) in procedure of registration and authentication. The privacy of sensor node is secure in procedure of registration, authentication, and communication between nodes. We could improve the level of security with the only partial increment of computation power of RA and SM without an increase in the amount of sensor nodes.

  • PDF

Black box-assisted fine-grained hierarchical access control scheme for epidemiological survey data

  • Xueyan Liu;Ruirui Sun;Linpeng Li;Wenjing Li;Tao Liu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.17 no.9
    • /
    • pp.2550-2572
    • /
    • 2023
  • Epidemiological survey is an important means for the prevention and control of infectious diseases. Due to the particularity of the epidemic survey, 1) epidemiological survey in epidemic prevention and control has a wide range of people involved, a large number of data collected, strong requirements for information disclosure and high timeliness of data processing; 2) the epidemiological survey data need to be disclosed at different institutions and the use of data has different permission requirements. As a result, it easily causes personal privacy disclosure. Therefore, traditional access control technologies are unsuitable for the privacy protection of epidemiological survey data. In view of these situations, we propose a black box-assisted fine-grained hierarchical access control scheme for epidemiological survey data. Firstly, a black box-assisted multi-attribute authority management mechanism without a trusted center is established to avoid authority deception. Meanwhile, the establishment of a master key-free system not only reduces the storage load but also prevents the risk of master key disclosure. Secondly, a sensitivity classification method is proposed according to the confidentiality degree of the institution to which the data belong and the importance of the data properties to set fine-grained access permission. Thirdly, a hierarchical authorization algorithm combined with data sensitivity and hierarchical attribute-based encryption (ABE) technology is proposed to achieve hierarchical access control of epidemiological survey data. Efficiency analysis and experiments show that the scheme meets the security requirements of privacy protection and key management in epidemiological survey.

Rule-base Expert System for Privacy Violation Certainty Estimation (개인정보유출 확신도 도출을 위한 전문가시스템개발)

  • Kim, Jin-Hyung;Lee, Alexander;Kim, Hyung-Jong;Hwang, Jun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.4
    • /
    • pp.125-135
    • /
    • 2009
  • Logs from various security system can reveal the attack trials for accessing private data without authorization. The logs can be a kind of confidence deriving factors that a certain IP address is involved in the trial. This paper presents a rule-based expert system for derivation of privacy violation confidence using various security systems. Generally, security manager analyzes and synthesizes the log information from various security systems about a certain IP address to find the relevance with privacy violation cases. The security managers' knowledge handling various log information can be transformed into rules for automation of the log analysis and synthesis. Especially, the coverage of log analysis for personal information leakage is not too broad when we compare with the analysis of various intrusion trials. Thus, the number of rules that we should author is relatively small. In this paper, we have derived correlation among logs from IDS, Firewall and Webserver in the view point of privacy protection and implemented a rule-based expert system based on the derived correlation. Consequently, we defined a method for calculating the score which represents the relevance between IP address and privacy violation. The UI(User Interface) expert system has a capability of managing the rule set such as insertion, deletion and update.

Secure Authentication with Mobile Device for Ubiquitous RFID Healthcare System in Wireless Sensor Networks

  • Kim, Jung-Tae
    • Journal of information and communication convergence engineering
    • /
    • v.9 no.5
    • /
    • pp.562-566
    • /
    • 2011
  • As telecommunication technologies in telemedicine services are developed, the expeditious development of wireless and mobile networks has stimulated wide applications of mobile electronic healthcare systems. However, security is an essential system requirement since many patients have privacy concerns when it comes to releasing their personal information over the open wireless channels. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well prepared. In this paper, we analyzed authentication and authorization procedures for healthcare system architecture to apply secure M-health systems in the hospital environment. From the analyses, we estimate optimal requirements as a countermeasure to its vulnerabilities.

An Efficient and Provable Secure Certificateless Identification Scheme in the Standard Model

  • Chin, Ji-Jian;Heng, Swee-Huay;Phan, Raphael C.W.
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.8 no.7
    • /
    • pp.2532-2553
    • /
    • 2014
  • In Asiacrypt 2003, Al-Riyami and Paterson proposed the notion of certificateless cryptography, a technique to remove key escrow from traditional identity-based cryptography as well as circumvent the certificate management problem of traditional public key cryptography. Subsequently much research has been done in the realm of certificateless encryption and signature schemes, but little to no work has been done for the identification primitive until 2013 when Chin et al. rigorously defined certificateless identification and proposed a concrete scheme. However Chin et al.'s scheme was proven in the random oracle model and Canetti et al. has shown that certain schemes provable secure in the random oracle model can be insecure when random oracles are replaced with actual hash functions. Therefore while having a proof in the random oracle model is better than having no proof at all, a scheme to be proven in the standard model would provide stronger security guarantees. In this paper, we propose the first certificateless identification scheme that is both efficient and show our proof of security in the standard model, that is without having to assume random oracles exist.

A Study on Certificate-based Personal Authentification System for Preventing Private Information Leakage through Internet (개인정보 유출 피해 방지를 위한 공인인증서 기반 인터넷 개인인증체계 개선 모델에 관한 연구)

  • Lee, Jung-Hyun;Kwon, Hun-Young;Lim, Jong-In
    • Convergence Security Journal
    • /
    • v.10 no.4
    • /
    • pp.1-11
    • /
    • 2010
  • Recently, We have many private information leakage cases through internet which cause social problems and it is impossible to change or update the leaked information, it is also used to the third crime such as identity theft, internet fraud. Hackers are interested in stealing private information for making money, in this point private information leakage problems are constantly increased hereafter. In this paper, I surveyed the authorization model on site registration which is currently used in Korea, and the problem of collecting personal identification number, I proposed policy model of useless method of private information, especially leaked information can not be used anymore in internet.

Certificate Revocation in Connected Vehicles

  • Sami S. Albouq
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.5
    • /
    • pp.13-20
    • /
    • 2023
  • In connected vehicles, drivers are exposed to attacks when they communicate with unauthenticated peers. This occurs when a vehicle relies on outdated information resulting in interactions with vehicles that have expired or revoked certificates claiming to be legitimate nodes. Vehicles must frequently receive or query an updated revoked certificate list to avoid communicating with suspicious vehicles to protect themselves. In this paper, we propose a scheme that works on a highway divided into clusters and managed by roadside units (RSUs) to ensure authenticity and preserve hidden identities of vehicles. The proposed scheme includes four main components each of which plays a major role. In the top hierarchy, we have the authority that is responsible for issuing long-term certificates and managing and controlling all descending intermediate authorities, which cover specific regions (e.g., RSUs) and provide vehicles with short-term pseudonyms certificates to hide their identity and avoid traceability. Every certificate-related operation is recorded in a blockchain storage to ensure integrity and transparency. To regulate communication among nodes, security managers were introduced to enable authorization and access right during communications. Together, these components provide vehicles with an immediately revoked certificate list through RSUs, which are provided with publish/subscribe brokers that enable a controlled messaging infrastructure. We validate our work in a simulated smart highway environment comprising interconnected RSUs to demonstrate our technique's effectiveness.