• Title/Summary/Keyword: Private key

Search Result 695, Processing Time 0.031 seconds

An Extensional Client Authorization Scheme for IoT Scenarios by Using OAuth 2.0 and PoP Token

  • Xiaonan, Xing;Jang, Sunggyun;Joe, Inwhee
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2017.11a
    • /
    • pp.200-202
    • /
    • 2017
  • To improve the security of OAuth 2.0 access token transportation and satisfy the challenge of resources constraint caused by the bearer token access mechanism of the OAuth 2.0, we proposed an extensional client authentication scheme that is based on the Proof-of-Possession (PoP) token mechanism. By improving the integrity of PoP token, we bind a PoP key of a public/private key pair to the PoP token. The authorization server and the resource server can authenticate the identity of the client by verifying whether the client has the possession of the PoP token. If the client can prove that it has a PoP key that matches the PoP token, then the identity of the client can be authenticated. This experimental evaluation can confirm that this scheme effectively dealing with the issue of client identity authentication and reduce resources consumption.

Secure and Efficient Privacy-Preserving Identity-Based Batch Public Auditing with Proxy Processing

  • Zhao, Jining;Xu, Chunxiang;Chen, Kefei
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.2
    • /
    • pp.1043-1063
    • /
    • 2019
  • With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

Design of Online Certificate Revocation Information Transfer using Verifier Lists (검증자목록을 이용한 실시간 인증서 폐지 정보 전송의 설계)

  • 이용준;정재동;오해석
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.6
    • /
    • pp.45-54
    • /
    • 2003
  • A public key certificate may be revoked before its validity period due to causes like the owner identification information change or the private key damage. Since a certificate has long valid time relatively, it is possible to become revoked during lifetime of certificate. The main technical issue in the public key infrastructure is how to handle the status of the certificate. We propose a simple mechanism for online certificate status validation that is suited to the financial network The characteristic of the proposed method is to broadcast certificate revocation information by using verifier list. The experimental results provide the same realtime as OCSP(Online Certificate Status Protocol). The proposed mechanism reduces the network load for certificate status validation in highly concentrated unbearable network.

Similarity measurement based on Min-Hash for Preserving Privacy

  • Cha, Hyun-Jong;Yang, Ho-Kyung;Song, You-Jin
    • International Journal of Advanced Culture Technology
    • /
    • v.10 no.2
    • /
    • pp.240-245
    • /
    • 2022
  • Because of the importance of the information, encryption algorithms are heavily used. Raw data is encrypted and secure, but problems arise when the key for decryption is exposed. In particular, large-scale Internet sites such as Facebook and Amazon suffer serious damage when user data is exposed. Recently, research into a new fourth-generation encryption technology that can protect user-related data without the use of a key required for encryption is attracting attention. Also, data clustering technology using encryption is attracting attention. In this paper, we try to reduce key exposure by using homomorphic encryption. In addition, we want to maintain privacy through similarity measurement. Additionally, holistic similarity measurements are time-consuming and expensive as the data size and scope increases. Therefore, Min-Hash has been studied to efficiently estimate the similarity between two signatures Methods of measuring similarity that have been studied in the past are time-consuming and expensive as the size and area of data increases. However, Min-Hash allowed us to efficiently infer the similarity between the two sets. Min-Hash is widely used for anti-plagiarism, graph and image analysis, and genetic analysis. Therefore, this paper reports privacy using homomorphic encryption and presents a model for efficient similarity measurement using Min-Hash.

Implementing M-SIDH: Performance and Efficiency Evaluation (M-SIDH 구현 및 성능 평가를 통한 효율성 연구)

  • Suhri Kim;Minhye Seo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.4
    • /
    • pp.591-599
    • /
    • 2023
  • Due to the recent attack by Castryck-Decru, the private key of SIDH can be recovered in polynomial time so several methods have been proposed to prevent the attack. Among them, M-SIDH proposed by Fouotsa et al, counteracts the attack by masking the torsion point information during the key exchange. In this paper, we implement M-SIDH and evaluate its performance. To the best of our knowledge, this is the first implementation of M-SIDH in C language. Toward that end, we propose a method to select parameters for M-SIDH instantiation and propose a 1024-bit prime for implementation. We implemented the square-root Velu formula over the extension field for further optimization. As a result, 1129 ms is required for a key exchange in the case of MSIDH-1024, providing the classic 64-bit security level.

Development of Unique Registration Number System for Construction Site Integrated DB (건설 통합DB 구축을 위한 시공현장등록번호 체계 개발)

  • Hur, Youn Kyoung;Lee, Seung Woo;Yoo, Wi Sung;Kim, Sung Hwan;Sung, Yookyung
    • Proceedings of the Korean Institute of Building Construction Conference
    • /
    • 2023.05a
    • /
    • pp.367-368
    • /
    • 2023
  • Kiscon, Seumteo, KONEPS and CSI are representative construction-related DBs. All four DBs are operated by the public. However, the characteristics of data are different depending on the purpose. Therefore, it is difficult to utilize integrated data and it is only used sparingly. Creating and sharing a unique key that can identify a construction site will enable integrated accumulation and management of construction-related data for various purposes. At this point, it is most efficient to assign a unique key based on KISCON. KISCOn data conforms to the construction site definition and covers most of the public, private, architectural and civil works. In addition, there is an advantage in that DB construction is performed in the construction situation, which is a relatively preceding process. In the future, it is necessary to create a practical construction site integrated DB through the production of an integrated key table containing linkage information of unique keys for site management, performance indicators, and statistics production.

  • PDF

Incorporating RSA with a New Symmetric-Key Encryption Algorithm to Produce a Hybrid Encryption System

  • Prakash Kuppuswamy;Saeed QY Al Khalidi;Nithya Rekha Sivakumar
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.1
    • /
    • pp.196-204
    • /
    • 2024
  • The security of data and information using encryption algorithms is becoming increasingly important in today's world of digital data transmission over unsecured wired and wireless communication channels. Hybrid encryption techniques combine both symmetric and asymmetric encryption methods and provide more security than public or private key encryption models. Currently, there are many techniques on the market that use a combination of cryptographic algorithms and claim to provide higher data security. Many hybrid algorithms have failed to satisfy customers in securing data and cannot prevent all types of security threats. To improve the security of digital data, it is essential to develop novel and resilient security systems as it is inevitable in the digital era. The proposed hybrid algorithm is a combination of the well-known RSA algorithm and a simple symmetric key (SSK) algorithm. The aim of this study is to develop a better encryption method using RSA and a newly proposed symmetric SSK algorithm. We believe that the proposed hybrid cryptographic algorithm provides more security and privacy.

A Design of Certificate Password Recovery Using Decentralized Identifier (DID를 사용한 인증서 암호 복구)

  • Kim, Hyeong-uk;Kim, Sang-jin;Kim, Tae-jin;Yu, Hyeong-geun
    • Journal of Venture Innovation
    • /
    • v.2 no.2
    • /
    • pp.21-29
    • /
    • 2019
  • In the public certificate technology commonly used in Korea, users have a cumbersome problem of always resetting when they forget their password. In this paper, as a solution to this problem, we propose a secure authentication certificate password recovery protocol using blockchain, PKI, and DID for distributed storage. DID is a schema for protecting block ID in blockchain system. The private key used in the PKI is configured as a user's biometric, for example, a fingerprint, so that it can completely replace the memory of the complex private key. To this end, based on the FIDO authentication technology that most users currently use on their smartphones, the process of authenticating a user to access data inside the block minimizes the risk of an attacker taking over the data.

Design and Implementation of Virtual and Invisible Private Disk (VIPDISK) having Secure Storage Device (보안 저장장치를 구비한 가상의 인비저블한 보안 디스크 (VIPDISK) 설계 및 구현)

  • Quan, Shan Guo;Kwon, Yong-Gu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.781-792
    • /
    • 2015
  • This paper proposes a virtual and invisible private disk (VIPDISK) technology equipped with the secure storage devices. As a software based security technology, it can create hidden partitions on any data storage device which can not be identified by the windows OS, so the program running on it, does not have any evidence of the existence of the hidden storage space. Under inactive state, it maintains an unexposed secure partition which can only be activated with a matching combination of a unique digital key and a user password to open the decryption tool. In addition, VIPDISK can store data to secure storage device with real-time encryption, it is worry-free even in the case of lost or theft. Simulation results show that VIPDISK provides a much higher level of security compared to other existing schemes.

An Efficient Authentication Protocol for GPS Information Exchange between Cars Using the Base Station (기지국을 이용한 차량간 GPS 정보 교환을 위한 효율적인 인증 프로토콜)

  • Cho, KookRae;Son, Jong-Wuk;Cho, HuiSup
    • IEMEK Journal of Embedded Systems and Applications
    • /
    • v.5 no.3
    • /
    • pp.118-127
    • /
    • 2010
  • Inter-vehicle communication is one of the most important parts in Intelligent Vehicle System. Through this communication, drivers can recognize what is happening out of their sights, such as the freezing condition of the street, traffic accidents, and so on. Each car in IVS gives various services to the drivers after analyzing those received information from cars or a base station. If the message is, however, exchanged from car to car directly, the computation cost which is needed for all the car to authenticate the transmitted message between nearby cars is tremendously high. Therefore, one can naturally think that the message communication between cars is performed with the help of the base station to reduce the computation cost. In this case where the base station collects all the information transmitted from cars and broadcasts them nearby, there should be an efficient way both for the base station to authenticate the car message within its communication range and for the car to authenticate the information received from the base station. In this paper, we present a two-way authentication protocol using a hash chain to efficiently exchange GPS information between a car and a base station. This information can be used to provide a driver with the navigation which displays all the moving cars around him in real time. When a car goes into an area of a base station, the car authenticates itself to the base station using its private key of PKI, sends a commitment of a hash chain, then starts to send a message with the hash value for authentication. The message includes GPS information, driver's status and so on. The base station also authenticates itself to the nearby cars using its private key, transmits the commitment of the hash chain, and sends all the messages gathered from cars with authentication information.