• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권7호
• /
• pp.2703-2718
• /
• 2015

Nowadays, public cloud storage is gaining popularity and a growing number of users are beginning to use the public cloud storage for online data storing and sharing. However, how the encrypted data stored in public clouds can be effectively shared becomes a new challenge. Proxy re-encryption is a public-key primitive that can delegate the decryption right from one user to another. In a proxy re-encryption system, a semi-trusted proxy authorized by a data owner is allowed to transform an encrypted data under the data owner's public key into a re-encrypted data under an authorized recipient's public key without seeing the underlying plaintext. Hence, the paradigm of proxy re-encryption provides a promising solution to effectively share encrypted data. In this paper, we propose a new certificate-based proxy re-encryption scheme for encrypted data sharing in public clouds. In the random oracle model, we formally prove that the proposed scheme achieves chosen-ciphertext security. The simulation results show that it is more efficient than the previous certificate-based proxy re-encryption schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제13권2호
• /
• pp.1043-1063
• /
• 2019

With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

• Journal of the Korean Data and Information Science Society
• /
• 제20권6호
• /
• pp.1177-1190
• /
• 2009

In this paper, we propose a fuzzy proxy cache scheme for caching web documents in mobile base stations. In this scheme, a mobile cache model is used to facilitate data caching and data replication. Using the proposed cache scheme, the individual proxy in the base station makes cache decisions based solely on its local knowledge of the global cache state so that the entire wireless proxy cache system can be effectively managed without centralized control. To improve the performance of proxy caching, the proposed cache scheme predicts the direction of movement of mobile hosts, and uses various cache methods for neighboring proxy servers according to the fuzzy-logic-based control rules based on the membership degree of the mobile host. The performance of our cache scheme is evaluated analytically in terms of average response delay and average energy cost, and is compared with that of other mobile cache schemes.

• 한국정보통신학회논문지
• /
• 제12권8호
• /
• pp.1463-1472
• /
• 2008

본 논문에서는 XMDR(eXtended Meta-Data Resistry) 데이터 허브 기반의 Proxy Database를 이용하여 Legacy Database간의 데이터 상호운용이 가능한 프레임워크를 제안한다. 협 업 환경에서는 Legacy Database간의 상호운용을 하는데 있어서 데이터의 구조, 의미, 형식상의 이질적인 문제들이 발생한다. 또한 실시간으로 변화하는 데이터를 종류와 형식에 관계없이 지속적으로 일관성을 유지하기가 어렵다. 본 논문에서는 XMDR 데이터 허브를 이용하여 Legacy DB간의 데이터 통합 및 상호운용에서 발생할 수 있는 이 질적인 문제를 해결한다. Proxy Database를 이용하여 상호운용하고자 하는 데이터들이 종류와 형식에 상관없이 호환이 가능하고, 지속적으로 정확한 정보를 실시간으로 일관성 있게 제공하는 프레임워크를 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권3호
• /
• pp.991-1013
• /
• 2020

E-health services have provided interoperability between personal health devices in personal area network, based the ISO/IEEE 11073 standard. In the healthcare system, the manager handles most agents concurrently through wireless communication. However, due to the distance limitation and the increased number of agents, it may be difficult to provide continuous connectivity. Recently, body area devices have been equipped with various applicable agents, which can even handle agents on behalf of the manager. A BAD may act as an intermediary device to increase system efficiency and performance. In this study, a device called "proxy", which can be installed as software on BAD devices, is proposed. The data measured by an agent can be sent to the proxy first, and subsequently be sent to the manager again. Agents and the manager are not aware of the proxy existence and work normally without the proxy. Furthermore, a new smart proxy and modified manager are proposed. The smart proxy acts as one agent handling measurement data from several agents, which can transmit a significant amount of data at once. The proxy and smart proxy maintain compatibility with existing devices that conform to the 20601 standard. The proposed schemes are verified and the complexities of devices are analyzed. The analysis shows no significant difference among the proxy, smart proxy, and manager. Simulations exhibit that the proposed schemes can improve the system performance.

• 한국통신학회논문지
• /
• 제37권4B호
• /
• pp.288-299
• /
• 2012

최근 모바일 클라우드 환경에서 공유되는 데이터의 기밀성과 유연성있는 접근제어를 보장하기 위해서 KP-ABE(Key Policy-Attribute Based Encryption)와 PRE(Proxy Re-Encryption)를 활용한 시스템 모델이 제안되었다. 그러나 기존 방식은 철회된 사용자와 클라우드 서버간의 공모 공격으로 데이터 기밀성을 침해하게 된다. 이러한 문제를 해결하기 위해서 제안 방식은 클라우드 서버에 저장되는 데이터 파일(data file)을 분산 저장하여 데이터 기밀성을 보장하고 비밀분산(Secret Sharing)를 통해서 프록시 재암호화키에 대한 변조 공격을 방지한다. 그리고 제안방식을 의료 환경에 적용한 프로토콜 모델을 구성한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제14권1호
• /
• pp.455-472
• /
• 2020

As a user in modern societies with the rapid growth of Internet environment and more complicated business flow processes in order to be effective at work and accomplish things on time when the manager of the company went for a business trip, he/she need to delegate his/her signing authorities to someone such that, the delegatee can act as a manager and sign a message on his/her behalf. In order to make the delegation process more secure and authentic, we proposed a secure and efficient identity-based proxy signcryption in cloud data sharing (SE-IDPSC-CS), which provides a secure privilege delegation mechanism for a person to delegate his/her signcryption privilege to his/her proxy agent. Our scheme allows the manager of the company to delegate his/her signcryption privilege to his/her proxy agent and the proxy agent can act as a manager and generate signcrypted messages on his/her behalf using special information called "proxy key". Then, the proxy agent uploads the signcrypted ciphertext to a cloud service provider (CSP) which can only be downloaded, decrypted and verified by an authorized user at any time from any place through the Internet. Finally, the security analysis and experiment result determine that the proposed scheme outperforms previous works in terms of functionalities and computational time.

• 대한전자공학회:학술대회논문집
• /
• 대한전자공학회 2002년도 ITC-CSCC -1
• /
• pp.121-124
• /
• 2002

The proxy mechanism widely used in WWW systems offers low-delay data delivery by means of "proxy server". By applying the proxy mechanisms to the video streaming system, we expect that high-quality and low-delay video distribution can be accomplished without introducing extra load on the system. In addition, it is effective to adapt the quality of cached video data appropriately in the proxy if user requests are diverse due to heterogeneity in terms of the available bandwidth, end-system performance, and user′s preferences on the perceived video quality. We have proposed proxy caching mechanisms to accomplish the high-quality and highly-interactive video streaming services. In our proposed system, a video stream is divided into blocks for efficient use of the cache buffer. The proxy server is assumed to be able to adjust the quality of a cached or retrieved video block to the request through video filters. In this paper, to verify the practicality of our mechanisms, we implemented them on a real system and conducted experiments. Through evaluations from several performance aspects, it was shown that our proposed mechanisms can provide users with a low-latency and high-quality video streaming service in a heterogeneous environment.

• 정보처리학회논문지C
• /
• 제9C권1호
• /
• pp.79-88
• /
• 2002

트랜스코딩(transcoding) 프록시 서버는 무선 이동 데이터 망을 통한 웹 검색 시의 응답지연을 줄이기 위하여 널리 채택되고 있는 기술 중 하나이다. 그러나, 프록시 서버로 네트워크 트래픽이 집중되는 병목현상이 발생할 수 있다는 점과 프록시 서버에 문제가 발생하면 전체 서비스가 중단된 수 있다는 점이 이 기술이 갖는 단점이다. 본 논문에서는 이러한 문제를 해결하기 위하여 분산 프록시 서버 시스템을 제안한다. 제안하는 시스템은 지역적으로 분산된 다수의 프록시 서버로 구성되며, 각 프록시 서버는 하나 또는 다수의 셀들로 구성되는 지역내의 서비스를 담당하도록 하여 프록시 서버의 작업량을 분담시킨다. 이들 서비스 지역 간에 클라이언트의 이동이 발생한 경우 프록시 서버간의 핸드오프 프로토콜에 의하여 변환 서비스가 지속적으로 이루어지도록 한다. 또한, 프록시 서버 간의 핸드오프 처리론 수행할 수 있도록 개선된 프록시 서버와 클라이언트 에이전트의 구조를 소개하고 이들의 성능을 실험을 통하여 분석한다.

• 한국통신학회논문지
• /
• 제36권11B호
• /
• pp.1269-1276
• /
• 2011

Proxy Mobile IPv6 (PMIPv6) 프로토콜에서는 단말간 통신 시에 모든 데이터 패킷이 Local Mobility Anchor (LMA)를 거쳐 전달되어 통신단말이 모두 동일 망에 위치한 경우 데이터 패킷이 최적화되지 않은 경로를 사용함으로 인해 성능이 저하된다. 본 논문에서는 Binding Query를 활용한 PMIPv6의 경로최적화 기법을 제안한다. 제안되는 Query-based PMIPv6 (Q-PMIPv6) 기법에서 Correspondent Node (CN)의 Mobile Access Gateway (MAG)는 Mobile Node (MN)의 Proxy Care-of-Address를 획득하기 위하여 LMA로 Binding Query를 보내고, 이후에 CN과 MN는 최적화된 경로를 이용하여 데이터 전송을 수행한다. 성능분석을 위해 제안하는 Q-PMIPv6 기법과 기존의 PMIPv6 및 PMIPv6 Localized Routing (PMIPv6-LR) 기법을 이론적인 수치 분석 및 ns-2 시뮬레이션을 통해 비교하였다. 비교 분석 결과, 제안하는 Q-PMIPv6 기법이 시그널링 비용 및 데이터 전달 비용 측면에 서 기존 PMIPv6 및 PMIPv6-LR 기법에 비해 우수함을 확인하였다.