• Title/Summary/Keyword: Public-key cryptosystem

Search Result 163, Processing Time 0.021 seconds

Recent Trend Analysis of Certificate Revocation Mechanism (인증서 폐기 메커니즘의 최근 동향 분석)

  • 황원섭;김자영;정수민;윤동식
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.77-82
    • /
    • 2004
  • The notion of a certificate was introduced by Kohnfelder in his 1978 MIT bachelor's thesis. The idea, now common, was that a certificate is a digitally signed statement binding the key-holder's name to a public key. With the increasing acceptance of digital certificate, there has been a gaining impetus for methods to nullify the compromised digital certificates and enable the end user to receive this information before be trusts a revoked certificate. The problem of certificate revocation is getting more and more crucial with the development of wide spread PKIs. In this paper, we investigate recent trend of certificate revocation mechanism.

  • PDF

A License Administration Protocol Providing User Privacy in Digital Rights Management (디지털 저작권 관리에서 사용자의 프라이버시 보호를 제공하는 라이센스 관리 프로토콜)

  • 박복녕;김태윤
    • Journal of KIISE:Information Networking
    • /
    • v.30 no.2
    • /
    • pp.189-198
    • /
    • 2003
  • As people are damaged increasingly by personal information leakage, awareness about user privacy infringement is increasing. However, the existing DRM system does not support the protection of user's personal information because it is not necessary for the protection of copyrights. This paper is suggesting a license administration protocol which is more powerful to protect personal information in DRM. To protect the exposure of users identifier, this protocol uses temporary ID and token to guarantee anonymity and it uses a session key by ECDH to cryptography and Public-Key Cryptosystem for a message so that it can protect the exposure of personal information and user's privacy.

Key-pair(Public key, Private key) conflict analysis using OpenSSL (OpenSSL을 이용한 키쌍(공개키·개인키) 충돌율 분석)

  • Lee, Kwang-Hyoung;Park, Jeong-Hyo;Jun, Moon-Seog
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.15 no.8
    • /
    • pp.5294-5302
    • /
    • 2014
  • The development of public-key-based technique that enables a variety of services(E-government, e-banking, e-payment, etc.) evaluated as having complete safety. On the other hand, vulnerabilities(e.g, heartbleed bug, etc.) are constantly being discovered. In this paper, a public key infrastructure to verify the safety and reliability, the collision rate using OpenSSL key pair was analyzed. the experiment was performed using the following procedure. Openssl was used to create five private certification agencies, and each of the private certificate authority certificates to create 2 million, generating a total of 10 million by the certificate of the key pair conflicts analysis. The results revealed 35,000 in 1 million, 0.35% chance of a public key, a private key conflict occurred. This is sufficient in various fields(E-payment, Security Server, etc.). A future public-key-based technique to remove the threat of a random number generator, large minority issues, in-depth study of selection will be needed.

A New Sender-Side Public-Key Deniable Encryption Scheme with Fast Decryption

  • Barakat, Tamer Mohamed
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.8 no.9
    • /
    • pp.3231-3249
    • /
    • 2014
  • Deniable encryption, introduced in 1997 by Canetti, Dwork, Naor, and Ostrovsky, guarantees that the sender or the receiver of a secret message is able to "fake" the message encrypted in a specific ciphertext in the presence of a coercing adversary, without the adversary detecting that he was not given the real message. Sender - side deniable encryption scheme is considered to be one of the classification of deniable encryption technique which defined as resilient against coercing the sender. M. H. Ibrahim presented a sender - side deniable encryption scheme which based on public key and uncertainty of Jacobi Symbol [6]. This scheme has several problems; (1) it can't be able to derive the fake message $M_f$ that belongs to a valid message set, (2) it is not secure against Quadratic Residue Problem (QRP), and (3) the decryption process is very slow because it is based dramatically on square root computation until reach the message as a Quadratic Non Residue (QNR). The first problem is solved by J. Howlader and S. Basu's scheme [7]; they presented a sender side encryption scheme that allows the sender to present a fake message $M_f$ from a valid message set, but it still suffers from the last two mentioned problems. In this paper we present a new sender-side deniable public-key encryption scheme with fast decryption by which the sender is able to lie about the encrypted message to a coercer and hence escape coercion. While the receiver is able to decrypt for the true message, the sender has the ability to open a fake message of his choice to the coercer which, when verified, gives the same ciphertext as the true message. Compared with both Ibrahim's scheme and J. Howlader and S. Basu's scheme, our scheme enjoys nice two features which solved the mentioned problems: (1) It is semantically secure against Quadratic Residue Problem; (2) It is as fast, in the decryption process, as other schemes. Finally, applying the proposed deniable encryption, we originally give a coercion resistant internet voting model without physical assumptions.

A Method for Detection of Private Key Compromise (서명용 개인키 노출 탐지 기법)

  • Park, Moon-Chan;Lee, Dong-Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.5
    • /
    • pp.781-793
    • /
    • 2014
  • A Public Key Infrastructure (PKI) is security standards to manage and use public key cryptosystem. A PKI is used to provide digital signature, authentication, public key encryption functionality on insecure channel, such as E-banking and E-commerce on Internet. A soft-token private key in PKI is leaked easily because it is stored in a file at standardized location. Also it is vulnerable to a brute-force password attack as is protected by password-based encryption. In this paper, we proposed a new method that detects private key compromise and is probabilistically secure against a brute-force password attack though soft-token private key is leaked. The main idea of the proposed method is to use a genuine signature key pair and (n-1) fake signature key pairs to make an attacker difficult to generate a valid signature with probability 1/n even if the attacker found the correct password. The proposed method provides detection and notification functionality when an attacker make an attempt at authentication, and enhances the security of soft-token private key without the additional cost of construction of infrastructure thereby extending the function of the existing PKI and SSL/TLS.

Design and Verification of Applied Public Information Based Authentication Protocol in the Message Security System (공개정보를 이용한 메시지 보안 시스템의 인증 프로토콜 설계 및 검증)

  • 김영수;신승중;최흥식
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.8 no.1
    • /
    • pp.43-54
    • /
    • 2003
  • E-Commerce, characterized by the exchange of message, occurs between individuals, organizations, or both. A critical promotion factor of e-Commerce is message authentication, the procedure that allows communicating parties to verify the received messages are authentic. It consists of message unforgery, message non-repudiation, message unalteration, and origin authentication. It is possible to perform message authentication by the use of public key encryption. PGP(Pretty Good Privacy) based on X.400 MHS(Message Handling System) and PKC(Public Key Cryptosystem) makes extensive use of message exchange. In this paper we propose, design and implement NMAP(New Message Authentication Protocol), an applied public information based encryption system to solve the message authentication problem inherent in public key encryption such as X.400 protocol and PGP protocol and were to cope with the verification of NMAP using fuzzy integral. This system is expected to be use in the promotion of the e-Commerce and can perform a non-interactive authentication service.

  • PDF

Enhancing Accuracy Performance of Fuzzy Vault Non-Random Chaff Point Generator for Mobile Payment Authentication

  • Arrahmah, Annisa Istiqomah;Gondokaryono, Yudi Satria;Rhee, Kyung-Hyune
    • Journal of Multimedia Information System
    • /
    • v.3 no.2
    • /
    • pp.13-20
    • /
    • 2016
  • Biometric authentication for account-based mobile payment continues to gain attention because of improvements on sensors that can collect biometric information. We propose an enhanced method for mobile payment security based on biometric authentication. In this mobile payment system, the communication between the user and the relying party is based on public key infrastructure. This method secures both the key and the biometric template in the user side using fuzzy vault biometric cryptosystems, which is based on non-random chaff point generator. In this paper, we consider an important process for the common fuzzy vault system, that is, the feature extraction method. We evaluate various feature extraction methods to enhance the accurate performance of the system.

A Remote User Authentication Scheme Using Smart Cards (스마트 카드를 이용한 원격 사용자 인증 방안)

  • 유종상;신인철
    • Proceedings of the IEEK Conference
    • /
    • 2001.06c
    • /
    • pp.51-54
    • /
    • 2001
  • Recently Hwang and Li[1] proposed a remote user authentication scheme using smart cards. Their scheme is based on the ElGamal public key cryptosystem and does not need to maintain a password table for verifying the legitimacy of the login users. In this paper, we proposed an advanced user authentication scheme using smart cards. Unlike Hwang and Li's scheme, smart card contains a pair of public parameters(h, P) where h is a hash function which is used in login phase. In result, we reduce one exponential computation frequency in login phase and two exponential computation frequencies in authentication phase with comparing the Hwang and Li's scheme. The proposed scheme not only provides the advantages as security of Hwang and Li's scheme, but also reduces computation cost.

  • PDF

A Polynomial-Time Algorithm for Breaking the McEliece's Public-Key Cryptosystem (McEliece 공개키 암호체계의 암호해독을 위한 Polynomial-Time 알고리즘)

  • Park, Chang-Seop-
    • Proceedings of the Korea Institutes of Information Security and Cryptology Conference
    • /
    • 1991.11a
    • /
    • pp.40-48
    • /
    • 1991
  • McEliece 공개키 암호체계에 대한 새로운 암호해독적 공격이 제시되어진다. 기존의 암호해독 algorithm이 exponential-time의 complexity를 가지는 반면, 본고에서 제시되어지는 algorithm은 polynomial-time의 complexity를 가진다. 모든 linear codes에는 systematic generator matrix가 존재한다는 사실이 본 연구의 동기가 된다. Public generator matrix로부터, 암호해독에 사용되어질 수 있는 새로운 trapdoor generator matrix가 Gauss-Jordan Elimination의 역할을 하는 일련의 transformation matrix multiplication을 통해 도출되어진다. 제시되어지는 algorithm의 계산상의 complexity는 주로 systematic trapdoor generator matrix를 도출하기 위해 사용되는 binary matrix multiplication에 기인한다. Systematic generator matrix로부터 쉽게 도출되어지는 parity-check matrix를 통해서 인위적 오류의 수정을 위한 Decoding이 이루어진다.

  • PDF

Secure Scalar Multiplication with Simultaneous Inversion Algorithm in Hyperelliptic Curve Cryptosystem (초 타원 곡선 암호시스템에서 동시 역원 알고리즘을 가진 안전한 스칼라 곱셈)

  • Park, Taek-Jin
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.4 no.4
    • /
    • pp.318-326
    • /
    • 2011
  • Public key cryptosystem applications are very difficult in Ubiquitos environments due to computational complexity, memory and power constrains. HECC offers the same of levels of security with much shorter bit-lengths than RSA or ECC. Scalar multiplication is the core operation in HECC. T.Lange proposed inverse free scalar multiplication on genus 2 HECC. However, further coordinate must be access to SCA and need more storage space. This paper developed secure scalar multiplication algorithm with simultaneous inversion algorithm in HECC. To improve the over all performance and security, the proposed algorithm adopt the comparable technique of the simultaneous inversion algorithm. The proposed algorithm is resistant to DPA and SPA.