• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1539-1550
• /
• 2016

In modern society, the number of applications, which needs storage, is increased. Among them, the advance of FinTech increased the importance of storage encryption. FinTech storage, storing sensitive information, should be kept secure. Unless the storage is kept, many users will be damaged monetarily. To prevent this problem, we should encrypt the storage. A EncFS, which is one of the most popular storage encryption application, uses different IVs for each block to provide higher levels of security in the encryption algorithm. However, there is a vulnerability related to the usage of same IVs. In this paper, we propose a technique that decrypts the ciphertexts without knowing the secret key by using the vulnerability. Moreover, we show that the EncFS is not secure under IND-CPA model and propose a new scheme which is secure under IND-CPA model.

• JSTS:Journal of Semiconductor Technology and Science
• /
• v.12 no.2
• /
• pp.240-253
• /
• 2012

In this paper we propose a protection mechanism for the debug port. While debug ports are useful tools for embedded device development and maintenance, they can also become potential attack tools for device hacking in case their usage is permitted to hackers with malicious intentions. The proposed approach prevents illicit use of debug ports by controlling access through user authentication, where the device generates and issues authentication token only to the server-authenticated users. An authentication token includes user access information which represents the user's permitted level of access and the maximum number of authentications allowed using the token. The device authenticates the user with the token and grants limited access based on the user's access level. The proposed approach improves the degree of overall security by removing the need to expose the device's secret key. Availability is also enhanced by not requiring server connection after the initial token generation and further by supporting flexible token transfer among predefined device groups. Low implementation cost is another benefit of the proposed approach, enabling it to be adopted to a wide range of environments in demand of debug port protection.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.1
• /
• pp.11-22
• /
• 1997

The fractal image compression partitions an original image into blocks of equal size and searches a do-main block having self-similarity. This method of compression achieves high compression ratio because it is unnecessary to transmit the additional codebook to receiver and it provides good quality of reconstructed images. In spite of these advantages, this method has a drawback in which encoding time increase due to a complicated linear transformation for determining a similar-domain block. In this paper, a fast fractal image compression method is proposed by decreasing the number of transformation usings AC(alternating current) coefficients of block. The proposed method also has a good quality as compared with the well-known fractal codings. Furthermore, method also has a good quality as apply the video steganography that can conceal an important secret data.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5653-5672
• /
• 2019

In cloud computing era, an increasing number of resource-constrained users outsource their data to cloud servers. Due to the untrustworthiness of cloud servers, it is important to ensure the integrity of outsourced data. However, most of existing solutions still have challenging issues needing to be addressed, such as the identity privacy protection of users, the traceability of users, the supporting of dynamic user operations, and the publicity of auditing. In order to tackle these issues simultaneously, in this paper, we propose a traceable dynamic public auditing scheme with identity privacy preserving for cloud storage. In the proposed scheme, a single user, including a group manager, is unable to know the signer's identity. Furthermore, our scheme realizes traceability based on a secret sharing mechanism and supports dynamic user operations. Based on the security and efficiency analysis, it is shown that our scheme is secure and efficient.

• Proceedings of the IEEK Conference
• /
• 2003.07e
• /
• pp.2411-2414
• /
• 2003

In this paper, we present a digital image authentication using semi-fragile watermarking techniques. The algorithm is robust to innocuous manipulations while detecting malicious manipulations. Specifically, the proposed method is designed for the purpose of the real time authentication of an image frame captured from a digital camera due to its easy H/W implementation, security and visible verification. To achieve the semi-fragile characteristics that survive a certain amount of compression, we employ the invariant property of DCT coefficients' quantization proposed by Lin and Chang [1]. The binary watermark bits are generated by exclusive ORing the binary logo with pseudo random binary sequences. Then watermark bits are embedded into the LSBs of pre-quantized DCT coefficients in the medium frequency range. Verification is carried out easily due to visually recognizable pattern of the logo extracted by exclusive ORing the LSBs of the embedded DCT coefficient with pseudo random number seeded by a secret key. By the experiment results, this method is not only robust to JPEG compression but also it detects powerfully alterations of the original image, such as the tempering of images.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.30 no.6C
• /
• pp.607-615
• /
• 2005

Group key agreement protocols are designed to allow a group of parties communicating over a public network to securely establish a common secret key. Over the years, a number of solutions to this problem have been proposed with varying degrees of complexity. However, there seems to have been no previous systematic look at the growing problem of key agreement over combined wired/wireless networks, consisting of both high-performance computing machines and low-power mobile devices. In this paper we present an efficient group key agreement scheme well suited for this networking environment. Our scheme meets efficiency, scalability, and all the desired security requirements.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.2
• /
• pp.167-175
• /
• 2008

The current pre-distribution of secret keys uses a-composite random key and it randomly allocates keys. But there exists high probability not to be public-key among nodes and it is not efficient to find public-key because of the problem for time and energy consumption. We presents key establishment scheme designed to satisfy authentication and confidentiality, without the need of a key distribution center. Proposed scheme is scalable since every node only needs to hold a small number of keys independent of the network size, and it is resilient against node capture and replication due to the fact that keys are localized. In simulation result, we estimate process time of parameter used in proposed scheme and efficiency of Proposed scheme even if increase ECC key length.

• The Journal of Industrial Distribution & Business
• /
• v.10 no.4
• /
• pp.25-31
• /
• 2019

Purpose - A framework is suggested in this paper which will help crowdfunding platforms to match projects according to expectations of funders, leading to successful campaigns and thus increase the profitability of the crowdfunding platform. Research design, data, and methodology - The paper is theoretical and conceptual in nature which proposes a model for crowdfunding platforms to match expectations of crowds with project fundraisers. Results - Crowdfunding platforms are going through incremental innovations in order to match customer (funders and fundraisers) expectations. Leading crowdfunding platforms like Kickstart holds benchmark for other players in the market but the secret of success lies in matching quality projects with the appropriate funders. Crowdfunding platforms have to securitize the projects and allow only quality projects but also provide a wide range of options for funders. Thus, to manage this trade-off between quality and quantity of options, a framework is proposed. Conclusions - Crowdfunding platforms have to adopt a model which will help them in providing a perfect match between crowds and fundraisers. Each member of the crowd and every project will be assigned a category and rating based on the past records. Securitization of projects will help to entertain only demanded projects which will reduce the number of failing campaigns.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.157-158
• /
• 2013

Data privacy and access control policies in computer clouds are a prime concerns while talking about the sensitive data. Authorized access is ensured with the help of secret keys given to a range of valid users. Granting the role access is a trivial matter but revoking user access is tricky and compute intensive. To revoke a user and making his data access ineffective the data owner has to compute new set of keys for the rest of effective users. This situation is inappropriate where user revocation is a frequent phenomenon. Time based revocation is another way to deal this issue where key for data access expires automatically. This solution rests in a very strong assumption of time determination in advance. In this paper we have proposed a mutable encryption for oblivious data access in cloud storage where the access key becomes ineffective after defined number of threshold by the data owner. The proposed solution adds to its novelty by introducing mutable encryption while accessing the data obliviously.

• International Journal of Computer Science & Network Security
• /
• v.21 no.3
• /
• pp.83-93
• /
• 2021

COVID-19 poses a major risk to global health, highlighting the importance of faster and proper diagnosis. To handle the rise in the number of patients and eliminate redundant tests, healthcare information exchange and medical data are transmitted between healthcare centres. Medical data sharing helps speed up patient treatment; consequently, exchanging healthcare data is the requirement of the present era. Since healthcare professionals share data through the internet, security remains a critical challenge, which needs to be addressed. During the COVID-19 pandemic, computed tomography (CT) and X-ray images play a vital part in the diagnosis process, constituting information that needs to be shared among hospitals. Encryption and image steganography techniques can be employed to achieve secure data transmission of COVID-19 images. This study presents a new encryption with the image steganography model for secure data transmission (EIS-SDT) for COVID-19 diagnosis. The EIS-SDT model uses a multilevel discrete wavelet transform for image decomposition and Manta Ray Foraging Optimization algorithm for optimal pixel selection. The EIS-SDT method uses a double logistic chaotic map (DLCM) is employed for secret image encryption. The application of the DLCM-based encryption procedure provides an additional level of security to the image steganography technique. An extensive simulation results analysis ensures the effective performance of the EIS-SDT model and the results are investigated under several evaluation parameters. The outcome indicates that the EIS-SDT model has outperformed the existing methods considerably.