• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.1043-1063
• /
• 2019

With delegating proxy to process data before outsourcing, data owners in restricted access could enjoy flexible and powerful cloud storage service for productivity, but still confront with data integrity breach. Identity-based data auditing as a critical technology, could address this security concern efficiently and eliminate complicated owners' public key certificates management issue. Recently, Yu et al. proposed an Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy Processing (https://doi.org/10.3837/tiis.2017.10.019). It aims to offer identity-based, privacy-preserving and batch auditing for multiple owners' data on different clouds, while allowing proxy processing. In this article, we first demonstrate this scheme is insecure in the sense that malicious cloud could pass integrity auditing without original data. Additionally, clouds and owners are able to recover proxy's private key and thus impersonate it to forge tags for any data. Secondly, we propose an improved scheme with provable security in the random oracle model, to achieve desirable secure identity based privacy-preserving batch public auditing with proxy processing. Thirdly, based on theoretical analysis and performance simulation, our scheme shows better efficiency over existing identity-based auditing scheme with proxy processing on single owner and single cloud effort, which will benefit secure big data storage if extrapolating in real application.

• International Journal of Computer Science & Network Security
• /
• v.24 no.5
• /
• pp.95-102
• /
• 2024

In distributed computing, accessible encryption strategy over Auditable data is a hot research field. Be that as it may, most existing system on encoded look and auditable over outsourced cloud information and disregard customized seek goal. Distributed storage space get to manage is imperative for the security of given information, where information security is executed just for the encoded content. It is a smaller amount secure in light of the fact that the Intruder has been endeavored to separate the scrambled records or Information. To determine this issue we have actualize (CBC) figure piece fastening. It is tied in with adding XOR each plaintext piece to the figure content square that was already delivered. We propose a novel heterogeneous structure to evaluate the issue of single-point execution bottleneck and give a more proficient access control plot with a reviewing component. In the interim, in our plan, a CA (Central Authority) is acquainted with create mystery keys for authenticity confirmed clients. Not at all like other multi specialist get to control plots, each of the experts in our plan deals with the entire trait set independently. Keywords: Cloud storage, Access control, Auditing, CBC.

• Journal of KIISE
• /
• v.43 no.10
• /
• pp.1165-1172
• /
• 2016

In cloud storage environment, deduplication enables efficient use of the storage. Also, in order to save network bandwidth, cloud storage service provider has introduced client-side deduplication. Cloud storage service users want to upload encrypted data to ensure confidentiality. However, common encryption method cannot be combined with deduplication, because each user uses a different private key. Also, client-side deduplication can be vulnerable to security threats because file tag replaces the entire file. Recently, proof of ownership schemes have suggested to remedy the vulnerabilities of client-side deduplication. Nevertheless, client-side deduplication over encrypted data still causes problems in efficiency and security. In this paper, we propose a secure and practical client-side encrypted data deduplication scheme that has resilience to brute force attack and performs proof of ownership over encrypted data.

• Journal of Korea Multimedia Society
• /
• v.19 no.2
• /
• pp.308-315
• /
• 2016

With the advancement in the area of cloud storage services as well as a tremendous growth of social networking sites, permission for one web service to act on the behalf of another has become increasingly vital as social Internet services such as blogs, photo sharing, and social networks. With this increased cross-site media sharing, there is a upscale of security implications and hence the need to formulate security protocols and considerations. Recently, OAuth, a new protocol for establishing identity management standards across services, is provided as an alternative way to share the user names and passwords, and expose personal information to attacks against on-line data and identities. Moreover, OwnCloud provides an enterprise file synchronizing and sharing that is hosted on user's data center, on user's servers, using user's storage. We propose a secure Social Networking Site (SSN) access based on OAuth implementation by combining two novel concepts of OAuth and OwnCloud. Security analysis and performance evaluation are given to validate the proposed scheme.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2219-2236
• /
• 2017

With cloud storage services, users can handle an enormous amount of data in an efficient manner. However, due to the widespread popularization of cloud storage, users have raised concerns about the integrity of outsourced data, since they no longer possess the data locally. To address these concerns, many auditing schemes have been proposed that allow users to check the integrity of their outsourced data without retrieving it in full. Yuan and Yu proposed a public auditing scheme with a deduplication property where the cloud server does not store the duplicated data between users. In this paper, we analyze the weakness of the Yuan and Yu's scheme as well as present modifications which could improve the security of the scheme. We also define two types of adversaries and prove that our proposed scheme is secure against these adversaries under formal security models.

• Journal of Information Processing Systems
• /
• v.15 no.5
• /
• pp.1211-1217
• /
• 2019

Developing methods to search over an encrypted database (EDB) have received a lot of attention in the last few years. Among them, order-revealing encryption (OREnc) and order-preserving encryption (OPEnc) are the core parts in the case of range queries. Recently, some ideally-secure OPEnc schemes whose ciphertexts reveal no additional information beyond the order of the underlying plaintexts have been proposed. However, these schemes either require a large round complexity or a large persistent client-side storage of size O(n) where n denotes the number of encrypted items stored in EDB. In this work, we propose a new construction of an efficient OPEnc scheme based on an OREnc scheme. Security of our construction inherits the security of the underlying OREnc scheme. Moreover, we also show that the construction of a non-interactive ideally-secure OPEnc scheme with a constant client-side storage is theoretically possible from our construction.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1083-1086
• /
• 2005

Now these days, many technical concepts and tools have been developed in the cryptographic field. Most digital signature schemes used in practice, such as RSA or DSA, have an important role in information privacy and secure authentication for perfect user. A clearly advantage of such schemes over with security proven relative to such common cryptographic assumptions, is their efficiency: as a result of their relative weak requirements regarding computation, bandwidth and storage, these scheme have so far beaten proven secure schemes in practice. Our aim is to contribute to bridge the gap that exists between the theory and practice of digital signature schemes. In this paper we present a digital signature that ensures information privacy. More precisely, under an appropriate assumption about RSA, the scheme is proven to be existentially forgeable under adaptively chosen message attacks. This mechanism can be applied to smart cards or E-Wallet for maintaining secure authentication for user’s information privacy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.11
• /
• pp.5653-5672
• /
• 2019

In cloud computing era, an increasing number of resource-constrained users outsource their data to cloud servers. Due to the untrustworthiness of cloud servers, it is important to ensure the integrity of outsourced data. However, most of existing solutions still have challenging issues needing to be addressed, such as the identity privacy protection of users, the traceability of users, the supporting of dynamic user operations, and the publicity of auditing. In order to tackle these issues simultaneously, in this paper, we propose a traceable dynamic public auditing scheme with identity privacy preserving for cloud storage. In the proposed scheme, a single user, including a group manager, is unable to know the signer's identity. Furthermore, our scheme realizes traceability based on a secret sharing mechanism and supports dynamic user operations. Based on the security and efficiency analysis, it is shown that our scheme is secure and efficient.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.43-53
• /
• 2019

Recently, a number of military intranet infiltrations suspected of North Korea have been discovered. There was a problem that a vulnerability could occur due to the modification of user authentication data that can access existing military information systems. In this paper, we applied mutual verification technique and API (Application Programming Interface) forgery / forgery blocking and obfuscation to solve the authentication weakness in web browsers that comply with FIDO (Fast IDentity Online) standard. In addition, user convenience is improved by implementing No-Plugin that does not require separate program installation. Performance tests show that most browsers perform about 0.1ms based on the RSA key generation rate. In addition, it proved that it can be used for commercialization by showing performance of less than 0.1 second even in the digital signature verification speed of the server. The service is expected to be useful for improving military information system security as an alternative to browser authentication by building a web secure storage.

• Journal of Korean Society of Water and Wastewater
• /
• v.29 no.3
• /
• pp.337-345
• /
• 2015

Two step rapid filter system as a pre-treatment for the injected water into aquifer storage and recovery (ASR) in Korea was developed to reduce physical blockage and secure the volume of the injected water. First, single rapid sand filters with three different media sizes (0.4~0.7, 0.7~1.0 and 1.0~1.4 mm) were tested. Only two sizes (0.4~0.7 and 0.7~1.0 mm) satisfied target turbidity, below 1.0 NTU. However, they showed the fast head loss. To prevent the fast head loss and secure the volume of the injected water, a rapid anthracite filter with roughing media size (2.0~3.4 mm) were installed before a single rapid sand filter. As results, both the target turbidity and reduction of head loss were achieved. It was determined that the media size for a rapid sand filter in two step rapid filter system (i.e. a rapid anthracite filter before a rapid sand filter) was 0.7~1.0 mm. In addition, the effects of coagulant doses on the removal of natural organic matter (NOM), which might cause a biological clogging, were preliminarily evaluated, and the values of $UV_{254}$, dissolved organic carbon (DOC) and SUVA were interpreted.