• Journal of KIISE
• /
• v.44 no.4
• /
• pp.344-351
• /
• 2017

An attribute based signature system is a cryptographic system where users produce signatures based on some predicate of attributes, using keys issued by one or more attribute authorities. If a private key is leaked during signature generation, the signature can be forged. Therefore, signing operation computations should be performed using secure hardware, which is called tamper resistant hardware in this paper. However, since tamper resistant hardware does not provide high performance, it cannot perform many operations requiring attribute based signatures in a short time frame. This paper proposes a new attribute based signature system using high performance general hardware and low performance tamper resistant hardware. The proposed signature scheme consists of two signature schemes within a existing attribute based signature scheme and a digital signature scheme. In the proposed scheme, although the attribute based signature is performed in insecure environments, the digital signature scheme using tamper resistant hardware guarantees the security of the signature scheme. The proposed scheme improves the performance by 11 times compared to the traditional attribute based signature scheme on a system using only tamper resistant hardware.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.1
• /
• pp.78-87
• /
• 2009

An attribute-based signature scheme is a signature scheme where a signer's private key is associate with an attribute set and a signature is associated with an access structure. Attribute-based signature schemes are useful to provide anonymity and access control for role-based systems and attribute-based systems where an identity of object is represented as a set of roles or attributes. In this paper, we formally define the definition of attribute-based signature schemes and propose the first efficient attribute-based signature scheme that requires constant number of pairing operations for verification where a policy is represented as a disjunctive normal form (DNF). To construct provably secure one, we introduce a new interactive assumption and prove that our construction is secure under the new interactive assumption and the random oracle model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.4
• /
• pp.1516-1528
• /
• 2015

We introduce attribute set based signature (ASBS), a new cryptographic primitive which organizes user attributes into a recursive set based structure such that dynamic constraints can be imposed on how those attributes may be combined to satisfy a signing policy. Compared with attribute based signature (ABS), ASBS is more flexible and efficient in managing user attributes and specifying signing policies. We present a practical construction of ASBS and prove its security in the standard model under three subgroup decision related assumptions. Its efficiency is comparable to that of the most efficient ABS scheme.

• Convergence Security Journal
• /
• v.14 no.6_1
• /
• pp.147-155
• /
• 2014

Encryption and authentication system in National Defense is divided into three system; KMI, MPKI, and GPKI. In this paper, we report inherent problem and security threaten in MPKI and propose an attribute-based authentication scheme using attribute-based signature in order to improve user authentication. In our scheme, access structure is used by Monotone Span Program, and system server provides service after user authentication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.31-45
• /
• 2004

Public Key Infrastructure(PKI) provides a strong authentication. Privilege Management Infrastructure(PMI) as a new technology can provide user's attribute information. The main function of PMI is to give more specified authority and role to user. To authenticate net and role, we have used digital signature. Role Based Access Control(RBAC) is implemented by digital signature. RBAC provides some flexibility for security management. NEIS(National Education Information System) can not always provide satisfied quality of security management. The main idea of the proposed RNEIS(Roll Based NEIS) is that user's role is stored in AC, access control decisions are driven by authentication policy and role. Security manager enables user to refer to the role stored in user's AC, admits access control and suggests DB encryption by digital signature.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.647-669
• /
• 2016

Multiple attribute for decision making including user preference will increase the complexity of route selection process. Various approaches have been proposed to solve the optimal route selection problem. In this paper, multi attribute decision making (MADM) algorithms such as Simple Additive Weighting (SAW), Weighted Product Method (WPM), Analytic Hierarchy Process (AHP) method and Total Order Preference by Similarity to the Ideal Solution (TOPSIS) methods have been proposed for acoustic signature based optimal route selection to facilitate user with better quality of service. The traffic density state conditions (very low, low, below medium, medium, above medium, high and very high) on the road segment is the occurrence and mixture weightings of traffic noise signals (Tyre, Engine, Air Turbulence, Exhaust, and Honks etc) is considered as one of the attribute in decision making process. The short-term spectral envelope features of the cumulative acoustic signals are extracted using Mel-Frequency Cepstral Coefficients (MFCC) and Adaptive Neuro-Fuzzy Classifier (ANFC) is used to model seven traffic density states. Simple point method and AHP has been used for calculation of weights of decision parameters. Numerical results show that WPM, AHP and TOPSIS provide similar performance.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.04b
• /
• pp.52-54
• /
• 2004

모바일 환경에서 효과적인 데이터 전송 방법인 브로드 캐스트 기법에서 중요한 문제 중의 하나가 데이터에 대한 인덱스 생성이다. 데이터에 대한 인덱스가 제공되면 클라이언트는 튜닝 타임과 엑세스 타임을 줄일 수 있고, 그와 함께 배터리 소모도 줄일 수 있다 기존에 제시된 인덱스 생성 기법온 대부분 트리 구조를 기반으로 하고 있다. 트리 기반 인덱싱 기법은 튜닝 타임을 최소화하지만, 반면 멀티-어트리뷰트(multi-attribute)에 대한 엑세스나 다양한 종류의 멀티미디어 데이터들 혹은 클러스터링 된 데이터에 대한 인덱스 생성이 어렵다. 이러한 문제를 해결하기 위해 시그너쳐 기반의 인덱싱 기법이 제시되었다. 그러나 기존의 시그너쳐 기반 인덱싱 기법에서는 엑세스 타임이 전체 브로드 캐스트 타임으로 고정되는 문제가 있었다. 본 논문비서는 앞으로 브로드 캐스팅 될 데이터들에 대한 포괄적인 정보를 가지는 시그너쳐 집합을 인덱스로 제공해서 클라이언트의 엑세스 타임을 최소화시키는 시그너쳐 스킴을 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.212-213
• /
• 2023

최근 네트워크 환경에서 통신되는 데이터의 신뢰성을 제공하기 위해 서명기술이 필요하다. 다양한 서명기술들 중 속성기반서명은 사용자들이 가지고 있는 속성을 기반으로 서명을 수행하기 때문에, 각 서명자들의 익명성을 보장할 수 있는 서명기술이다. 하지만 속성기반서명을 수행시 익명성을 악용하는 사용자들이 존재하는데, 이들은 잡히는 위험이 없이 일부 목적(금전, 이익)을 위해 의도적으로 자신의 서명비밀키와 속성을 공개할 수 있다. 서명권한이 없는 제 3자는 이를 이용해 서명을 수행할 수 있다. 본 논문에서는 적절한 수준의 익명성과 추적성이 제공되는 속성기반서명 기법을 제안한다. 본 제안방식은 검증자가 서명 검증시 문제가 생긴 서명에 관해 AA에게 서명을 보낸 서명자의 신원을 요청하여 확인할 수 있다.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.981-992
• /
• 2004

The established NEIS has a lot of problems in the management of security. It does not realize access control in following authority because it only uses PKI certification in user certification and the use of central concentration DBMS and plain text are increased hacking possibility in NEIS. So, This paper suggests a new NEIS for the secure management of data and authority certification. First, we suggest the approached authority in AC pf PMI and user certification in following the role, RBAC. Second, we realize DB encryption plan by digital signature for the purpose of preventig DB hacking. Third, we suggest SQL counterfeit prevention by one-way hash function and safe data transmission per-formed DB encryption by digital signature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.499-510
• /
• 2023

Recently, an intelligent and advanced cyber attack attacks a computer network of a public institution using a file containing malicious code or leaks information, and the damage is increasing. Even in public institutions with various information protection systems, known attacks can be detected, but unknown dynamic and encryption attacks can be detected when existing signature-based or static analysis-based malware and ransomware file detection methods are used. vulnerable to The detection method proposed in this study extracts the detection result data of the system that can detect malicious code and ransomware among the information protection systems actually used by public institutions, derives various attributes by combining them, and uses a machine learning classification algorithm. Results are derived through experiments on how the derived properties are classified and which properties have a significant effect on the classification result and accuracy improvement. In the experimental results of this paper, although it is different for each algorithm when a specific attribute is included or not, the learning with a specific attribute shows an increase in accuracy, and later detects malicious code and ransomware files and abnormal behavior in the information protection system. It is expected that it can be used for property selection when creating algorithms.