• Journal of KIISE:Information Networking
• /
• v.31 no.3
• /
• pp.252-258
• /
• 2004

In this paper, we propose a new authenticated key exchange protocol in which client and sever can mutually authenticate and establish a session key over an insecure channel using only a human memorable password. The proposed protocol is based on Diffie-Hellman scheme and has many of desirable security attributes: It resists off-line dictionary attacks mounted by either Passive or active adversaries over network, allowing low-entropy Passwords to be used safely. It also offers perfect forward secrecy, which protects past sessions when passwords are compromised. In particular, the advantage of our scheme is that it is secure against an impersonation attack, even if a server's password file is exposed to an adversary. The proposed scheme here shows that it has better performance when compared to the previous notable password-based key exchange methods.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.12
• /
• pp.2695-2701
• /
• 2012

We need privacy protection protocols, that satisfy three essential security requirements; confidentiality, indistinguishability and forward security, in order to protect user's privacy in RFID system. The hash-chain based protocol that Ohkubo et. al proposed is the most secure protocol, that satisfies all of the essential security requirements, among existing protocols. But, this protocol has a disadvantage that it takes very long time to identify a tag in the back-end server. In this paper, we propose a scheme to keep security just as it is and to reduce computation time for identifying a tag in back-end server. The proposed scheme shows the results that the identification time in back-end server is reduced considerably compared to the hash-chain based protocol.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.10
• /
• pp.5219-5243
• /
• 2019

In electronic ticketing system, the malicious behavior of scalpers damages the customer's interest and disturbs the normal order of market. In order to solve the problem of scalpers, we took two steps. Firstly, we established the electronic ticketing system based on the consortium blockchain (CB-ETS). By establishing CB-ETS, we can make the ticketing market develop better in a controlled environment and be managed by the members in the consortium blockchain. Secondly, we put forward a kind of taxation mechanism for suppressing scalpers based on CB-ETS. Together with the regulatory mechanism, our scheme can effectively reduce the scalpers' profits and further inhibit scalpers. Through the above two steps, the scheme can effectively resist the malicious behavior of scalpers. Among them, in the process of transferring tickets, we optimized the transfer mechanism to achieve a win-win situation. Finally, we analyzed the security and efficiency of our scheme. Our scheme realizes the anonymity through the mixed currency protocol based on ring signature and guarantees the unforgeability of tickets by multi-signature in the process of modifying the invalidity of tickets. It also could resist to Dos attacks and Double-Spending attacks. The efficiency analysis shows that our scheme is significantly superior to relevant works.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.12
• /
• pp.5895-5901
• /
• 2011

This paper shows that a scheme provided by An[7] is not enough to satisfy security requirements for a user certification using a password-based smart card. In order to compensate this weakness, this study provides an improved user scheme with a hash function and ElGamal signature. This new scheme has some advantages protecting password guessing attack, masquerade, and replay attack as well as providing forward secrecy. Compared to An's certification scheme, this scheme suggests that the effect of computational complexity is similar but the efficiency of safety is better.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.13 no.4
• /
• pp.577-585
• /
• 2010

The Military Tactical Communication technology for effective network-centric warfare is developing. Targeting broadband wireless transmission, core technology for connection, and Transmission technology that secure survivability under High-speed Movement environment. On the one hand, Tactical data communication system that reflects military characteristic is developing on the base of Legacy communication equipment which is used in the field. Because almost every military units in the field have used voice to communicate which lower efficiency of operation, they have made effort to Substitute voice communication which delays military Operation Tempo to digital communication. The Communications environment of troops in Forward edge of battle field area is very poor. Especially in terms of limited frequency allocation and bandwidth. Therefore, improving the efficiency of frequency is essential for Military Tactical Communication. This paper is about The Data Compression Method for increase of Efficiency in Tactical Data Communication over Legacy Radios which are UHF, VHF, HF Radio. I proposed and proved the most efficient Data Compression Method that reflects military characteristic, after analyzing the experimentation, which simulate CAS(Close Air Support mission) data transmission between Pilot and TACP.

• The KIPS Transactions:PartB
• /
• v.9B no.5
• /
• pp.517-522
• /
• 2002

Mobile agent systems offer a new paradigm for distributed computation and a one of solution for limitation of existent Client-server model. Mobile agent systems provide interface that can migrate from host to host in a heterogenous network. For secure execution, it must solve security problem of mobile code before. In this paper, we are propose the protocol that applied signature technique and hash chain technique. This protocol enable one to offer forward integrity, non-repudiation, and forgery detection, when mobile agents are perform the task by migrating a network.

• Cross-Cultural Studies
• /
• v.32
• /
• pp.29-61
• /
• 2013

When turning to determining a subject position for the digital age, one may look beyond the invention of its technologies and instead begin with the development of its aesthetic of networked communities, nodal expression, and collaborative identity. Virginia Woolf's The Waves demonstrates this aesthetic in both form and content. In this paper, I will examine the role of collaboration in the form of interdisciplinary composition, arguing that Woolf's use of musical form and dramatic monologue and dialogue structurally secure an investment in collaborative models of expression. Digital texts taut their inherent multimodality, but such compositions are also evident in pre-digital texts. In addition, I will decipher the subject position Woolf puts forward in The Waves by looking closely at how the characters determine their own identity and existence when they are alone, when they interact with one individual, and when they congregate as a group. These are exemplified more specifically in the representations of Rhoda and Bernard as equally refusing to collaborate between a self-defined identity and a group defined identity; Bernard's channeling of Lord Byron while writing a love letter; and Woolf's use of the red carnation as a repeated image of the intertwined nature of the characters' collaborative identity and mutual dependence on one another.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.105-112
• /
• 2003

In this raper, we propose two simple and efficient key agreement protocols, called SEKA-H and SEKA-E, which use a pre-shared password between two parties for mutual authentication and agreeing a common session key. The SEKA-H protocol uses a hash function to verify an agreed session key. The SEKA-E Protocol, a variant of SEKA-H, uses an exponentiation operation in the verification phase. They are secure against the man-in-the-middle attack the password guessing attack and the Denning-Sacco attack and provide the perfect forward secrecy. The SEKA-H protocol is very simple in structure and provides good efficiency compared with other well-known protocols. The SEKA-E protocol is also comparable with the previous protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.59-69
• /
• 2004

Password-based authenticated group key exchange protocols provide a group of user, communicating over a public(insecure) channel and holding a common human-memorable password, with a session key to be used to construct secure multicast sessions for data integrity and confidentiality. In this paper, we present a password-based authenticated group key exchange protocol and prove the security in the random oracle model and the ideal cipher model under the intractability of the decisional Diffie-Hellman(DH) problem and computational DH problem. The protocol is scalable, i.e. constant round and with O(1) exponentiations per user, and provides forward secrecy.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.302-322
• /
• 2021

In the system of ciphertext policy attribute-based encryption (CP-ABE), only when the attributes of data user meets the access structure established by the encrypter, the data user can perform decryption operation. So CP-ABE has been widely used in personal health record system (PHR). However, the problem of key abuse consists in the CP-ABE system. The semi-trusted authority or the authorized user to access the system may disclose the key because of personal interests, resulting in illegal users accessing the system. Consequently, aiming at two kinds of existing key abuse problems: (1) semi-trusted authority redistributes keys to unauthorized users, (2) authorized users disclose keys to unauthorized users, we put forward a CP-ABE scheme that has authority accountability, user traceability and supports arbitrary monotonous access structures. Specifically, we employ an auditor to make a fair ruling on the malicious behavior of users. Besides, to solve the problem of user leaving from the system, we use an indirect revocation method based on trust tree to implement user revocation. Compared with other existing schemes, we found that our solution achieved user revocation at an acceptable time cost. In addition, our scheme is proved to be fully secure in the standard model.