• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.7
• /
• pp.2554-2571
• /
• 2014

Certificate-based cryptography is a new cryptographic paradigm that provides an interesting balance between identity-based cryptography and traditional public key cryptography. It not only simplifies the complicated certificate management problem in traditional public key cryptography, but also eliminates the key escrow problem in identity-based cryptography. As an extension of the signcryption in certificate-based cryptography, certificate-based signcryption provides the functionalities of certificate-based encryption and certificate-based signature simultaneously. However, to the best of our knowledge, all constructions of certificate-based signcryption in the literature so far have to be based on the costly bilinear pairings. In this paper, we propose a certificate-based signcryption scheme that does not depend on the bilinear pairings. The proposed scheme is provably secure in the random oracle model. Due to avoiding the computationally-heavy paring operations, the proposed scheme significantly reduces the cost of computation and outperforms the previous certificate-based signcryption schemes.

• Journal of the Korea Society for Simulation
• /
• v.25 no.3
• /
• pp.77-83
• /
• 2016

A new key generation scheme is proposed to support partial encryption and partial decryption of data in cloud computing environment with a minimal key-related traffic overhead. Our proposed scheme employs a concept of hash tree chain to reduce the number of keys that need to be delivered to the decryption node. The performance of the proposed scheme is evaluated through simulation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.1
• /
• pp.437-454
• /
• 2020

According to the privacy regulations of the health insurance portability and accountability act (HIPAA), patients' control over electronic health data is one of the major concern issues. Currently, remote access authorization is considered as the best solution to guarantee the patients' control over their health data. In this paper, a new biometric-based key management scheme is proposed to facilitate remote access authorization anytime and anywhere. First, patients and doctors can use their biometric information to verify the authenticity of communication partners through real-time video communication technology. Second, a safety channel is provided in delivering their access authorization and secret data between patient and doctor. In the designed scheme, the user's public key is authenticated by the corresponding biometric information without the help of public key infrastructure (PKI). Therefore, our proposed scheme does not have the costs of certificate storage, certificate delivery, and certificate revocation. In addition, the implementation time of our proposed system can be significantly reduced.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.32-40
• /
• 2006

It is very important to establish a pairwise key securely in wireless sensor networks. Because sensor networks consist of devices with weak physical security, they are likely to be compromised by an attacker. However, some approaches using key pre-distribution and other approaches using one hop local keys are known to be very vulnerable to threats caused by compromised nodes, even a small number. This paper proposes a scheme where each node establishes three hop local keys and employs them for a later pairwise key establishment. When any two nodes agree a pairwise key, all nodes on the route between two nodes contribute to the agreement of the pairwise key. Here, the initial three hop local keys are employed for encrypting a secret key delivered from a node to other nodes. Therefore, the proposed scheme bothers attackers to compromise much more nodes than the scheme using one hop local keys only. The simulation results have proven that the proposed scheme provides better performance and higher security than the scheme using one hop local keys in terms of message exchange, the number of encryption and decryption, and pairwise key exposure rate.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.5C
• /
• pp.410-419
• /
• 2012

This paper proposes a secure and efficient anonymous authentication scheme for health information push service based on indoor location in hospital. The proposed scheme has the following benefits: (1)It is just based on a secure one-way hash function for avoiding complex computations for both health care operations users and health care centers. (2)It does not require sensitive verification table which may cause health care centers to become an attractive target for numerous attacks(e.g., insertion attacks and stolen-verifier attacks), (3)It provides higher security level (e.g., secure mutual authentication and key establishment, confidential communication, user's privacy, simple key management, and session key independence). As result, the proposed scheme is very suitable for various location-based medical information service environments using lightweight-device(e.g., smartphone) because of very low computation overload on the part of both health care operations users and health care centers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.6
• /
• pp.47-58
• /
• 2002

The access control techniques, which can control unauthorized members to access to multicast service, have not been studied very often while there are a lot of on-going study on secure multicast architecture, multicast key distribution and sender authentication scheme have been studied. Multi level access control scheme in multicast can be used in a remote secure conference or to provide graduated multimedia services to each customers. In fact, multicast network has its own virtual networks according to different security levels. However, Early schemes are not effective when it protects unauthorized access in multi-access network environment. Furthermore this scheme does not provide us with hierarchical access control mechanism. This paper, therefore, proposes hierarchical access control scheme to provide the effectiveness in network layer by security level comparison. And we also suggests hierarchical key distribution scheme for multi level access control in application layer and effective hierarchical key renewal scheme in dynamic multicast environment which is easy to join and leaving the multicast group.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.10
• /
• pp.2493-2500
• /
• 1997

We propose a new key management scheme for multiuser group which is classified as hierarchical structure (sometimes it is called a multilevel security hierarchy) in the symmetric key cryptosystem. The proposed scheme is based on the trapdoor one-way permutations which are generated by the pseudo-random permutation algorithm, and it is avaliable for multilevel hierarchical structure composed of a totally ordered set and a partially ordered set, since it has advantage for time and storage from an implemental point of view. Moreover, we obtain a performance analysis by comparing with the other scheme, and show that the proposed scheme is very efficient for computing time of key generation and memory size of key storage.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.4
• /
• pp.115-123
• /
• 2017

The mutual cooperation among nodes is very important because mobile nodes participating in MANET communicate with limited resources and wireless environment. This characteristic is important especially in environment that supports group communication. In order to support the secure multicast environment, it is important enough to affect performance to provide accurate authentication method for multicast group members and increase the integrity of transmitted data. Therefore, we propose a technique to provide the multicast secure communication by providing efficient authentication and group key management for multicast member nodes in this paper. The cluster structure is used for authentication of nodes in the proposed technique. In order to efficient authentication of nodes, the reliability is measured using a combination of local trust information and global trust information measured by neighboring nodes. And issuing process of the group key has two steps. The issued security group key increases the integrity of the transmitted data. The superiority of the proposed technique was confirmed by comparative experiments.

• ETRI Journal
• /
• v.27 no.5
• /
• pp.595-607
• /
• 2005

The widespread use of the Internet has led to the problem of intellectual property and copyright infringement. Digital rights management (DRM) technologies have been developed to protect digital content items. Digital content can be classified into static content (for example, text or media files) and dynamic content (for example, VOD or multicast streams). This paper deals with the protection of a multicast stream on set-top boxes connected to an IP network. In this paper, we examine the following design and architectural issues to be considered when applying DRM functions to multicast streaming service environments: transparent streaming service and large-scale user environments. To address the transparency issue, we introduce a 'selective encryption scheme'. To address the second issue, a 'key packet insertion scheme' and 'hierarchical key management scheme' are introduced. Based on the above design and architecture, we developed a prototype of a multicasting DRM system. The analysis of our implementation shows that it supports transparent and scalable DRM multicasting service in a large-scale user environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.103-114
• /
• 2007

The existing handover authentication schemes have authentication delay and overhead of the authentication server since they have been separately studied handover authentication at the link layer and the network layer. This paper proposes a handover authentication scheme initiated by Mobile Node on FMIPv6 based mobile access networks. The main idea of the paper is to generate a session key at the mobile node side, and transfer it to the next Access Router through the authentication server. Also, the scheme has a hierarchical key management at access router. There are two advantages of the scheme. First, the generated session key can be utilized for protecting the binding update messages and also for access authentication. Second, hierarchical key management at the access router reduced the handover delay time. The security aspects on the against PFS, PBS, and DoS attack of proposed scheme are discussed.