• Communications of the Korean Mathematical Society
• /
• v.24 no.1
• /
• pp.153-159
• /
• 2009

In this paper, we analyze a dynamic threshold decryption scheme proposed by Long et al. It was claimed that the scheme allows to renew the master key, or to add/remove or update a decryption server, without leaking any information on the master key and changing other decryption server's secret keys. We present an attack to Long et al's scheme by using the fact that it renews a decryption server's secret key without changing other decryption server's secret shares.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.7
• /
• pp.3733-3755
• /
• 2019

E-cash has its merits comparing with other payment modes. However, there are two problems, which are how to achieve practical/complete tracing and how to achieve it in compact E-cash. First, the bank and the TTP (i.e., trusted third party) have different duties and powers in the reality. Therefore, double-spending tracing is bank's task, while unconditional tracing is TTP's task. In addition, it is desirable to provide lost-coin tracing before they are spent by anyone else. Second, compact E-cash is an efficient scheme, but tracing the coins from double-spender without TTP results in poor efficiency. To solve the problems, we present a compact E-cash scheme. For this purpose, we design an embedded structure of knowledge proof based on a new pseudorandom function and improve the computation complexity from O(k) to O(1). Double-spending tracing needs leaking dishonest users' secret knowledge, but preserving the anonymity of honest users needs zero-knowledge property, and our special knowledge proof achieves it with complete proofs. Moreover, the design is also useful for other applications, where both keeping zero-knowledge and leaking information are necessary.

• Journal of Internet Computing and Services
• /
• v.11 no.6
• /
• pp.87-110
• /
• 2010

Recently competitive Korean companies are suffered from financial loss due to illegal exposure of their own proprietary know-how secrets, since it is difficult to watch hidden illegal channels to leak them due to their digitalization. Today the DRM-based system designed to protect such secrets is insufficient to prevent it, since DRM-based protection system cannot defend the intelligent robbery of secrets, in special, employee's robbery. The MSEC is much appropriate to secure secrets against employee's robbery. Our paper notes that IGMP, MSEC and SNMP can work easily together to realize secure system that satisfy strong security condition for prevention from leaking secrets. Since the previous research was on the architectural design for prevention of illegal exposure, this paper proposes the efficient protocol based on MSEC protocol. Our protocol satisfies the strong security conditions that the principles that the secret should be stored/distributed only in an encrypted shape, and should be separated physically from its encryption key, and should be carried in registered mobile storage separate from its processing device, and should be verified in terms of both user and device. Thus this paper proposes both the protocol for secret document distribution and its group key management.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.719-731
• /
• 2012

One of the most important point in the Internet crime investigation is tracing back and pointing out a criminal host. However, criminals can forge a crime record stored in the crime host, or can utilize malicious applications in order not to leave a crime record. In addition, criminals can change the source IP address of a crime host and deny their involvement. In this study, we suggests the Network Forensic Evidence Generation and Verification Scheme (NFEGVS) to rectify the current limitation of Network Forensic technologies. This scheme can prove who and when the crime has occurred. In addition, this prevents leaking of symmetric key for guaranteeing certification and integrity of Forensic Evidence by proposing the Timestamp Secret Key Distribution Scheme, and minimizes performance degradation of router when generating forensic evidence with the Flow-Based Selection Scheme. In this paper, we implement the proposed scheme and evaluate overall performance of the proposed system.

• Convergence Security Journal
• /
• v.15 no.6_1
• /
• pp.69-78
• /
• 2015

Methods that industrial spies use to smuggle core technology out are becoming more intelligent, technological, and complex, thus resulting in more serious damages. In particular, defense industries in which involve national core technology as well as institutions including labor force are industries that are in a greater need of the convergence security. Defense Industry develops, experiments, and produces defense security supplies for national security protection. Defense industry involves a number of security elements such as military secret, industrial secret, core technology labor force, defense industry supply, critical national facility, and information communication system. Defense industry security is a complex of military security and industrial security which is convergence security that integrates all security elements of defense industry. Therefore, defense industry security is a typical ideal model for convergence security. Research on defense industry security is relatively insufficient compared to research of security in other industrial fields. In order to prevent core technology of denfese industry from leaking and to protect technical professionals and institutions, research and action on defense industry security from convergence security perspective are therefore essential at this point of time.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2013.07a
• /
• pp.173-175
• /
• 2013

본 논문에서는 정보통신망 이용촉진 및 정보보호 등의 관한 법률에서 '타인'의 범위에 관한 해석을 논점으로 삼고 있다. 대법원은 위 법 제49조의 '타인'의 범위에 관한 해석에서 생존한 사람뿐만 아니라 사망한 자도 포함하여 해석하고 있다. 물론 동법의 사자(死者)도 정보통신망의 안정성과 정보의 신뢰성 확보를 위해 포섭하여 해석할 수 있다는 견해가 존재할 수 있지만 형법 및 형사특별법은 죄형법정주의라는 이념상 허용될 수 없다는 견해가 타당하다. 형사법의 해석은 형벌이라는 가혹한 법률효과를 예정하고 있으므로 형벌법규의 해석은 엄격해야 하고 명문규정의 의미를 피고인에게 불리한 방향으로 확장해석하거나 유추해석을 해서는 안된다. 만약 동법 제49조의 '타인'의 범위에 사자(死者)를 포함한다면 법률해석의 방법인 문리해석, 논리해석, 목적론적 해석, 헌법 합치적 해석에도 반하므로 동법에서 '타인'의 범위에 사자(死者)를 포함시키고자 한다면 동법의 개정을 통해 법규 수범자에게 예측가능성을 확보할 수 있도록 용어의 분명한 정의규정이 입법을 통해 반영되어야 한다.

• Korean Journal of Social Welfare Studies
• /
• no.37
• /
• pp.199-240
• /
• 2008

This study set out to investigate the adaptation process and experiential structure of those children who went through sexual abuse by looking into their inner worlds in order to understand what kind of meaning sexual abuse had on them. For that, the investigator conducted in-depth interviews with 13 children aged 8~16 who lived at the shelter after experiencing sexual abuse. The methodology of Grounded Theory by Strauss and Corbin(1990) was used to analyze raw data. The analysis results indicate that the core theme of the adaptation process among the children living at the shelter after sexually abused by kin and kith was "hoping to appear the same as others." According to the results, the core phenomenon was "blaming the victims." The causal conditions include "broken families," "antihuman sexual abuse," "making sexual abuse a public issue," and "the trap of the family." The contextual conditions include "the chain named family," "family as the last fortress" and "structural enforcement of silence." The intervening strategies was "dual emotions toward the shelter." The action/interaction strategies include "aftermath of violence" and "trying to escape." The consequences were "preparation for the future" and "uncertain future." The identified stages include the confusion, keeping the secret, leaking the secret to others, intervention by others, social support and challenge and adjustment stage. The three identified types were "withdrawal and avoidance," "settling down in reality" and "overcoming and challenging." Based on the analysis results, discussions were made about the social welfare plans and intervention strategies in the conclusion.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.1
• /
• pp.266-286
• /
• 2022

Public key encryption with keyword search (PEKS) allows a user to make search on ciphertexts without disclosing the information of encrypted messages and keywords. In practice, cryptographic operations often occur on insecure devices or mobile devices. But, these devices face the risk of being lost or stolen. Therefore, the secret keys stored on these devices are likely to be exposed. To handle the key exposure problem in PEKS, the notion of key-updatable PEKS (KU-PEKS) was proposed recently. In KU-PEKS, the users' keys can be updated as the system runs. Nevertheless, the existing KU-PEKS framework has some weaknesses. Firstly, it can't update the keyword ciphertexts on the storage server without leaking keyword information. Secondly, it needs to send the search tokens to the storage server by secure channels. Thirdly, it does not consider the search token security. In this work, a new PEKS framework named key-updatable and ciphertext-sharable PEKS (KU-CS-PEKS) is devised. This novel framework effectively overcomes the weaknesses in KU-PEKS and has the ciphertext sharing function which is not supported by KU-PEKS. The security notions for KU-CS-PEKS are formally defined and then a concrete KU-CS-PEKS scheme is proposed. The security proofs demonstrate that the KU-CS-PEKS scheme guarantees both the keyword ciphertext privacy and the search token privacy. The experimental results and comparisons bear out that the proposed scheme is practicable.

• The Journal of the Korea Contents Association
• /
• v.5 no.3
• /
• pp.9-17
• /
• 2005

Recently, there are rapid development of information and communication technology and rapid growing of e-business users. We propose a method for security problem on the internet environment which changes from wire internet to wireless internet or wire/ wireless internet. Wireless e-business adopts credit card WPP protocol and AIP protocol proposed by ASPeCT. WAP, one of the protocol used by WPP has weakness of leaking out information from WG which connected wire and wireless communication. Certification chain based AIP protocol requires a lot of computation time and user IDs are known to others. We propose a Micro-Payment protocol based on credit card. Our protocol use the encryption techniques of the public key with ID to ensure the secret of transaction in the step of session key generation. IDs are generated using ECC based Weil pairing. We also use the certification with hidden electronic sign to transmit the payment result. The proposed protocol also solves the privacy protection and Non-repudiation problem.

• Journal of Industrial Convergence
• /
• v.22 no.2
• /
• pp.63-71
• /
• 2024

Conventional methods like PIN used in conventional smartphone form factor have not considered the variation in display structure or screen size. As a result, when applied to recent variable display-based smartphones, the secret information input unit may get reduced or enlarged, leading to vulnerabilities for social engineering attacks due to deformation of the display area. This study proposes a secure keypad that responds to changes in display size in rollable and bendable smart phones. Firstly, the security problems that may arise when applying classical authentication methods to new form factors were analyzed, and corresponding security requirements were derived. The proposed security keypad addresses the key input error problem that can occur when the screen size is small. The arrangement and size of keys can be deformed with the spacing suitable for input depending on the display size of rollable and bendable smartphones. The study also considered the problem of leaking input information for social engineering attacks by irregularly distributing key input coordinates. The proposed method provides better user experience and security than existing methods and can be used in smartphones of various sizes and shapes.