• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.720-737
• /
• 2024

Private set intersection cardinality (PSI-CA) is a typical problem in the field of secure multi-party computation, which enables two parties calculate the cardinality of intersection securely without revealing any information about their sets. And it is suitable for private data protection scenarios where only the cardinality of the set intersection needs to be calculated. However, most of the currently available PSI-CA protocols only meet the security under the semi-honest model and can't resist the malicious behaviors of participants. To solve the problems above, by the application of the variant of Elgamal cryptography and Bloom filter, we propose an efficient PSI-CA protocol with high security. We also present two new operations on Bloom filter called IBF and BIBF, which could further enhance the safety of private data. Using zero-knowledge proof to ensure the safety under malicious adversary model. Moreover, in order to minimize the error in the results caused by the false positive problem, we use Garbled Bloom Filter and key-value pair packing creatively and present an improved PSI-CA protocol. Through experimental comparison with several existing representative protocols, our protocol runs with linear time complexity and more excellent characters, which is more suitable for practical application scenarios.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.3
• /
• pp.1502-1522
• /
• 2019

Leakage of secret keys may be the most devastating problem in public key cryptosystems because it means that all security guarantees are missing. The forward security mechanism allows users to update secret keys frequently without updating public keys. Meanwhile, it ensures that an attacker is unable to derive a user's secret keys for any past time, even if it compromises the user's current secret key. Therefore, it offers an effective cryptographic approach to address the private key leakage problem. As an extension of the forward security mechanism in certificate-based public key cryptography, forward-secure certificate-based signature (FS-CBS) has many appealing merits, such as no key escrow, no secure channel and implicit authentication. Until now, there is only one FS-CBS scheme that does not employ the random oracles. Unfortunately, our cryptanalysis indicates that the scheme is subject to the security vulnerability due to the existential forgery attack from the malicious CA. Our attack demonstrates that a CA can destroy its existential unforgeability by implanting trapdoors in system parameters without knowing the target user's secret key. Therefore, it is fair to say that to design a FS-CBS scheme secure against malicious CAs without lying random oracles is still an unsolved issue. To address this problem, we put forward an enhanced FS-CBS scheme without random oracles. Our FS-CBS scheme not only fixes the security weakness in the original scheme, but also significantly optimizes the scheme efficiency. In the standard model, we formally prove its security under the complexity assumption of the square computational Diffie-Hellman problem. In addition, the comparison with the original FS-CBS scheme shows that our scheme offers stronger security guarantee and enjoys better performance.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.9 no.1
• /
• pp.87-93
• /
• 2013

MANET has the advantage of having the flexibility to build easily a network in a difficult situation that builds a wired network. But, data transmission errors by movement of nodes and eavesdropping by wireless communications have become a problem of security. Authentication service is the most essential in order to overcome these problems and operate network stably. In this paper, we propose 3-tiers authentication structure to exclude of malicious node and operate stable network through more systematic and thorough node authentication. After network is composed into a cluster, cluster head which play CA role is elected. Among these, the highest-CA is elected. The highest-CA receives certificates to cluster head and the cluster head evaluates trust value of their member nodes. Authentication technique which issues member node key is used. We compared PSS and experimented to evaluate performance of proposed scheme in this paper and efficiency of the proposed technique through experience was confirmed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.4B
• /
• pp.713-720
• /
• 2010

Lately, IPTV is in the limelight using a broadband information service to provide video content and broadcast services. Current IPTV system is combining CAS and DRM system for VOD contents to protect transmitting contents and authentication, but it has drawbacks such as system's complexity and high construction costs. Multicast DRM system emerged as a method to improve them, but, in the multicast DRM system, if the key is intercepted by a malicious user, it can be viewed by an unauthorized user of illegal broadcasting which can be a problem. In this paper, we suggest to protect content from a malicious user by applying the techniques using user authentication in the multicast DRM system.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.1
• /
• pp.35-43
• /
• 2018

MANET composed of only wireless nodes is increasingly utilized in various fields. However, it is exposed to many security vulnerabilities because it doesn't have any infrastructure and transmits data by using multi-hop method. Therefore, MANET should be applied the intrusion detection technique that can detect efficiently malicious nodes and decrease impacts of various attacks. In this paper, we propose a distributed intrusion detection technique that can detect the various attacks while improving the efficiency of attack detection and reducing the false positive rate. The proposed technique uses the cluster structure to manage the information in the center and monitor the traffic of their neighbor nodes directly in all nodes. We use three parameters for attack detection. We also applied an efficient authentication technique using only key exchange without the help of CA in order to provide integrity when exchanging information between cluster heads. This makes it possible to free the forgery of information about trust information of the nodes and attack nodes. The superiority of the proposed technique can be confirmed through comparative experiments with existing intrusion detection techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.59-69
• /
• 2005

Ad hoc network is the network which can be considered without a pre-constructed infrastructure, and a mobile node can join the network freely. However, the participation of the mobile nodes to the ad hoc network brings up much burden of re-computation for new routes, because it leads to losing the connection frequently. And, also, it causes serious security problem to be broadcasted wrong information by the malicious user. Therefore, it needs authentication against the mobile nodes. To make that Possible, we have two methods: single CA and distributed CA. In the case of CA method, the wireless network can be collapsed owing to expose the CA, but still the distributed CA method is a little more safe than previous one because it needs attacks toward a lot of CAs to collapse the network We can consider Secret Share scheme as the method that constructs the distributed CA system, but it is weak when the network size is too large. In this paper, we suggest hierarchical structure for the authentication method to solve this problem, and we will show the results of simulation for this suggestion.

• Journal of IKEEE
• /
• v.22 no.3
• /
• pp.774-779
• /
• 2018

This paper presents fragile watermark system using quantization and DC coefficients. It is a way to prevent the watermark fro, being detected if the original has been modified in any way. In other words, the detection of a watermark ca be said to be originality after the watermark is inserted, without any damage. Since lossy compression such as JPEG is often allowed or required in practical applications, authentication methods, authentication methods should be distinguished from malicious modifications such as image shifting, cropping, filtering, and replacement. The proposed algorithm implements a fragile watermarking algorithm that shows image authentication with JPEC compression and the watermark easily breaks other malicious variants.

• The KIPS Transactions:PartC
• /
• v.16C no.1
• /
• pp.21-26
• /
• 2009

Presently, the demand for IPTV, to satisfy a variety of goals, is exploding. IPTV is coming into the spotlight as a killer application in upcoming IP convergence networks such as triple play which is the delivery of voice, internet, and video service to a subscriber. IPTV utilizes CAS, which controls the subscriber access to content for a profit. Although the current CAS scheme provides access control via subscriber authentication, there is no authentication scheme for the content transmitted from service providers. Thus, there is a vulnerability of security, through which an adversary can forge content between the service provider and subscribers and distribute malicious content to subscribers. In this paper, based on a hash tree scheme, we proposed efficient and strong source authentication protocols which remove the vulnerability of the current IPTV system. We also evaluate our protocol from a view of IPTV requirements.