• Title/Summary/Keyword: public key cryptography

Search Result 241, Processing Time 0.04 seconds

Efficient and Secure Identity-Based Public Auditing for Dynamic Outsourced Data with Proxy

  • Yu, Haiyang;Cai, Yongquan;Kong, Shanshan;Ning, Zhenhu;Xue, Fei;Zhong, Han
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.11 no.10
    • /
    • pp.5039-5061
    • /
    • 2017
  • Cloud storage becomes a new trend that more and more users move their data to cloud storage servers (CSSs). To ensure the security of cloud storage, many cloud auditing schemes are proposed to check the integrity of users' cloud data. However, most of them are based on public key infrastructure, which leads to complex certificates management and verification. Besides, most existing auditing schemes are inefficient when user uploads a large amount of data or a third party auditor (TPA) performs auditing for multiple users' data on different CSSs. To overcome these problems, in this paper, we propose an efficient and secure auditing scheme based on identity-based cryptography. To relieve user's computation burden, we introduce a proxy, which is delegated to generate and upload homomorphic verifiable tags for user. We extend our auditing scheme to support auditing for dynamic data operations. We further extend it to support batch auditing in multiple users and multiple CSSs setting, which is practical and efficient in large scale cloud storage system. Extensive security analysis shows that our scheme is provably secure in random oracle model. Performance analysis demonstrates that our scheme is highly efficient, especially reducing the computation cost of proxy and TPA.

Secure NTRU-based Authentication and Key Distribution Protocol in Quantum Computing Environments (양자 컴퓨팅 환경에 안전한 NTRU 기반 인증 및 키 분배 프로토콜)

  • Jeong, SeongHa;Lee, KyungKeun;Park, YoungHo
    • Journal of Korea Multimedia Society
    • /
    • v.20 no.8
    • /
    • pp.1321-1329
    • /
    • 2017
  • A quantum computer, based on quantum mechanics, is a paradigm of information processing that can show remarkable possibilities of exponentially improved information processing. This paradigm can be solved in a short time by calculating factoring problem and discrete logarithm problem that are typically used in public key cryptosystems such as RSA(Rivest-Shamir-Adleman) and ECC(Elliptic Curve Cryptography). In 2013, Lei et al. proposed a secure NTRU-based key distribution protocol for quantum computing. However, Lei et al. protocol was vulnerable to man-in-the-middle attacks. In this paper, we propose a NTRU(N-the truncated polynomial ring) key distribution protocol with mutual authentication only using NTRU convolution multiplication operation in order to maintain the security for quantum computing. The proposed protocol is resistant to quantum computing attacks. It is also provided a secure key distribution from various attacks such as man-in-the middle attack and replay attack.

A Multi-Stage Encryption Technique to Enhance the Secrecy of Image

  • Mondal, Arindom;Alam, Kazi Md. Rokibul;Ali, G.G. Md. Nawaz;Chong, Peter Han Joo;Morimoto, Yasuhiko
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.5
    • /
    • pp.2698-2717
    • /
    • 2019
  • This paper proposes a multi-stage encryption technique to enhance the level of secrecy of image to facilitate its secured transmission through the public network. A great number of researches have been done on image secrecy. The existing image encryption techniques like visual cryptography (VC), steganography, watermarking etc. while are applied individually, usually they cannot provide unbreakable secrecy. In this paper, through combining several separate techniques, a hybrid multi-stage encryption technique is proposed which provides nearly unbreakable image secrecy, while the encryption/decryption time remains almost the same of the exiting techniques. The technique consecutively exploits VC, steganography and one time pad (OTP). At first it encrypts the input image using VC, i.e., splits the pixels of the input image into multiple shares to make it unpredictable. Then after the pixel to binary conversion within each share, the exploitation of steganography detects the least significant bits (LSBs) from each chunk within each share. At last, OTP encryption technique is applied on LSBs along with randomly generated OTP secret key to generate the ultimate cipher image. Besides, prior to sending the OTP key to the receiver, first it is converted from binary to integer and then an asymmetric cryptosystem is applied to encrypt it and thereby the key is delivered securely. Finally, the outcome, the time requirement of encryption and decryption, the security and statistical analyses of the proposed technique are evaluated and compared with existing techniques.

A Lightweight Hardware Implementation of ECC Processor Supporting NIST Elliptic Curves over GF(2m) (GF(2m) 상의 NIST 타원곡선을 지원하는 ECC 프로세서의 경량 하드웨어 구현)

  • Lee, Sang-Hyun;Shin, Kyung-Wook
    • Journal of IKEEE
    • /
    • v.23 no.1
    • /
    • pp.58-67
    • /
    • 2019
  • A design of an elliptic curve cryptography (ECC) processor that supports both pseudo-random curves and Koblitz curves over $GF(2^m)$ defined by the NIST standard is described in this paper. A finite field arithmetic circuit based on a word-based Montgomery multiplier was designed to support five key lengths using a datapath of fixed size, as well as to achieve a lightweight hardware implementation. In addition, Lopez-Dahab's coordinate system was adopted to remove the finite field division operation. The ECC processor was implemented in the FPGA verification platform and the hardware operation was verified by Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol operation. The ECC processor that was synthesized with a 180-nm CMOS cell library occupied 10,674 gate equivalents (GEs) and a dual-port RAM of 9 kbits, and the maximum clock frequency was estimated at 154 MHz. The scalar multiplication operation over the 223-bit pseudo-random elliptic curve takes 1,112,221 clock cycles and has a throughput of 32.3 kbps.

A Security Architecture for ID-Based Cryptographic Schemes in Ad Hoc Networks (Ad Hoc 네트워크에서 신원기반 암호기법을 위한 보안구조 설계)

  • Park Young-Ho;Rhee Kyung-Hyune
    • Journal of Korea Multimedia Society
    • /
    • v.8 no.7
    • /
    • pp.974-987
    • /
    • 2005
  • As the ad hoc networks have been received a great deal of attention to not only the military but also the industry applications, some security mechanisms are required for implementing a practical ad hoc application. In this paper, we propose a security architecture in ad hoc networks for the purpose of supporting ID-based public key cryptosystems because of the advantage that ID-based schemes require less complex infrastructure compared with the traditional public key cryptosystems. We assume a trusted key generation center which only issues a private key derived from IDs of every nodes in the system setup phase, and use NIL(Node ID List) and NRL(Node Revocation List) in order to distribute the information about IDs used as public keys in our system. Furthermore, we propose a collaborative status checking mechanism that is performed by nodes themselves not by a central server in ad-hoc network to check the validity of the IDs.

  • PDF

A Scalable and Practical Authentication Protocol in Mobile IP (Mobile IP에서 확장성과 실용성 있는 인증 프로토콜 제안 및 분석)

  • Lee, Yong;Lee, Goo-Yeon
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.42 no.11
    • /
    • pp.35-44
    • /
    • 2005
  • In Mobile IP protocol, because a mobile node still uses its home IP address even though it moves to foreign network from home network, authentication among mobile node, foreign network and home network is critical issue. Many researches about this issue have been based on shared secret, for example mobile node and home agent authenticate each other with pre-shared symmetry key. And they missed several security issues such as replay attack. Although public key scheme could be applied to this issue easily, since the public key cryptography is computationally complicated, it still has the problem that it is not practical to realistic environment. In this paper, we describe several security issues in Mobile IP protocol. And we propose new Mobile IP authentication protocol that is applicable to realistic environment using public key algorithm based on certificate. It has scalability for mobile nodes and is applicable to the original Mobile IP protocol without any change. Finally we prove security of the proposed protocol and that it might not affect performance of the original Mobile IP protocol.

Isonumber based Iso-Key Interchange Protocol for Network Communication

  • Dani, Mamta S.;Meshram, Akshaykumar;Pohane, Rupesh;Meshram, Rupali R.
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.2
    • /
    • pp.209-213
    • /
    • 2022
  • Key exchange protocol (KEP) is an essential setup to secure authenticates transmission among two or more users in cyberspace. Digital files protected and transmitted by the encryption of the files over public channels, a single key communal concerning the channel parties and utilized for both to encrypt the files as well as decrypt the files. If entirely done, this impedes unauthorized third parties from imposing a key optimal on the authorized parties. In this article, we have suggested a new KEP term as isokey interchange protocol based on generalization of modern mathematics term as isomathematics by utilizing isonumbers for corresponding isounits over the Block Upper Triangular Isomatrices (BUTI) which is secure, feasible and extensible. We also were utilizing arithmetic operations like Isoaddition, isosubtraction, isomultiplication and isodivision from isomathematics to build iso-key interchange protocol for network communication. The execution of our protocol is for two isointegers corresponding two elements of the group of isomatrices and cryptographic performance of products eachother. We demonstrate the protection of suggested isokey interchange protocol against Brute force attacks, Menezes et al. algorithm and Climent et al. algorithm.

BACS : An Experimental Study For Access Control System In Public Blockchain (BACS : 퍼블릭 블록체인 접근 통제 시스템에 관한 실험적 연구)

  • Han, Sejin;Lee, Sunjae;Lee, Dohyeon;Park, Sooyoung
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.20 no.1
    • /
    • pp.55-60
    • /
    • 2020
  • In this paper, we propose an access control system using cryptography as a method to protect personal data in public blockchain. The proposed system is designed to encrypt data according to the access policy, store it in the blockchain, and decrypt only the person who satisfy the access policy. In order to improve performance and scalability, an encryption mechanism is implemented outside the blockchain. Therefore, data access performance could be preserved while cryptographic operations executed Furthermore it can also improve the scalability by adding new access control modules while preserving the current configuration of blockchain network. The encryption scheme is based on the attribute-based encryption (ABE). However, unlike the traditional ABE, the "retention period", is incorporated into the access structure to ensure the right to be forgotten. In addition, symmetric key cryptograpic algorithms are used for the performance of ABE. We implemented the proposed system in a public blockchain and conducted the performance evaluation.

Handover Protocol for Mobility Support in Ubiquitous Sensor Network (USN에서의 이동성을 위한 핸드오버 인증 프로토콜)

  • Bruce, Ndibanje;Kim, TaeYong;Lee, HoonJae
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • 2012.07a
    • /
    • pp.203-206
    • /
    • 2012
  • The System of communication with wireless devices is experiencing a huge growth. While traditional communication paradigms deal with fixed networks, mobility raises a new set of questions, techniques, and solutions. In order to realize service mobility, there is a need of protocol that can support mobility while nodes are communicating without any disruption of their connection status. This paper proposes a handover authentication protocol for mobility support. Careful considerations must be taken in priority to security issues since many unreliable public and private resources; both networks and devices are involved. The protocol is based on public key cryptography with Diffie-Hellman algorithm which provides security against both leakage-resilience of private keys on untrustworthy devices and forward secrecy.

  • PDF

Password-Based Authentication Protocol for Remote Access using Public Key Cryptography (공개키 암호 기법을 이용한 패스워드 기반의 원거리 사용자 인증 프로토콜)

  • 최은정;김찬오;송주석
    • Journal of KIISE:Information Networking
    • /
    • v.30 no.1
    • /
    • pp.75-81
    • /
    • 2003
  • User authentication, including confidentiality, integrity over untrusted networks, is an important part of security for systems that allow remote access. Using human-memorable Password for remote user authentication is not easy due to the low entropy of the password, which constrained by the memory of the user. This paper presents a new password authentication and key agreement protocol suitable for authenticating users and exchanging keys over an insecure channel. The new protocol resists the dictionary attack and offers perfect forward secrecy, which means that revealing the password to an attacher does not help him obtain the session keys of past sessions against future compromises. Additionally user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the server. It does not have to resort to a PKI or trusted third party such as a key server or arbitrator So no keys and certificates stored on the users computer. Further desirable properties are to minimize setup time by keeping the number of flows and the computation time. This is very useful in application which secure password authentication is required such as home banking through web, SSL, SET, IPSEC, telnet, ftp, and user mobile situation.