• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.826-845
• /
• 2017

Outsourcing computation is one of the most important applications in cloud computing, and it has a huge ability to satisfy the demand of data centers. Modular exponentiation computation, broadly used in the cryptographic protocols, has been recognized as one of the most time-consuming calculation operations in cryptosystems. Previously, modular exponentiations can be securely outsourced by using two untrusted cloud servers. In this paper, we present two practical and secure outsourcing modular exponentiations schemes that support only one untrusted cloud server. Explicitly, we make the base and the index blind by putting them into a matrix before send to the cloud server. Our schemes provide better performance in higher efficiency and flexible checkability which support single cloud server. Additionally, there exists another advantage of our schemes that the schemes are proved to be secure and effective without any cryptographic assumptions.

• Communications of the Korean Institute of Information Scientists and Engineers
• /
• v.28 no.12
• /
• pp.67-74
• /
• 2010

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.1
• /
• pp.497-522
• /
• 2018

Fully homomorphic encryption(FHE) scheme may be the best method to solve the privacy leakage problem in the untrusted servers because of its ciphertext calculability. However, the existing FHE schemes are still not being put into the practical applications due to their low efficiency. Therefore, it is imperative to find a more efficient FHE scheme or to optimize the existing FHE schemes so that they can be put into the practical applications. In this paper, we optimize GSW scheme by using the parallel computing, and finally we get a high-performance FHE scheme, namely PGSW scheme. Experimental results show that the time overhead of the homomorphic operations in new FHE scheme will be reduced manyfold with the increasing of processing units number. Therefore, our scheme can greatly reduce the running time of homomorphic operations and improve the performance of FHE scheme through sacrificing hardware resources. It can be seen that our FHE scheme can catalyze the development of FHE.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.736-739
• /
• 2008

Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. This paper presents a novel browser extension, AntiPhish, that aims to protect users against spoofed web site-based phishing attacks. To this end, AntiPhish tracks the sensitive information of a user and generates warnings whenever the user attempts to give away this information to a web site today requires only the server to be hat is considered untrusted.

• Journal of KIISE
• /
• v.43 no.9
• /
• pp.1052-1059
• /
• 2016

A key role in cloud computing systems that is becoming an issue is implementing a database on untrusted cloud servers requiring the complexity of key management. This study proposes a key management system using Self Proxy Servers to minimize key executions and improve the performance of cloud services by generating Self-Creating Algorithms where the data owner is not directly concerned with related keys when a user sends an encrypted database a query. The Self Proxy Server supports active and autonomous key managements as a distributed server if any trouble should arise from a cloud key server and for an efficient cloud key management. Therefore, the key management system provides secure cloud services by supporting confidentiality of a cloud server database.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.63-71
• /
• 2006

In this paper, we propose a secure solution for user authentication by using fingerprint verification on the sensor-client-server model, even with the client that is not necessarily trusted by the sensor holder or the server. To protect possible attacks launched at the untrusted client, our solution makes the fingerprint sensor validate the result computed by the client for the feature extraction. However, the validation should be simple so that the resource-constrained fingerprint sensor can validate it in real-time. To solve this problem, we separate the feature extraction into binarization and minutiae extraction, and assign the time-consuming binarization to the client. After receiving the result of binarization from the client, the sensor conducts a simple validation to check the result, performs the minutiae extraction with the received binary image from the client, and then sends the extracted minutiae to the server. Based on the experimental results, the proposed solution for fingerprint verification can be performed on the sensor-client-server model securely and in real-time with the aid of an untrusted client.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 1997.11a
• /
• pp.161-170
• /
• 1997

SASC(Server-Aided Secret Computation) 프로토콜은 클라이언트(스마트 카드)의 비밀정보를 공개하지 않으면서 서버(untrusted auxiliary device)에게 서명을 생성하는데 도움을 받도록 하는 프로토콜이다. RSA서명을 위한 최초의 SASC 프로토콜은 RSA-S1 으로서 그 실효성이 크기 때문에, 그 후로 SASC 프로토콜에 대한 연구가 많이 이루어져 왔다. 기존의 SASC 프로토콜들의 공통된 접근방식은, 클라이언트의 비밀정보를 서버로부터 감추기 위해, 비밀정보를 여러 조각으로 나누어 일부불만을 서버에게 전달하는 방식이었다. 그러나, 이러 한 접근방식은 클라이언트의 계산량은 줄어들지만 서버의 계산량과 통신량이 너무 많고, 능동적 공격(active attack)에 노출되기 쉽다는 단점을 가진다. 본 논문에서는 이러한 단점을 극복하기 위해 RSA서명 생성을 위한 새로운 방식의 SASC 프로토콜을 제안한다. 본 논문에서 제안하는 방식은 비밀정보를 서버로부터 감추기 위해 비밀정보에 난수들을 곱하거나 더하여 서버에게 전달하는 방식이다. 제안 프로토콜은 능동적 공격에 대해 안전하며, 안전성이 데이타의 개수에 의존하지 않으므로 서버의 계산량과 통신량이 매우 적다. 또한, 클라이언트가 수행해야 할 계산량도 기존 프로토콜들의 43%로 줄게 된다.

• Journal of Korea Game Society
• /
• v.16 no.1
• /
• pp.83-92
• /
• 2016

An online game is a huge distributed system comprised of servers and untrusted clients. In such circumstances, cheaters may employ abnormal behaviors through client modification or network packet tampering. Client-side detection methods have the merit of distributing the burden to clients but can easily be breached. In the other hand, server-side detection methods are trustworthy but consume tremendous amount of resources. Therefore, this paper proposes a security reinforcement method which involves both the client and the server. This method is expected to provide meaningful security fortification while minimizing server-side stress.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.83-94
• /
• 2015

Deduplication, which is a technique of eliminating redundant data by storing only a single copy of each data, provides clients and a cloud server with efficiency for managing stored data. Since the data is saved in untrusted public cloud server, however, both invasion of data privacy and data loss can be occurred. Over recent years, although many studies have been proposed secure deduplication schemes, there still remains both the security problems causing serious damages and inefficiency. In this paper, we propose secure and efficient client-side deduplication with Key-server based on Bellare et. al's scheme and challenge-response method. Furthermore, we point out potential risks of client-side deduplication and show that our scheme is secure against various attacks and provides high efficiency for uploading big size of data.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.1
• /
• pp.139-147
• /
• 2010

A remote user authentication scheme is a two-party protocol whereby an authentication server in a distributed system confirms the identity of a remote individual logging on to the server over an untrusted, open network. In 2005, Liao et al. proposed a remote user authentication scheme using a smart card, in which users can be authenticated anonymously. Recently, Yoon et al. have discovered some security flaws in Liao et al.'s authentication scheme and proposed an improved version of this scheme to fix the security flaws. In this article, we review the improved authentication scheme by Yoon et al. and provide a security analysis on the scheme. Our analysis shows that Yoon et al.'s scheme does not guarantee not only any kind of authentication, either server-to-user authentication or user-to-server authentication but also password security. The contribution of the current work is to demonstrate these by mounting two attacks, a server impersonation attack and a user impersonation attack, and an off-line dictionary attack on Yoon et al.'s scheme. In addition, we propose the enhanced authentication scheme that eliminates the security vulnerabilities of Yoon et al.'s scheme.