Time filter

Source Type

Shim K.-A.,South Korean National Institute for Mathematical Sciences
Journal of Systems and Software | Year: 2010

An aggregate signature scheme allows n signatures on n distinct messages from n distinct users to aggregate a single signature. The main benefit of such schemes is that they allow bandwidth and computational savings. Since Boneh et al.'s aggregate signature scheme from pairings, there exist several trials for constructing ID-based aggregate signature schemes. However, their computational complexity for pairing computations grows linearly with the number of signers. In this paper, we propose an efficient ID-based aggregate signature scheme with constant pairing computations. We also give its security proof in the random oracle model under the Computational Diffie-Hellman assumption. © 2010 Elsevier Inc. All rights reserved. Source

Shim K.-A.,South Korean National Institute for Mathematical Sciences
IEEE Transactions on Wireless Communications | Year: 2013

Jiang et al. proposed an authentication scheme for Vehicle-to- Infrastructure communications using a Binary Authentication Tree. The scheme can effectively eliminate the performance bottleneck when verifying a mass of signatures within a rigorously required interval and filtering bogus messages. In this paper, we show that Jiang et al. 's scheme is insecure against forgery attacks, replay attacks and Sybil attacks. To overcome the weaknesses, we reconstruct a conditional privacy-preserving authentication scheme, called CPP-BAT, for Vehicle-to-Infrastructure communications based on secure identity-based signature, aggregate signature schemes and the Binary Authentication Tree. © 2013 IEEE. Source

Chung Y.,South Korean National Institute for Mathematical Sciences
Computer Communication Review | Year: 2012

Distributed denial of service attacks are often considered just a security problem. While this may be the way to view the problem with the Internet of today, perhaps new network architectures attempting to address the issue should view it as a scalability problem. In addition, they may need to approach the problem based on a rigorous foundation. Source

Shim K.-A.,South Korean National Institute for Mathematical Sciences
IEEE Communications Surveys and Tutorials | Year: 2016

Cryptographic primitives are fundamental building blocks for designing security protocols to achieve confidentiality, authentication, integrity and non-repudiation. It is not too much to say that the selection and integration of appropriate cryptographic primitives into the security protocols determines the largest part of the efficiency and energy consumption of the wireless sensor network (WSN). There are a number of surveys on security issues on WSNs, which, however, did not focus on public-key cryptographic primitives in WSNs. In this survey, we provide a deeper understanding of public-key cryptographic primitives in WSNs including identity-based cryptography and discuss their main directions and some open research issues that can be further pursued. We investigate state-of-the-art software implementation results of public-key cryptographic primitives in terms of execution time, energy consumption and resource occupation on constrained wireless devices choosing popular IEEE 802.15.4-compliant WSN hardware platforms, used in real-life deployments. This survey provides invaluable insights on public-key cryptographic primitives on WSN platforms, and solutions to find tradeoffs between cost, performance and security for designing security protocols in WSNs. © 1998-2012 IEEE. Source

Lee M.S.,South Korean National Institute for Mathematical Sciences
Computers and Mathematics with Applications | Year: 2011

Recently, Wang and Hu have proposed a high-density quadratic compact knapsack public-key cryptosystem using the Chinese remainder theorem to disguise two secret cargo vectors. The system is claimed to be secure against certain known attacks; however, it has not been demonstrated to fulfill any provable security goals. In this work, we show that this system is not secure. Exploiting the special structure of system parameters, we first show that a candidate list for the secret modulus can be obtained by solving linear equations with small solutions. Next, we show that with this candidate list, all other secrets can be recovered in succession with lattice-based methods by solving certain modular linear equations with small solutions. As a result, recovering a private key can be done in about 11 h for the proposed system parameter n=100. We also discuss a method to thwart the proposed attack. © 2011 Elsevier Ltd. All rights reserved. Source

Discover hidden collaborations