Time filter

Source Type

Shim K.-A.,South Korean National Institute for Mathematical Sciences
Journal of Systems and Software | Year: 2010

An aggregate signature scheme allows n signatures on n distinct messages from n distinct users to aggregate a single signature. The main benefit of such schemes is that they allow bandwidth and computational savings. Since Boneh et al.'s aggregate signature scheme from pairings, there exist several trials for constructing ID-based aggregate signature schemes. However, their computational complexity for pairing computations grows linearly with the number of signers. In this paper, we propose an efficient ID-based aggregate signature scheme with constant pairing computations. We also give its security proof in the random oracle model under the Computational Diffie-Hellman assumption. © 2010 Elsevier Inc. All rights reserved.


Shim K.-A.,South Korean National Institute for Mathematical Sciences
IEEE Transactions on Wireless Communications | Year: 2013

Jiang et al. proposed an authentication scheme for Vehicle-to- Infrastructure communications using a Binary Authentication Tree. The scheme can effectively eliminate the performance bottleneck when verifying a mass of signatures within a rigorously required interval and filtering bogus messages. In this paper, we show that Jiang et al. 's scheme is insecure against forgery attacks, replay attacks and Sybil attacks. To overcome the weaknesses, we reconstruct a conditional privacy-preserving authentication scheme, called CPP-BAT, for Vehicle-to-Infrastructure communications based on secure identity-based signature, aggregate signature schemes and the Binary Authentication Tree. © 2013 IEEE.


Shim K.-A.,South Korean National Institute for Mathematical Sciences
IEEE Communications Surveys and Tutorials | Year: 2016

Cryptographic primitives are fundamental building blocks for designing security protocols to achieve confidentiality, authentication, integrity and non-repudiation. It is not too much to say that the selection and integration of appropriate cryptographic primitives into the security protocols determines the largest part of the efficiency and energy consumption of the wireless sensor network (WSN). There are a number of surveys on security issues on WSNs, which, however, did not focus on public-key cryptographic primitives in WSNs. In this survey, we provide a deeper understanding of public-key cryptographic primitives in WSNs including identity-based cryptography and discuss their main directions and some open research issues that can be further pursued. We investigate state-of-the-art software implementation results of public-key cryptographic primitives in terms of execution time, energy consumption and resource occupation on constrained wireless devices choosing popular IEEE 802.15.4-compliant WSN hardware platforms, used in real-life deployments. This survey provides invaluable insights on public-key cryptographic primitives on WSN platforms, and solutions to find tradeoffs between cost, performance and security for designing security protocols in WSNs. © 1998-2012 IEEE.


Lee M.S.,South Korean National Institute for Mathematical Sciences
Computers and Mathematics with Applications | Year: 2011

Recently, Wang and Hu have proposed a high-density quadratic compact knapsack public-key cryptosystem using the Chinese remainder theorem to disguise two secret cargo vectors. The system is claimed to be secure against certain known attacks; however, it has not been demonstrated to fulfill any provable security goals. In this work, we show that this system is not secure. Exploiting the special structure of system parameters, we first show that a candidate list for the secret modulus can be obtained by solving linear equations with small solutions. Next, we show that with this candidate list, all other secrets can be recovered in succession with lattice-based methods by solving certain modular linear equations with small solutions. As a result, recovering a private key can be done in about 11 h for the proposed system parameter n=100. We also discuss a method to thwart the proposed attack. © 2011 Elsevier Ltd. All rights reserved.


Shim K.-A.,South Korean National Institute for Mathematical Sciences
Information Sciences | Year: 2014

Lipmaa et al. introduced a new security notion of designated verifier signature schemes, non-delegatability: neither a signer nor a designated verifier can delegate the signing rights to any third party without revealing their secret keys. In this paper, we classify designated verifier signature schemes into three types and then discuss delegatability of existing designated verifier signature schemes, strong designated verifier signature schemes and universal designated verifier signature schemes, and open research issues. © 2014 Elsevier Inc. All rights reserved.


Shim K.-A.,South Korean National Institute for Mathematical Sciences
Computers and Electrical Engineering | Year: 2011

A proxy signature enables an original signer to delegate its signing capability to a proxy signer and the proxy signer can sign a message on behalf of the original signer. Later, anyone can verify the validity of proxy signatures. The "public-verifiable" property of the proxy signature is not suitable in some applications in which a proxy signed message may be personally or commercially sensitive. A designated verifier proxy signature scheme is suitable for these environments. In this paper, we propose a provably secure short designated verifier proxy signature scheme in the random oracle model under the Bilinear Diffie-Hellman assumption. © 2011 Published by Elsevier Ltd.


Chung Y.,South Korean National Institute for Mathematical Sciences
Computer Communication Review | Year: 2012

Distributed denial of service attacks are often considered just a security problem. While this may be the way to view the problem with the Internet of today, perhaps new network architectures attempting to address the issue should view it as a scalability problem. In addition, they may need to approach the problem based on a rigorous foundation.


Shim K.-A.,South Korean National Institute for Mathematical Sciences
Information Sciences | Year: 2012

In this paper, we propose a round-optimal identity-based authenticated key agreement protocol for a three-party setting in which three parties can actually transmit messages simultaneously. We then give its security proof in the random oracle model under the Bilinear Diffie-Hellman assumption. © 2011 Elsevier Inc. All rights reserved.


Shim K.-A.,South Korean National Institute for Mathematical Sciences
IEEE Transactions on Vehicular Technology | Year: 2012

In this paper, we propose a conditional privacy-preserving authentication scheme, called CPAS, using pseudo-identity-based signatures for secure vehicle-to-infrastructure communications in vehicular ad hoc networks. The scheme achieves conditional privacy preservation, in which each message launched by a vehicle is mapped to a distinct pseudo-identity, and a trust authority can always retrieve the real identity of a vehicle from any pseudo-identity. In the scheme, a roadside unit (RSU) can simultaneously verify multiple received signatures, thus considerably reducing the total verification time; an RSU can simultaneously verify 2540 signed-messages/s. The time for simultaneously verifying 800 signatures in our scheme can be reduced by 18%, compared with the previous scheme. © 2012 IEEE.


Patent
South Korean National Institute for Mathematical Sciences | Date: 2011-07-13

A communication device operating as a node constituting a multi-hop network in which a plurality of different networks are mixed, a method for detecting a hub, and a method for transmitting a packet are provided. The communication device includes: a hub detection unit configured to determine whether or not the communication device operates as a hub; a pheromone calculation unit configured to calculate a pheromone value according to whether or not the communication device is a hub; a transmission unit configured to broadcast the pheromone value to neighbor nodes; a reception unit configured to receive the pheromone value from each of the neighbor nodes; and a forwarding node selecting unit configured to compare the pheromone values of the neighbor nodes and select a neighbor node having the greatest pheromone value as a forwarding node to which a packet is to be transmitted.

Loading South Korean National Institute for Mathematical Sciences collaborators
Loading South Korean National Institute for Mathematical Sciences collaborators