Chanil Park

Privacy-preserving identity-based broadcast encryption

Broadcast encryption enables a broadcaster to encrypt messages and transmit them to some subset S of authorized users. In identity-based broadcast encryption schemes, a broadcasting sender typically encrypts a message by combining public identities of receivers in S and system parameters. However, previous identity-based broadcast encryption schemes have not been concerned about preserving the privacy of receivers. Consequently, all of the identities of broadcast receivers in S are exposed to the public in the previous schemes, which may be subject to attacks on user privacy in lots of pragmatic applications. We propose a novel privacy-preserving identity-based broadcast encryption scheme against an active attacker. The proposed scheme protects the privacy of receivers of broadcasted messages by hiding the identities of receivers in S. Additionally, it achieves less storage and computation costs required to encrypt and decrypt the broadcast message, compared to the previous identity-based broadcast encryption schemes that do not provide user privacy.

Real-time analysis of intrusion detection alerts via correlation

With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. This paper presents a fast and efficient system for analyzing alerts. Our system basically depends on the probabilistic correlation. However, we enhance the probabilistic correlation by applying more systematically defined similarity functions and also present a new correlation component that is absent in other correlation models. The system can produce meaningful information by aggregating and correlating the large volume of alerts and can detect large-scale attacks such as distributed denial of service (DDoS) in early stage. We measured the processing rate of each elementary component and carried out a scenario-based test in order to analyze the efficiency of our system. Although the system is still imperfect, we were able to reduce the numerous redundant alerts 5.5% of the original volume without distorting the meaning through two-phase reduction. This ability reduces the management overhead drastically and makes the analysis and correlation easy. Moreover, we were able to construct attack scenarios for multistep attacks and detect large-scale attacks in real time.

An efficient pre-authentication scheme for IEEE 802.11-based vehicular networks

In vehicular networks, supporting user mobility is one of the most challenging issues. Recently, as the desires for the high mobility and high-quality real-time services increase, fast handoff among base stations comes to a center of quality of connections. Therefore, minimizing re-authentication latency during handoff is crucial for revolutionizing the driving environment on public vehicular networks in terms of safety and convenience. In this study, we propose an efficient pre-authentication scheme for fast and secure handoff in IEEE 802.11-based vehicular networks. The proposed scheme reduces the handoff delay by reducing 4-way handshake to 2-way handshake between an access point and a mobile vehicle station during the re-authentication phase. Furthermore, the proposed scheme gives little burden over the proactive key predistribution scheme while satisfying 802.11i security requirements.

Pre-authentication for fast handoff in wireless mesh networks with mobile APs

Wireless mesh networks can extend the network service region by just adding APs. However wireless mesh networks also have the same security problems as the traditional wireless LAN. Until now, many methods have been proposed to solve the authentication problem, particularly for the fast handoff, in the traditional wireless LAN. However, previous methods are not efficient to the wireless mesh network with mobile APs because they just considered static APs. In this paper, we propose a new pre-authentication method for the wireless mesh network with mobile APs. We adapted the neighbor graph method of previous schemes for the compatibility. However, our method is suitable to the wireless mesh network by applying a Du et als key distribution. Furthermore, we present a formal analysis about our method by using a logic based formal analysis method.

Fine-grained user access control in ciphertext-policy attribute-based encryption

Key revocation is one of the most challenging and open issues in attribute-based encryption (ABE). The previous revocable ABE schemes feature a mechanism that revokes the attribute key periodically without any consideration of the user membership associated with the attribute. Thus, non-revoked users are enforced to access the key authority periodically to receive keying materials in order to update the current key. This is due to the fact that the revocation is done only on the attribute level, which results in security and scalability problems. In this paper, we propose a fine-grained user revocation scheme without affecting any non-revoked users who share the same attributes in ciphertext-policy ABE; it does not require the users to access the key authority and to update keys periodically. The proposed scheme improves the efficiency compared with previous revocable schemes and enhances the security in terms of the backward/forward secrecy on any membership changes in the ciphertext-policy ABE system. Copyright

Cluster based trust evaluation in ad hoe networks

Trust evaluation is an important aspect in ad hoc networks. By clarifying the trust relationship, we can take security measures easily. In our paper, we propose a new trust model and trust evaluation method. Our trust model is based on the cluster. In the paper, we also explain the clustering method and show how to be applied on the various security problems

Authenticated public key broadcast encryption scheme secure against insiders’ attack

Abstract Broadcast encryption schemes have been studied in the past decades. Recently, insiders’ attack on the broadcast encryption scheme has been attracted attention among researchers. So, several broadcast encryption schemes with sender authentication have been proposed. However, since broadcast message size in previous schemes increases linearly at the number of target members, the previous schemes are not suitable for the group with large members. In this paper, we propose a new authenticated public key broadcast encryption scheme called ω -APKBE scheme. The proposed ω -APKBE scheme provides sender authentication property with a constant size broadcast message which is nonlinear on the number of target members. Hence, the proposed scheme is more compatible to the dynamic group with large members than the previous schemes.

Chosen ciphertext secure authenticated group communication using identity-based signcryption

Efficient access control with scalable rekeying is one of the most important requirements for secure group communications, especially in a dynamic and large group. In a many-to-many group communication environment, sender authentication is also another important security requirement as each participant can potentially be both a sender and a receiver. In this study, we propose an authenticated group communication scheme which is secure against an adaptive chosen ciphertext attack using identity-based signcryption. The proposed scheme allows multiple senders to dynamically multicast messages into an arbitrary group of receivers determined by the senders. In the proposed scheme, the group member can be a stateless receiver. Data confidentiality of the group communication is guaranteed as well as the sender authentication.

An Efficient Proactive Key Distribution Scheme for Fast Handoff in IEEE 802.11 Wireless Networks

Supporting user mobility is one of the most challenging issues in wireless networks. Recently, as the desires for the user mobility and high-quality multimedia services increase, fast handoff among base stations comes to a center of quality of connections. Therefore, minimizing re-authentication latency during handoff is crucial for supporting various promising real-time applications such as Voice over IP (VoIP) on public wireless networks. In this study, we propose an enhanced proactive key distribution scheme for fast and secure handoff based on IEEE 802.11i authentication mechanism. The proposed scheme reduces the handoff delay by reducing 4-way handshake to 2-way handshake between an access point and a mobile station during the re-authentication phase. Furthermore, the proposed scheme gives little burden over the proactive key pre-distribution scheme while satisfying 802.11i security requirements.

A Distributed Deterministic and Resilient Replication Attack Detection Protocol in Wireless Sensor Networks

To detect replica nodes in a wireless sensor network, we propose a distributed, deterministic and resilient (DDR) replica detection protocol developed from a witness node based strategy. In DDR, while a location claim message of each node is sent towards the designated verification location in the network, the consistency of the messages is verified at intermediate nodes en route to its final destination. Compared with previous replication attack detection protocols, DDR achieves better computation and communication performance due to the use of symmetric key cryptography only and early replica detection.