Heeyoul Kim

A new data hiding scheme for binary image authentication with small image distortion

This paper proposes a new data hiding scheme for binary image authentication with minimizing the distortion of host image. Based on the Hamming-Code-Based data embedding algorithm, the proposed scheme makes it possible to embed authentication information into host image with only flipping small number of pixels. To minimize visual distortion, the proposed scheme only modifies the values of the flippable pixels that are selected based on Yang et als flippablity criteria. In addition to this, by randomly shuffling the bit-order of the authentication information to be embedded, only the designated receiver, who has the secret key that was used for data embedding, can extract the embedded data. To show the superiority of the proposed scheme, the two measurement metrics, the miss detection rate and the number of flipped pixels by data embedding, are used for the comparison analysis between the proposed scheme and the previous schemes. As a result of analysis, it has been shown that the proposed scheme flips smaller number of pixels than the previous schemes to embed the authentication information of the same bit-length. Moreover, it has been shown that the proposed scheme causes smaller visual distortion and more resilient against recent steg-analysis attacks than the previous schemes by the experimental results.

Real-time analysis of intrusion detection alerts via correlation

With the growing deployment of networks and the Internet, the importance of network security has increased. Recently, however, systems that detect intrusions, which are important in security countermeasures, have been unable to provide proper analysis or an effective defense mechanism. Instead, they have overwhelmed human operators with a large volume of intrusion detection alerts. This paper presents a fast and efficient system for analyzing alerts. Our system basically depends on the probabilistic correlation. However, we enhance the probabilistic correlation by applying more systematically defined similarity functions and also present a new correlation component that is absent in other correlation models. The system can produce meaningful information by aggregating and correlating the large volume of alerts and can detect large-scale attacks such as distributed denial of service (DDoS) in early stage. We measured the processing rate of each elementary component and carried out a scenario-based test in order to analyze the efficiency of our system. Although the system is still imperfect, we were able to reduce the numerous redundant alerts 5.5% of the original volume without distorting the meaning through two-phase reduction. This ability reduces the management overhead drastically and makes the analysis and correlation easy. Moreover, we were able to construct attack scenarios for multistep attacks and detect large-scale attacks in real time.

Digital rights management with right delegation for home networks

The purpose of digital rights management (DRM) is to protect the copyrights of content providers and to enable only designated user to access digital contents. For a user to share the contents among all his devices in the home network, several domain-based approaches that group multiple devices into a domain have been proposed. In these approaches, however, each device in a domain has equivalent rights on all contents although certain contents require an access control between the devices. In this paper, a new DRM system for home networks is presented. This system enables access control on the contents by a right delegation strategy with proxy certificates. Moreover, it also provides additional functionalities, including restricted sharing and temporal sharing of contents, which are necessary for ordinary scenarios in home networks.

On-demand secure routing protocol for ad hoc network using ID based cryptosystem

A routing protocol that is appropriate for an ad hoc network is needed. But research into routing protocols for ad hoc networks so far have mainly targeted efficiency and assume a trusted environment. But these protocols are not well operated in the networks that adversaries exist in. We propose a new on-demand secure routing protocol for ad hoc networks using an ID based cryptosystem. Our protocol can authenticate all nodes in the routing path with less network resource consumption than previous secure routing protocols. And our protocol does not need the fixed infrastructure without unrealistic assumptions because of using an ID based cryptosystem.

A new binary image authentication scheme with small distortion and low false negative rates

SUMMARY In this study, a novel binary image authentication scheme is proposed, which can be used to detect any alteration of the host image. In the proposed scheme, the watermark is embedded into a host image using a Hamming-code-based embedding algorithm. A performance analysis shows that the proposed scheme achieves both smaller distortion and lower false negative rates than the previous schemes.

Tamper resistant software by integrity-based encryption

There are many situations in which it is desirable to protect a piece of software from illegitimate tampering once it gets distributed to the users. Protecting the software code means some level of assurance that the program will execute as expected even if it encounters the illegitimated modifications. We provide the method of protecting software from unauthorized modification. One important technique is an integrity-based encryption, by which a program, while running, checks itself to verify that it has not been modified and conceals some privacy sensitive parts of program.

Secure group communication with multiplicative one-way functions

Secure group communication enables only the users in that group securely communicate with each other. Because the users can join or leave the group dynamically, scalability is a major concern. In this paper, we propose a communication-efficient model using multiplicative one-way functions. It also has well known tree-based structure but uses exclusive keys that are held by the users not in some subtree. When totally n users are in the group, proposed model reduces the size of multicast message required in join or leave operation from O(logn) to O(1) keeping other costs comparable. The security of proposed model is based on the difficulty of finding square root modulo composite number and it also satisfies both forward and backward secrecy. Therefore, proposed model is very applicable to a wide area network environment or a low-bandwidth channel such as ad hoc network.

Secure Group Communication with Dynamic Membership Change in Ad Hoc Networks

The importance of secure communication between only legitimate group members in ad hoc networks has been growing in recent years. Due to the ad hoc nature the scalability on dynamic membership change is a major concern. However, the previous models require at least O(log n) communication cost for key update per each membership change, which imposes a heavy burden on the devices. In this paper we present a scalable model that supports communication-efficient membership change in ad hoc networks by exclusionary keys and RSA functions. The multicast cost for key update is extremely low, that is O(1), and one-to-one communications occur mostly in neighboring devices.

A robust and flexible digital rights management system for home networks

A robust and flexible Digital Rights Management system for home networks is presented. In the proposed system, the central authority delegates its authorization right to the local manager in a home network by issuing a proxy certificate, and the local manager flexibly controls the access rights of home devices on digital contents with its proxy certificate. Furthermore, the proposed system provides a temporary accessing facility for external devices and achieves strong privacy for home devices. For the validation of delegated rights and the revocation of compromised local managers, a hybrid mechanism combining OCSP validation and periodic renewal of proxy certificates is also presented.

A practical approach of ID‐based cryptosystem in ad hoc networks

As research in ad hoc networking has advanced, the importance of security increases more and more. But it suffers from the restriction that ad hoc networks do not have the established infrastructure. In this paper we propose a security-enhanced model with ID-based cryptosystem which removes the necessity for any infrastructure and provides sound authentication. Also we provide a more secure and concrete routing protocol with aggregate signature. For confidentiality, we also provide a key exchange protocol. And our model not only distributes the role of key generation center in ID-based cryptosystem to the nodes with threshold cryptography, but also increases availability by providing a secret re-sharing protocol. Therefore, our model is very appropriate for ad hoc networks. Copyright