Jaeil Lee

A model for embedding and authorizing digital signatures in printed documents

It is a desirable feature in a public key infrastructure (PKI) to include the signature information in a printed document for authenticity and integrity checks, in a way to bind an electronic document to the printed document. However, it is not easy to preserve the digital signature in the printed document because the digital signature is for the text code (or the whole document file), not for the text image (which can be scanned optically) in printed form. So, we propose a practical and secure method for preserving the authorized digital signatures for printed documents. We will derive a printable digital signature scheme from the Korean Certificate-based Digital Signature Algorithm (KCDSA) for secure transaction and utilize the dense two-dimensional barcode, QRcode, for printing out the signature and data in a small area within a printed document.

A Secure Web Services for Location Based Services in Wireless Networks

While Location Based Services (LBS) can make our lives more comfortable and productive, it may cause an invasion of privacy by disclosure and commercial use of location information. In this paper, we discuss privacy and security problems that may happen in the current LBS system and propose solutions. We propose a new secure Web services architecture for LBS in wireless network. Our architecture allows mobile users to create and enforce dynamic policy for safe and consistent LBS. We also describe some practical scenarios in which our architecture protects user’s location privacy and security.

Practical Digital Signature Generation Using Biometrics

It is desirable to generate a digital signature using biometrics but not practicable because of its inaccurate measuring and potential hill-climbing attacks, without using specific hardware devices that hold signature keys or biometric templates securely. We study a simple practical method for biometrics based digital signature generation without such restriction, by exploiting the existing tools in software in our proposed model where a general digital signature such as RSA can be applied without losing its security.

Privacy protection in PKIs: a separation-of-authority approach

Due to the growing number of privacy infringement problems, there are increasing demands for privacy enhancing techniques on the Internet. In the PKIs, authorized entities such as CA and RA may become, from the privacy concerns, a big brother even unintentionally since they can always trace the registered users with regard to the public key certificates. In this paper, we investigate a practical method for privacy protection in the existing PKIs by separating the authorities, one for verifying ownership and the other for validating contents, in a blinded manner. The proposed scheme allows both anonymous and pseudonymous certificates to be issued and used in the existing infrastructures in the way that provides conditional traceability and revocability based on the threshold cryptography and selective credential show by exploiting the extension fields of X.509 certificate version 3.

Secure cluster based routing protocol incorporating the distributed PKI mechanisms

In this paper, we state a method of incorporating the distributed PKI (public key infrastructure) mechanisms to the MANET (mobile ad hoc networks) routing protocol. For doing this, we assume that MANET regards the CBRP (cluster based routing protocol) as base routing protocol. By using the basic operations of CBRP and the distributed PKI mechanisms, our scheme efficiently finds a certificate chain and performs the secure routing. This means that by incorporating the distributed PKI mechanisms to the CBRP, our scheme can provide the procedure of certificate chain discovery for packet routing. Also, by signing the HELLO message, our scheme can provide the reliable exchange of authentic routing/topology information.

A lightweight and secure wireless certificate management protocol supporting mobile phone

In this paper, we propose a lightweight and secure wireless certificate management protocol that is applicable to the wireless Internet that has a constrained communication environment and the mobile phone that has fundamental limitation of performance, and show the implementation results of the scheme based on the mobile phone.

A Practical Method for Generating Digital Signatures Using Biometrics

When we consider users convenience for electronic transactions, it might be desirable to generate a digital signature using biometrics. However, it is not easy nor practicable in todays communications environment because of inaccurate measuring and potential hill-climbing attacks with regard to biometrics, unless specific hardware storage is provided for manipulating signature keys or biometric templates securely. In this paper, we study a simple practical method for biometrics based digital signature generation without such restriction. It is based on the existing tools in software in our proposed model where a general digital signature such as RSA can be applied without losing its security. This is not a cryptography paper but rather written from the practical perspectives.

New adaptive trust models against DDoS: back-up CA and mesh PKI

Most of Public Key Infrastructures (PKIs) are based on the ITU-T X.509, and the top-down hierarchical structure is extensively employed for the PKI community. However, the prominent drawback of the hierarchical PKI structure is that the CAs can be the target of serious attacks such as Distributed Denial-of-Service (DDoS). In this paper, we present two new models, Back-up CA and Mesh PKI, to cope with such Internet attacks. The proposed Back-up CA sets up an alternative path when an original CA is under attack, consequently improving availability and flexibility. Mesh PKI is a collection of CAs dynamically linked by multiple peer-to-peer cross-certifications. The Mesh PKI is very attractive, not only because they are robust to attacks but also because they help to reduce overall certificate validation time and to balance the load across multiple CAs.