Jong-Phil Yang

A New Design for a Practical Secure Cookies System

Because of the stateless character of HTTP, cookies were invented to maintain continuity and states on the Web. Cookies which have user-related information are transmitted and stored, so an attacker can easily copy and modify them for his own purpose. Therefore, cookies are exposed to serious security threats such as network threats, end-system threats, and cookie-harvesting threats. In this paper, we present a secure cookie system for solving these security weaknesses of typical web cookies. Since our system is based on the Public Key Infrastructure (PKI), it provides mutual authentication between clients and servers, and ensures the confidentiality and integrity of user information. We have implemented our secure cookie system and compare it here to the Secure Socket Layer (SSL) protocol that is widely used to provide the security in the HTTP environment.

Securing admission control in ubiquitous computing environment

In this paper, we introduce a new model which allows an organization to perform secure admission control for foreign users. We adopt a threshold proxy signature scheme to provide precise admission control for the proposed model. Additionally, we propose a new (t,n) threshold proxy signature scheme for realistic implementation of the proposed model.

Practical modification of an efficient public-key framework

J. Zhou proposed a new public-key framework, in which the maximum lifetime of a certificate is divided into short periods and the certificate could expire at the end of any period under the control of the certificate owner (or his manager in a corporate environment). However, Zhous public-key framework is not suitable on implementation in real world. Therefore, we review some security parameters and change them into more suitable ones for implementation. Moreover, we remove an unnecessary trust party of Zhous public-key framework and propose an improved scheme for realistic solution.

A fair and reliable p2p e-commerce model based on collaboration with distributed peers

In this paper we present a fair and reliable e-commerce model for P2P network, in which communication parties can buy and sell products by P2P contact. In particular, we focus on a fair exchange protocol that is based on collaboration with distributed communication parties and distinguished from the traditional fair exchange protocols based on a central trusted authority. This feature makes our model very attractive in P2P networking environment which does not depend on any central trusted authority for managing communication parties.

A simplified approach to user controllable threshold signatures

A threshold signature scheme typically assumes that the shared signing function can only be activated by a quorum number of servers. Therefore, it is inappropriate for settings where an organization employs some servers for a threshold protection of its private signing function. That is, if anyone has the power to activate the signing function of servers, they can easily compute valid signatures for a specific organization without knowing the secret private key. In this paper, we present a model of the threshold signature scheme in which the user possesses the controllability to activate his private signing functions and the secret private key is shared among several servers. Moreover, our scheme is applicable to both discrete-log based threshold signatures and RSA based threshold signatures.

A new efficient protocol for authentication and certificate status management in personal area networks

In this paper we propose a new efficient authentication protocol that reduces a burden of computation for digital signature generation/verification on mobile devices in the personal area network. In particular, we focus on eliminating the traditional public key operations on mobile devices without any assistance of a signature server. Moreover, the proposed protocol provides a simplified procedure for certificate status management to alleviate communication and computational costs on mobile devices in the personal area network.

The Design and Implementation of Improved Secure Cookies Based on Certificate

The HTTP does not support continuity for browser-server interaction between successive visits of a user due to a stateless feature. Cookies were invented to maintain continuity and state on the Web. Because cookies are transmitted in plain and contain text-character strings encoding relevant information about the user, the attacker can easily copy and modify them for his undue profit. In this paper, we design a secure cookies scheme based on public key certificate for solving these security weakness of typical web cookies. Our secure cookies scheme provides not only mutual authentication between client and server but also confidentiality and integrity of user information. Additionally, we implement our secure cookies scheme and compare it to the performance with SSL (Secure Socket Layer) protocol that is widely used for security of HTTP environment.

Generating authentication data without keeping a private key for Mobility

In the near future, people will wish to access many kinds of heterogeneous networks to use their services anytime and anywhere. Owing to the heterogeneity of networks, there must be many kinds of protocols to guarantee secure services. The mobile device can depend on a middleware for accessing services in the heterogeneous networks and the middleware helps the mobile device to communicate with services without knowing concrete protocols. If a secure channel is necessary, the middleware may access a private key in the mobile device to perform a security protocol. In this paper, we focus on the security of a private key in the mobile device against malicious middlewares. To do so, we introduce two models for a user to protect his/her private key against malicious middlewares by generating authentication data (e.g., digital signatures) without keeping the private key in the mobile device

ROCEM: Robust Certified E-mail System Based on Server-Supported Signature

In this paper we propose a new certified e-mail system which alleviates computational overhead of mobile devices with limited computing power considering server-supported signatures scheme. Our system is also fault-tolerant and robust against mobile adversary and conspiracy attacks since it distributes secure information to several servers based on the threshold cryptography.

Distributed Secure Mail System For Roaming User

In this paper, we propose a new certified e-mail system which reduces user`s computational overhead and distributes confidentiality of TTP(Trusted Third Partty). Based on the traditional cryptographic schemes and server-supported signiture for fairness and confidentiality of message, we intend to minimize to computation overhead of mobile device on public key algorithm. Therefore, our proposal becomes to be suitable for mail user sho uses mobile devices such as cellular phone and PDA. Moreover, the proposed system is fault-tolerant, secure against mobile adversary and conspiracy attack, since it is based on the threshold cryptography on server-side.