Yongsu Park

A new data hiding scheme for binary image authentication with small image distortion

This paper proposes a new data hiding scheme for binary image authentication with minimizing the distortion of host image. Based on the Hamming-Code-Based data embedding algorithm, the proposed scheme makes it possible to embed authentication information into host image with only flipping small number of pixels. To minimize visual distortion, the proposed scheme only modifies the values of the flippable pixels that are selected based on Yang et als flippablity criteria. In addition to this, by randomly shuffling the bit-order of the authentication information to be embedded, only the designated receiver, who has the secret key that was used for data embedding, can extract the embedded data. To show the superiority of the proposed scheme, the two measurement metrics, the miss detection rate and the number of flipped pixels by data embedding, are used for the comparison analysis between the proposed scheme and the previous schemes. As a result of analysis, it has been shown that the proposed scheme flips smaller number of pixels than the previous schemes to embed the authentication information of the same bit-length. Moreover, it has been shown that the proposed scheme causes smaller visual distortion and more resilient against recent steg-analysis attacks than the previous schemes by the experimental results.

A new binary image authentication scheme with small distortion and low false negative rates

SUMMARY In this study, a novel binary image authentication scheme is proposed, which can be used to detect any alteration of the host image. In the proposed scheme, the watermark is embedded into a host image using a Hamming-code-based embedding algorithm. A performance analysis shows that the proposed scheme achieves both smaller distortion and lower false negative rates than the previous schemes.

HORSIC: An efficient one-time signature scheme for wireless sensor networks

One-time signature schemes are promising candidates for broadcast authentication, which is an essential security primitive in wireless sensor networks. This paper proposes HORSIC, an efficient one-time signature scheme for broadcast authentication in wireless sensor networks. Different from previous one-time signature schemes, HORSIC can reduce the public key size and signature size simultaneously at the cost of increased overhead in key generation and signature verification.

A robust and flexible digital rights management system for home networks

A robust and flexible Digital Rights Management system for home networks is presented. In the proposed system, the central authority delegates its authorization right to the local manager in a home network by issuing a proxy certificate, and the local manager flexibly controls the access rights of home devices on digital contents with its proxy certificate. Furthermore, the proposed system provides a temporary accessing facility for external devices and achieves strong privacy for home devices. For the validation of delegated rights and the revocation of compromised local managers, a hybrid mechanism combining OCSP validation and periodic renewal of proxy certificates is also presented.

Efficient One-time Signature Schemes for Stream Authentication

When one-time signatures are used for stream authentication, one of the most serious drawbacks is that their large signature size yields high communication overhead. In this paper, we present two efficient one-time signature schemes for stream authentication. Compared with the previous schemes, these schemes have the smallest signature sizes. Moreover, their verification overheads are low. The signature size of Scheme 1 is smaller than that of Scheme 2 whereas Scheme 2 has much smaller signing cost: it requires only 2 hash operations in the majority of cases. Although Scheme 1s signing cost is relatively high, it can be parallelized without any additional risk because sharing the private key among distributed servers is not required.

An optimal distributed trigger counting algorithm for large-scale networked systems

Distributed trigger counting (DTC) is a problem related to the detection of w triggers with n nodes in large-scale distributed systems that have general characteristics of complex adaptive systems. The triggers come from an external source, and no a priori information about the triggers is given. DTC algorithms can be used for distributed monitoring and global snapshots. When designing an efficient DTC algorithm, the following goals should be considered: minimizing the overall message complexity and distributing the loads for detecting triggers among nodes. In this paper, we propose a randomized algorithm called TreeFill, which satisfies the message complexity of O ( n log ( w / n ) ) with high probability. The maximum number of received messages to detect w triggers in each node is O ( log ( w / n ) ) with high probability. These results satisfy the lower bounds of DTC problems. We prove the upper bounds of TreeFill. The performance of TreeFill is also evaluated by means of an agent-based simulation using NetLogo. The simulation results show that TreeFill uses about 54–69% of the messages used in a previous work called CoinRand. The maximum number of received messages in each node of TreeFill is also smaller than that in the previous work.

An efficient delegation protocol with delegation traceability in the X.509 proxy certificate environment for computational grids

The X.509 proxy certificate is widely used to delegate an entitys right to another entity in the computational grid environment. However, this proxy certificate has two drawbacks: the potential security threat caused by non-traceability of a delegation chain and the inefficiency caused by an interactive communication between the right grantor and the right grantee on the delegation protocol. To address these problems, a new delegation protocol is presented. The proposed protocol employs an ID-based key generation technique to support delegation traceability and non-interactive delegation. Since access-right delegation occurs frequently in the computational grid environment, the proposed protocol can enhance security by providing delegation traceability and can enhance efficiency by reducing the inter-domain communication cost.

Efficient and Secure Self-Organized Public Key Management for Mobile Ad Hoc Networks

This paper presents a fully self-organized key management scheme for mobile ad hoc networks. Unlike most previous schemes, there is no priori shared secret or no priori trust relationship in the proposed scheme; every node plays the same role and carries out the same function of key management. The proposed scheme consists of (1) Handshaking (HS) and (2) Certificate request/reply (CRR) procedures. In HS, a node acquires the public key of the approaching node via a secure side channel. In CRR, a node requests certificates of a remote node via a radio channel to the nodes that it has HSed. If the number of received valid certificates that contain the same public key exceeds a given threshold, the node accepts the remote nodes public key as valid. Security is rigorously analyzed against various known attacks and network costs are intensively analyzed mathematically. Using this analysis, we provide parameter selection guideline to optimize performance and to maintain security for diverse cases. Simulation results show that every node acquires the public keys of all other nodes at least 5 times faster than in a previous scheme.

Weakness of the Synchro-Difference LKH Scheme for Secure Multicast

Zhu proposed a synchro-difference LKH scheme for secure multicast that appeared in IEEE Communications Letters, vol. 9, no. 5, pp. 477-479, May 2005, which is an enhancement of the well-known LKH scheme. In this letter, we show that Zhus scheme is insecure against collusion of two or more malicious adversaries by presenting two kinds of attack scenarios.

Efficient dos resistant multicast authentication schemes

To enable widespread commercial stream services, authentication is an important and challenging problem. As for multicast authentication, recently proposed schemes well-operate in adversarial network environment where an enemy can inject a large amount of invalid packets to choke the decoding process in the receivers, at the expense of a large communication overhead. In this paper, we present two efficient DoS resistant multicast authentication algorithms. To detect DoS attack, they require loose time-syncronization or delay of sending the packets, respectively. Compared with the previous schemes, they have much lower communication overhead and smaller computation cost on the receivers.