Outsourcing decryption algorithm of Verifiable transformed ciphertext for data sharing

Guangwei Xu,Chen Wang,Shan Li,Xiujin Shi,Xin Luo,Yanglan Gan 한국인터넷정보학회 2024 KSII Transactions on Internet and Information Syst Vol.18 No.4

Mobile cloud computing is a very attractive service paradigm that outsources users' data computing and storage from mobile devices to cloud data centers. To protect data privacy, users often encrypt their data to ensure data sharing securely before data outsourcing. However, the bilinear and power operations involved in the encryption and decryption computation make it impossible for mobile devices with weak computational power and network transmission capability to correctly obtain decryption results. To this end, this paper proposes an outsourcing decryption algorithm of verifiable transformed ciphertext. First, the algorithm uses the key blinding technique to divide the user's private key into two parts, i.e., the authorization key and the decryption secret key. Then, the cloud data center performs the outsourcing decryption operation of the encrypted data to achieve partial decryption of the encrypted data after obtaining the authorization key and the user's outsourced decryption request. The verifiable random function is used to prevent the semi-trusted cloud data center from not performing the outsourcing decryption operation as required so that the verifiability of the outsourcing decryption is satisfied. Finally, the algorithm uses the authorization period to control the final decryption of the authorized user. Theoretical and experimental analyses show that the proposed algorithm reduces the computational overhead of ciphertext decryption while ensuring the verifiability of outsourcing decryption.

High-speed Encryption & Decryption System Based on SM4 Algorithm

Lv Qian,Li Li,Cao Yan-yan 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.9

Nowadays, the network transmission and video encryption areas have urgently needed high-speed encryption systems for SM4 algorithm. To speed up the SM4 system in small area, three aspects in existing system is analyzed and optimized. Firstly, aiming at the prior encryption must wait long until completing all 32 rounds key expansion, a method is proposed for outputting round key in each key expansion to accelerate encryption response. Secondly, considering most user passwords are unchanged, we adopt additional memory for comparing old and new keys, so that key expansion can be cancelled sometimes. Thirdly, the paper analyses the relationship between key expansion and encryption/decryption algorithm in SM4. Using module reused technology, the designed key expansion module can also encrypt and decrypt, and the designed another two modules can both encrypt and decrypt. Therefore, the system can achieve three tasks’ synchronous encryption/decryption, which greatly improves the system's processing speed. This paper presents a hardware design scheme for the high-speed system. At last, the optimized design is realized in FPGA. The experimental results show that the design is feasible, and the SM4 encryption speed can increase fourfold.

Legal Issues in the Introduction of Compelled Decryption According to Device Unlock Limits

배초희,Sojung Oh,Sohyun Joo,Jiyeon Joo,KyungLyul Lee 한국인터넷정보학회 2023 KSII Transactions on Internet and Information Syst Vol.17 No.2

With the emergence of advanced encryption technologies such as Quantum Cryptography and Full Disk Encryption, an era of strengthening information security has begun. Users respond positively to the advancement of privacy-enhancing technology, on the other hand, investigative agencies have difficulty unveiling the actual truth as they fail to decrypt devices. In particular, unlike past ciphers, encryption methods using biometric information such as fingerprints, iris, and faces have become common and have faced technical limitations in collecting digital evidence. Accordingly, normative solutions have emerged as a major issue. The United States enacted the CLOUD Act with the legal mechanism of ‘Contempt of court’ and in 2016, the United Kingdom substantiated the Compelled Decryption through the Investigatory Powers Act (IPA). However, it is difficult to enforce Compelled Decryption on individuals in Korea because Korean is highly sensitive to personal information. Therefore, in this paper, we sought a method of introducing a Compelled Decryption that does not contradict the people's legal sentiment through a perception survey of 95 people on the Compelled Decryption. We tried to compare and review the Budapest Convention with major overseas laws such as the United States and the United Kingdom, and to suggest a direction of legislation acceptable to the people in ways to minimize infringement of privacy. We hope that this study will be an effective legal response plan for law enforcement agencies that can normatively overcome the technical limitations of decoding.

Traceable Ciphertet-Policy Attribute-Based Encryption with Constant Decryption

( Guangbo Wang ),( Feng Li ),( Pengcheng Wang ),( Yixiao Hu ) 한국인터넷정보학회 2021 KSII Transactions on Internet and Information Syst Vol.15 No.9

We provide a traceable ciphertext-policy attribute based encryption (CP-ABE) construction for monotone access structures (MAS) based on composite order bilinear groups, which is secure adaptively under the standard model. We construct this scheme by making use of an "encoding technique" which represents the MAS by their minimal sets to encrypt the messages. To date, for all traceable CP-ABE schemes, their encryption costs grow linearly with the MAS size, the decryption costs grow linearly with the qualified rows in the span programs. However, in our traceable CP-ABE, the ciphertext is linear with the minimal sets, and decryption needs merely three bilinear pairing computations and two exponent computations, which improves the efficiency extremely and has constant decryption. At last, the detailed security and traceability proof is given.

2019년 랜섬웨어 암호화 프로세스 분석 및 복호화 방안 연구

이세훈,윤병철,김소람,김기윤,이영주,김대운,박해룡,김종성 한국정보보호학회 2019 정보보호학회논문지 Vol.29 No.6

Ransomware is a malicious software which requires money to decrypt files that were encrypted. As the number ofransomware grows, the encryption process in ransomware has been more sophisticated and the strength of security has beenmore stronger. As a result, analysis of ransomware becomes more difficult and the number of decryptable ransomware isgetting smaller. So, research on encryption process and decryption method of ransomware is necessary. In this paper, weshow encryption processes of 5 ransomwares which were revealed in 2019, and analyze whether or not those ransomwaresare decryptable. 랜섬웨어는 사용자의 파일을 암호화하고, 이를 복구하는 대가로 금전을 요구하는 악성 소프트웨어다. 랜섬웨어의수가 늘어남과 동시에 사용되는 암호화 프로세스 또한 정교해지며 보안 강도도 높아지고 있다. 이에 따라 랜섬웨어의분석은 점점 어려워지고 복구 가능한 랜섬웨어의 수도 줄어들고 있다. 그러므로 지능화된 랜섬웨어의 암호화 프로세스 및 복호화 방안에 관한 연구는 필수적이다. 본 논문은 2019년 주요 신규 랜섬웨어 5종에 대해 역공학하여 암호화프로세스를 밝히고 이를 기반으로 복구 가능성에 대한 연구를 진행하였다.

암호와 복호가 동일한 변형 AES

조경연(Gyeong-Yeon Cho),송홍복(Hong-Bok Song) 한국산업정보학회 2010 한국산업정보학회논문지 Vol.15 No.2

블록 암호는 Feistel 구조와 SPN 구조로 나눌 수 있다. Feistel 구조는 암호 및 복호알고리즘이 같은 구조이고, SPN 구조는 암호 및 복호 알고리즘이 다르다. 본 논문에서는 암호와 복호 과정이 동일한 SPN 구조 블록 암호 알고리즘을 제안한다. 즉 SPN 구조 전체를 짝수인 N 라운드로 구성하고 1 라운드부터 N/2 라운드까지는 정함수를 적용하고, (N/2)+1 라운드부터 N 라운드까지는 역함수를 적용한다. 또한 정함수단과 역함수단 사이에 대칭 블록을 구성하는 대칭단을 삽입한다. 본 논문에서 정함수로는 AES의 암호 알고리즘을, 역함수로는 AES의 복호 알고리즘을 사용하고, 대칭단은 간단한 행렬식과 라운드 키 합산으로 구성한다. 본 논문에서 제안한 암호와 복호가 동일한 변형 AES는 하드웨어 구성이 간단한 장점을 가지므로 제한적 하드웨어 및 소프트웨어 환경인 스마트카드와 전자 칩이 내장된 태그와 같은 RFID 환경에서 안전하고 효율적인 암호 시스템을 구성할 수 있다. Feistel and SPN are the two main structures in a block cipher. Feistel is a symmetric structure which has the same structure in encryption and decryption, but SPN is not a symmetric structure. In this paper, we propose a SPN which has a symmetric structure in encryption and decryption. The whole operations of proposed algorithm are composed of the even numbers of N rounds where the first half of them, 1 to N/2 round, applies a right function and the last half of them, (N+1)/2 to N round, employs an inverse function. And a symmetry layer is located in between the right function layer and the inverse function layer. In this paper, AES encryption and decryption function are selected for the right function and the inverse function, respectively. The symmetric layer is composed with simple matrix and round key addition. Due to the simplicity of the symmetric SPN structure in hardware implementation, the proposed modified AES is believed to construct a safe and efficient cipher in Smart Card and RFID environments where electronic chips are built in.

Fixed-time Synchronization of Complex-valued Memristive BAM Neural Network and Applications in Image Encryption and Decryption

Yongzhen Guo,Yang Luo,Weiping Wang,Xiong Luo,Chao Ge,Jürgen Kurths,Manman Yuan,Yang Gao 제어·로봇·시스템학회 2020 International Journal of Control, Automation, and Vol.18 No.2

This paper focuses on the dynamical characteristics of complex-valued memristor-based BAM neural network (CVMBAMNN) with leakage time-varying delay. With two different controllers, we have obtained fixedtime and finite-time synchronization criteria respectively in complex domain for our special model, which few work has studied before. Since fixed-time synchronous system can improve communication security, we designed a scheme for RGB image encryption and decryption. In order to satisfy the requirement of much lower error in image secure communication, our approach can get the error of fixed-time synchronization to about 1×10−13. Due to our highly consistent system, we do get good encryption and decryption effect with encryption and decryption scheme. Finally, numerical simulations are included to demonstrate the correctness of our theoretical results.

고정 크기 암호 정책 속성 기반의 데이터 접근과 복호 연산 아웃소싱 기법

한창희(Changhee Hahn),허준범(Junbeom Hur) Korean Institute of Information Scientists and Eng 2016 정보과학회논문지 Vol.43 No.8

Sharing data by multiple users on the public storage, e.g., the cloud, is considered to be efficient because the cloud provides on-demand computing service at anytime and anywhere. Secure data sharing is achieved by fine-grained access control. Existing symmetric and public key encryption schemes are not suitable for secure data sharing because they support 1-to-1 relationship between a ciphertext and a secret key. Attribute based encryption supports fine-grained access control, however it incurs linearly increasing ciphertexts as the number of attributes increases. Additionally, the decryption process has high computational cost so that it is not applicable in case of resource-constrained environments. In this study, we propose an efficient attribute-based secure data sharing scheme with outsourceable decryption. The proposed scheme guarantees constant-size ciphertexts irrespective of the number of attributes. In case of static attributes, the computation cost to the user is reduced by delegating approximately 95.3% of decryption operations to the more powerful storage systems, whereas 72.3% of decryption operations are outsourced in terms of dynamic attributes.

SMTP와 POP3를 활용한 암호화 메일 프로그램 구현

공건웅,원용관 한국디지털콘텐츠학회 2017 한국디지털콘텐츠학회논문지 Vol.18 No.7

As the Internet evolves, security becomes more important. Especially, e-mail has become one of the most important services that companies and ordinary users use on the Internet. However, security vulnerabilities such as sniffing attacks, IDs, and password spoofs are causing many problems. This paper introduces an example of implementation of encrypted mailing program with which the secured mail is encrypted by symmetric key methode and the encrypted message can not be read without proper decryption. In order to use the current mailing systems, we keep the rules related to SMTP and POP3, and only the encrypted message is stored in the mail server system and the message can be decrypted only at the terminals of the senders and the receivers with the key which is shared in advanced by independent route between them. This implementation scheme can provide an efficiency that it does not request any change of current mailing system, which can be an additional security protection. 인터넷이 발달함에 따라 보안의 중요성이 커지고 있다. 그중 전자메일은 이제는 기업과 일반 사용자들이 인터넷에서 사용하는 중요한 서비스 중 하나가 되었다. 그러나 스니핑 공격, 아이디, 패스워드 유출 등 보안 취약점이 생기면서 많은 문제가 되고 있다. 본 논문은 비밀을 요하는 메일 내용을 대칭키 방식으로 암호화하여 별도의 복호화 과정을 수행하지 않는 경우 메일 내용을 읽을 수 없는 암호화 메일 프로그램의 구현 방법을 소개한다. 기존의 메일 서버를 사용하기 위해 SMTP 및 POP3 규약을 준수하고 서버에는 암호화된 메일이 저장되며 복화화는 송신자와 수신자 사이에 미리 공유한 키를 이용하여 수신자 및 송신자의 단말에서만 복화화가 이루어진다. 이러한 방식의 암호화 메일링 방법은 기존의 보안 시스템의 변경 없이 추가적인 보안 장치로 적용이 가능한 효율성이 있다.

A Selective Encryption Algorithm Based on AES for Medical Information

오주영,양동일,전기환 대한의료정보학회 2010 Healthcare Informatics Research Vol.16 No.1

Objectives: The transmission of medical information is currently a daily routine. Medical information needs efficient, robust and secure encryption modes, but cryptography is primarily a computationally intensive process. Towards this direction, we design a selective encryption scheme for critical data transmission. Methods: We expand the advandced encrytion stanard (AES)-Rijndael with five criteria: the first is the compression of plain data, the second is the variable size of the block, the third is the selectable round, the fourth is the optimization of software implementation and the fifth is the selective function of the whole routine. We have tested our selective encryption scheme by C++ and it was compiled with Code::Blocks using a MinGW GCC compiler. Results: The experimental results showed that our selective encryption scheme achieves a faster execution speed of encryption/decryption. In future work, we intend to use resource optimization to enhance the round operations, such as SubByte/InvSubByte, by exploiting similarities between encryption and decryption. Conclusions: As encryption schemes become more widely used, the concept of hardware and software co-design is also a growing new area of interest.