• Journal of Platform Technology
• /
• v.10 no.4
• /
• pp.39-46
• /
• 2022

Recently, digital contents including video and sound are created in various fields, transmitted to the cloud through the Internet, and then stored and used. In order to utilize digital content, it is essential to verify data integrity, and it is necessary to ensure network bandwidth efficiency of verified data. This paper describes the design and implementation of a server that maintains, manages, and provides data for verifying the integrity of video data. The server receives and stores image data from Logger, a module that acquires image data, and performs a function of providing data necessary for verification to Verifier, a module that verifies image data. Then, a lightweight Merkle tree is constructed using the hash value. The light-weight Merkle tree can quickly detect integrity violations without comparing individual hash values of the corresponding video frame changes of the video frame indexes of the two versions. A lightweight Merkle tree is constructed by generating a hash value of digital content so as to have network bandwidth efficiency, and the result of performing proof of integrity verification is presented.

• Convergence Security Journal
• /
• v.17 no.1
• /
• pp.3-13
• /
• 2017

As security log plays important roles in various fields, the integrity of log data become more and more important. Especially, the stored log data is an immediate target of the intruder to erase his trace in the system penetrated. Several theoretical schemes to guarantee the forward secure integrity have been proposed, even though they cannot provide the integrity of the log data after the system is penetrated. Authentication tags of these methods are based on the linear-hash chain. In this case, it is difficult to run partial validation and to accelerate generating and validating authentication tags. In this paper, we propose a log authentication mechanism, based on Mekle Tree, which is easy to do partial validation and able to apply multi threading.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2429-2449
• /
• 2018

Dynamic data possession verification is a common requirement in cloud storage systems. After the client outsources its data to the cloud, it needs to not only check the integrity of its data but also verify whether the update is executed correctly. Previous researches have proposed various schemes based on Merkle Hash Tree (MHT) and implemented some initial improvements to prevent the tree imbalance. This paper tries to take one step further: Is there still any problems remained for optimization? In this paper, we study how to raise the efficiency of data dynamics by improving the parts of query and rebalancing, using a new data structure called Rank-Based Merkle AVL Tree (RB-MAT). Furthermore, we fill the gap of verifying multiple update operations at the same time, which is the novel batch updating scheme. The experimental results show that our efficient scheme has better efficiency than those of existing methods.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.892-905
• /
• 2018

In smart home environment, certificate based signature technology is being studied by communication with Internet of Things(IoT) device. However, block - chain technology has attracted much attention because of the problems such as single - point error and management overhead of the trust server. Among them, Keyless Signature Infrastructure(KSI) provides integrity by configuring user authentication and global timestamp of distributed server into block chain by using hash-based one-time key. In this paper, we provide confidentiality by applying group key and key management based on multi - solution chain. In addition, we propose a smart home environment that can reduce the storage space by using Extended Merkle Tree and secure and efficient KSI-based authentication and communication with enhanced security strength.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.07a
• /
• pp.383-384
• /
• 2019

본 논문에서는 이더리움 기반 블록체인 확장성 문제해결을 위해 데이터 저장방법인 Merkle patricia tree를 응용하여 데이터에 따라 트리 이원화 사용을 제안한다. 이 연구는 시스템 자원인 CPU와 메모리를 효율적으로 사용하여 트랜잭션 처리량을 최대화하고, 작업시간을 최소화하기 위함이다. 본 논문에서는 기존 이더리움 블록체인의 트랜잭션 처리속도와 확장성 향상을 목표로 하며. 기존의 방식과 비교하여 제안을 분석한다.

• International Journal of Advanced Culture Technology
• /
• v.11 no.1
• /
• pp.343-348
• /
• 2023

As the IoT market continues to grow, security threats to IoT devices with limited resources are also increasing. However, the application of security technology to the existing system to IoT devices with limited resources is impossible due to the inherent characteristics of IoT devices. Various methods for solving related problems have been studied in existing studies to solve this problem. Therefore, this study analyzes the characteristics of domestic IoT authentication standards and existing research to propose an algorithm that applies blockchain-based authentication and lightweight encryption algorithms to IoT equipment with limited resources. In this study, a key generation method was applied using a Lamport hash-chain and data integrity between IoT devices were provided using a Merkle Tree, and an LEA encryption algorithm was applied using confidentiality in data communication. In the experiment, it was verified that the efficiency is high when the LEA encryption algorithm, which is a lightweight encryption algorithm, is applied to IoT devices with limited resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1375-1386
• /
• 2016

This paper presents an efficient hash chain-based data authentication mechanism which can considerably reduce the overhead of processing and transmission for authenticating segments in CCN. The proposed method makes use of hash chain and MHT(Merkle Hash Tree). At first, it applies hash chain methods for data segments and encodes them to Data part. Then, it constitutes Meta part with the hash values generated at the previous step and properly applies both hash chain method and MHT-based signing for not only achieving efficiency, but also mitigating the drawback(data-loss, out-of-order transmission) of hash chain method. We have implemented our method in the CCNx library and measured the performance. When transmitting 100Mbyte of content, the proposed method generates only 2.596% of processing overhead and 1.803% of transmission overhead.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.6
• /
• pp.2922-2945
• /
• 2018

Achieving efficient authentication is a crucial issue for stream data commonly seen in content delivery, peer-to-peer, and multicast/broadcast networks. Stream authentication mechanisms need to be operated efficiently at both sender-side and receiver-side at the same time because of the properties of stream data such as real-time and delay-sensitivity. Until now, many stream authentication mechanisms have been proposed, but they are not efficient enough to be used in stream applications where the efficiency for sender and receiver sides are required simultaneously since most of them could achieve one of either sender-side and receiver-side efficiency. In this paper, we propose an efficient stream authentication mechanism, so called TIM, by integrating Trapdoor Hash Function and Merkle Hash Tree. Our construction can support efficient streaming data processing at both sender-side and receiver-side at the same time differently from previously proposed other schemes. Through theoretical and experimental analysis, we show that TIM can provide enhanced performance at both sender and receiver sides compared with existing mechanisms. Furthermore, TIM provides an important feature for streaming authentication, the resilience against transmission loss, since each data block can be verified with authentication information contained in itself.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.11 no.5
• /
• pp.58-70
• /
• 2008

Earlier researches on Sensor Networks preferred symmetric key-based authentication schemes in consideration of limitations in network resources. However, recent advancements in cryptographic algorithms and sensor-node manufacturing techniques have opened suggestion to public key-based solutions such as Merkle tree-based schemes. These previous schemes, however, must perform the authentication process one-by-one in hierarchical manner and thus are not fit to be used as primary authentication methods in sensor networks which require mass of multiple authentications at any given time. This paper proposes a new concept of public key-based authentication that can be effectively applied to sensor networks. This scheme is based on exponential distributed data concept, a derivative from Shamir's (t, n) threshold scheme, in which the authentication of neighbouring nodes are done simultaneously while minimising resources of sensor nodes and providing network scalability. The performance advantages of this scheme on memory usage, communication overload and scalability compared to Merkle tree-based authentication are clearly demonstrated using performance analysis.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.10c
• /
• pp.477-482
• /
• 2006

최근 Du 등은 공개키 암호 기반의 센서네트워크에서 주요 난제인 공개키 인증 문제를 해결하기 위해 해쉬 함수를 사용하여 계산비용을 줄일 수 있는 트리 기반의 인증기법[1]을 제안하였다. 그러나 이 기법은 공개키 인증을 위해 노드의 수 N에 대해 O(logN)의 수행시간이 필요하고 전송되는 메시지의 양도 O(logN)이 되어 네트워크의 크기에 따라 인증비용이 커지는 문제점이 있다. 이러한 문제를 해결하기 위하여 본 논문에서는 공개키 인증을 위한 안전하고 효율적인 경량의 인증 기법을 제안한다. 제안한 기법은 해쉬 연산과 XOR 연산을 이용하여 네트워크의 크기에 관계없이 상수복잡도의 수행시간과 전송되는 메시지의 양이 상수복잡도인 향상된 공개키 인증을 수행한다.