• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.4
• /
• pp.103-113
• /
• 2007

In this paper, we present a security analysis of Lightweight RFID Mutual Authentication Protocols-LMAP[10], $M^2AP$[11], EMAP[12]. Based on simple logic operations, the protocols were designed to be suitable for lightweight environments such as RFID systems. In [8,9], it is shown that these protocols are vulnerable to do-synchronization attacks with a high probability. The authors also presented an active attack that partially reveals a tag's secret values including its ID. In this paper, we point out an error from [9] and show that their do-synchronization attack would always succeed. We also improve the active attack in [9] to show an adversary can compute a tag's ID as well as certain secret keys in a deterministic way. As for $M^2AP$ and EMAP, we show that eavesdropping $2{\sim}3$ consecutive sessions is sufficient to reveal a tag's essential secret values including its ID that allows for tracing, do-synchronization and/or subsequent impersonations.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.107-123
• /
• 2013

In a wireless sensor network environment, it is required to ensure anonymity by keeping sensor nodes' identifiers not being revealed and to support real-time authentication, lightweight authentication and synchronization. In particular, there exist possibilities of location information leakage by others, privacy interference and security vulnerability when it comes to wireless telecommunications. Anonymity has been an importance issue in wired and wireless network environment, so that it has been studied in wide range. The sensor nodes are interconnected among them based on wireless network. In terms of the sensor node, the researchers have been emphasizing on its calculating performance limit, storage device limit, and smaller power source. To improve of biometric-based D. He scheme, this study proposes a real-time authentication protocol using Unique Random Sequence Code(URSC) and variable identifier for enhancing network performance and retaining anonymity provision.

• Proceedings of the KAIS Fall Conference
• /
• 2006.05a
• /
• pp.373-376
• /
• 2006

유비쿼터스 사회를 만들기 위한 핵심 기술인 RFID는 시간과 공간을 초월하여 우리에게 정보를 제공해 줄 것으로 기대되고 있지만, RFID 시스템이 가지고 있는 특성으로 인하여 프라이버시를 침해할 수 있다는 심각한 문제를 안고 있다. 이를 해결하기 위한 방법으로 다양한 연구가 진행되어 왔지만 기존의 연구들은 보안상 문제점과 태그 및 백 엔드 데이터베이스의 과도한 처리능력을 요구하고 있다. 그러나 본 논문에서 제안하는 프로토콜은 해쉬함수와 XOR연산, 키 교환을 이용하여 스푸핑이나, 재전송 공격으로부터 안전 하면서도, 백 엔드 데이터베이스 안에서의 비교연산 횟수를 줄일 수 있는 경량화된 프로토콜을 제안한다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.2
• /
• pp.842-848
• /
• 2012

In this paper, as a proper authentication method, we made it authenticate a user who has unauthorized device with using authorized device received from telecommunication company using QR code. We designed a better performance protocol which can authenticate mutually using safer and uncomplicated operations than existing user authentication system. Proposed user authentication system authenticates previously authorized mobile device without any information of client who is requesting to get access from outside, so we can basically prevent attack from hackers. In the future, we can possibly use it as user authentication method in common internet environment or we could study on user unique information instead of mobile device information.

• KEPCO Journal on Electric Power and Energy
• /
• v.6 no.2
• /
• pp.129-135
• /
• 2020

The standardization of e-IoT (energy Internet of Things) communication and service, which is the energy field of energy, is to define the standard model and to demonstrate the practical model in order to take the lead and occupy the market where new market is created with the latest technology. In particular, detailed technical specifications are defined for developing a framework for IoT technology, the foundation technology of the 4th Industrial Revolution, securing interoperability through standardization, and operating a standard platform. In this paper, we propose a method for e-IoT standard protocol lightening and test certification procedure. The proposed method provides a product implementation method that can solve the problem of low power issue of e-IoT product in the future.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.9
• /
• pp.429-436
• /
• 2017

Unmanned Aerial Vehicles (UAV) that are piloted without human pilots can be commanded remotely via frequencies or perform pre-inputted missions. UAVs have been mainly used for military purposes, but due to the development of ICT technology, they are now widely used in the private sector. Teal Group's 2014 World UAV Forecast predicts that the UAV market will grow by 10% annually over the next decade, reaching $ 12.5 billion by 2023. However, because UAVs are primarily remotely controlled, if a malicious user accesses a remotely controlled UAV, it could seriously infringe privacy and cause financial loss or even loss of life. To solve this problem, a secure channel must be established through mutual authentication between the UAV and the control center. However, existing security techniques require a lot of computing resources and power, and because communication distances, infrastructure, and data flow are different from UAV networks, it is unsuitable for application in UAV environments. To resolve this problem, the study presents a lightweight UAV authentication method based on Physical Unclonable Functions (PUFs) that requires less computing resources in the ground Control and Non-Payload Communication (CNPC) environment, where recently, technology standardization is actively under progress.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.3
• /
• pp.560-566
• /
• 2009

A low-power Radio Frequency Identification (RFID) system is an auto-identification technology that reads and writes an information of things without physical contacts using radio frequency. It is unescapable against unlawful modification, eavesdropping, tracking, or privacy of individuals because RFID systems use the radio frequency and RFID tags. Therefore we create a key using hash chain between database and tag and this process can prevent above attacks. Also we support the efficiency of proposed protocol using hash function to abate computation.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.1493-1495
• /
• 2008

센서네트워크는 넓은 지역에 무선 네트워크로 설치된 센서들을 사용하여, 상황 인지로 감지된 데이터를 응용서비스 서버와 연동하는 기술이다. 이는 환경 감시, 대상 추적, 환자 모니터링, 군사적 목적 등 매우 다양한 분야에 사용될 수 있다. 센서네트워크 역시 기존 네트워크에서 필요로 하는 보안 기능을 요구한다. 그러나 센서네트워크에 사용되는 노드들이 사용할 수 있는 자원에 제약이 있어, 기존의 공개키 암호기술을 적용하는데 어려움이 있다. 그런데 최근의 연구결과들은 경량화 구현 기술을 적용하여 공개키를 이용한 키 분배 기법을 센서네트워크에 적용하는 것이 실효성이 있다는 것을 보여준다. 본 논문에서는 TinyOS 환경에서 공개키를 이용하여 센서 노드 간 상호 인증 및 세션키를 생성하여 암호 데이터 통신을 수행하는 안전한 센서네트워크 플랫폼을 구현한 결과를 제시한다.

• Journal of Digital Contents Society
• /
• v.19 no.4
• /
• pp.837-844
• /
• 2018

Recently, the cloud technology has made dynamical network changes by enabling the construction of a logical network without building a physical network. Despite recent research on the cloud, it is necessary to study security functions for the identification of fake virtual network functions and the encryption of communication between entities. Because the VNFs are open to subscribers and able to implement service directly, which can make them an attack target. In this paper, we propose a virtual public key infrastructure mechanism that detects a fake VNFs and guarantees data security through mutual authentication between VNFs. To evaluate the virtual PKI, we built a management and orchestration environment to test the performance of authentication and key generation for data security. And we test the detection of a distributed denial of service by using several AI algorithms to enhance the security in NFV.

• The KIPS Transactions:PartC
• /
• v.14C no.5
• /
• pp.431-438
• /
• 2007

RFID system is core technology that construct ubiquitous environment for replacement of barcode technology. Use ratio of RFID system rapidly increase because the technology has many good points such as identification speed, storage space, convenience etc. But low-cost tag operates easily by query of reader, so the system happened user privacy violent problem by tag information exposure. The system studied many ways for security application, but operation capability of low-cost tag is about $5K{\sim}10K$ gates, but only $250{\sim}3K$ gates allocated security part. So it is difficult to apply security to the system. Therefore, this scheme uses dividing 64 bits and reduces arithmetic, so proposed scheme provide mutual authentication that can apply to low-cost RFID system. Existing methods divide by 4 and used 96 bits. However, that reduces 32 bits length for lightweight and reduced from communication number of times of 7 times to 5 times. Also, because offer security by random number than existing scheme that generate two random numbers, that is more efficient. However, uses hash function for integrity that was not offered by XOR arithmetic and added extension of proposed scheme. Extended scheme is not offered efficiency than methods that use XOR arithmetic, but identification distance is mode that is proposed secure so that can use in for RFID system.