• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.361-363
• /
• 2019

인터넷환경에서 금융회사는 홈페이지 사용자의 신원확인, 부인방지 등의 목적으로 공개키 기반구조(PKI: Public Key Infrastructure) 환경의 공인인증서를 홈페이지 로그인, 전자금융거래 등의 업무에 적용하고 있다. 사용자의 공인인증서를 이용하여 생성된 전자서명이 악성코드 감염 등으로 인하여 유출 시 사용자가 과거에 서명했던 전자서명이 재사용(로그인, 전자금융거래 등)될 수 있는 취약점이 존재하기에 인터넷 상에서의 전자서명 재사용에 대한 원인, 방지 절차 및 방법을 제안 하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.71-79
• /
• 2003

Existing web-based system management software solutions show some limitations in time and space. Moreover, hey possess such as shortcomings unreliable error message announcements and difficulties with real-time assistance supports and emergency measures. In order to solve these deficiencies, Wireless Remote Control System(W-RCS) was designed and implemented. W-RCS is able to manage and monitor remote systems by using mobile communication devices for instantaneous control. The implementation of W-RCS leads to these security problems as well as solutions to aforementioned issues with existing web-based system management software solutions. Therefore, this paper has focused on the security matters related to W-RCS. The security functions based on public key infrastructure include mobile device user authentication and target system access control. The W-RCS allows real-time user authentication, increases the flexibility of resource administrators and mobile device non, and provides not only uninterrupted services, but also safe mobile office environments.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1989-1992
• /
• 2003

공개키 기반의 인증서 상태 검증 시스템은 사용자 인증서에 대해 전자 서명을 수행함으로써 사용자 중요 정보의 대한 무결성, 인증, 부인방지, 기밀성 등을 보장해 준다. 이와 같은 인증서 상태 검증 서비스를 제공하기 위해 인증서 상태 검증 시스템은 하루에 한번씩 인증기관(CA)으로부터 디렉토리 서버에 개시된 인증서 폐지 목록을 다운 받아야한다. 하지만 현재 사용되고 있는 인증서 폐지 목록 배포 시스템은 특정시간에 다수의 인증서 상태 검증 서버가 디렉토리 서버에 접속해 인증서 폐지 목록을 다운 받아야 하기 때문에 네트워크에 대한 과부하로 인한 인증서 폐지 목록 다운로드 시간이 많이 소요된다는 단점과 디렉토리 서버의 처리량의 초과로 인한 서버가 다운될 수 있는 문제가 발생할 수 있다. 따라서 본 논문에서는 기존의 인증서 폐지 목록 배포 방식에 대한 분석과 더불어 위와 같은 문제를 해결하기 위한 Peer-to-Peer 서비스를 이용한 효율적인 인증서 폐지 목록 배포 시스템을 제안 하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.97-106
• /
• 2003

The important factor in Public-Key Infrastructure is the authentication to correspondent. We receive the digital certificate for authentication between each other, and then we check the existence of validity on the certificate by Certification Revocation List(CRL). But, To use CRL is the scheme used in offline status. So, it is impossible to refer to the latest information and the CRL scheme which is used after downloading is variously unsuitable to getting bigger of the CRL size as time goes on. Therefore, we prefer OCSP(Online Certificate Status Protocol) used in online to CRL used in offline. Consequently, we propose the scheme which provides the request of fast verification in case of requesting the verification on the certificate by owning the same update information to Certificate Registry and distributed OCSP.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.9
• /
• pp.91-101
• /
• 2012

Key exchange protocols are essential for building a secure communication channel over an insecure open network. In particular, password-based key exchange protocols are designed to work when user authentication is done via the use of passwords. But, passwords are easy for human beings to remember, but are low entropy and thus are subject to dictionary attacks. Recently, Zhao and Gu proposed a new server-aided protocol for password-based key exchange. Zhao and Gu's protocol was claimed to be provably secure in a formal adversarial model which captures the notion of leakage of ephemeral secret keys. In this paper, we mount a replay attack on Zhao and Gu's protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. Our result implies that Zhao and Gu's proof of security for the protocol is invalid.

• Journal of the Korea Society of Computer and Information
• /
• v.10 no.5 s.37
• /
• pp.161-170
• /
• 2005

The Certificate Revocation List(CRL) or the Online Certificate Status Protocol(OCSP)has been used to validate certificates. However, the CRL cannot validate certificates in realtime because of the Time-Gap problem and the OCSP server overloads in a large scale secure system. In addition, the client cannot access a wired LAN until the client has been authenticated by the authentication server on the IEEE 802. 1x framework. Therefore, the client cannot validate the authentication server's certificate using a certificate validation server. Thus, the client cannot authenticate the authentication server in realtime. To solve these problems this paper designed a secure system that can protect the content of communications and authenticate users in realtime on a wireless LAN The designed certificate validation protocol was proved that the stability and efficiency of the system was very high, the result of the validation had the presence, the speed of the validation was not affected by the system scale, the number of authorities user must trust was reduced to one, and the overload of the validation server was Protected. And the designed user authentication and key exchange protocols were Proved that the mutual authentication was possible in realtime and the fact of the authentication could be authorized by the CA because of using the authorized certificates.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.105-118
• /
• 2009

In modern society, as the rapid development of IT technology combined with the computer-based high-speed communication networks makes it possible to provide a wide spectrum of services and devices, we have been confronting a new cultural transformation era, referred to as the information society. However, the requirements to be considered in security aspect have became more complicated and diversified, and there remains the same security weaknesses as in the existing media or protocol. Particularly, the office network device with roaming is susceptible to the different kinds of attacks such as terminal hacking, virus attacks, and information leakage because the computing capacity is relatively low and the loading of already developed security functions is difficult. Although developed as one solution to this problems, PKI security authentication technology isn't suitable for multi-domain environments providing uonments proffice network service, and so the development of a novel authentication system is needed. Therefore, in this paper researched the roaming and device authentication/auth for multitechnology using an ID-based public key, authorization ticket, and Sub-device ticket with a purpose to contribute to the development of the secured and efficient technology.

• Journal of Digital Convergence
• /
• v.10 no.2
• /
• pp.217-223
• /
• 2012

By using the network, the robot can provide the anytime and anywhere various services. There is the advantage that it can provide the real time service by using the network description but the network robot has the network security vulnerability. Therefore, in the network robot environment, the authentication framework which can be satisfied the security function has to be established. In this paper, the security vulnerability which it can be generated in the network robot environment is analyze and the plan for reaction is prepared. And the authentication framework controlling the network robot safely was proposed.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.4 s.304
• /
• pp.25-32
• /
• 2005

The spread of mobile devices, PDAs and sensors has enabled the construction of ubiquitous computing environments, transforming regular physical spaces into 'Smart space' augmented with intelligence and enhanced with services. However, the deployment of this computing paradigm in real-life is disturbed by poor security, particularly, the lack of proper authentication and authorization techniques. Also, it is very important not only to find security measures but also to preserve user privacy in ubiquitous computing environments. In this Paper, we propose efficient user authentication and authorization model with anonymity for the privacy-preserving for ubiquitous computing environments. Our model is suitable for distributed environments with the computational constrained devices by using MAC-based anonymous certificate and security association token instead of using Public key encryption technique. And our Proposed Protocol is better than Kerberos system in sense of cryptographic computation processing.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.3
• /
• pp.920-925
• /
• 2010

A home network system is made up of home devices and wire and wireless network can not only be the subject of cyber attack from a variety factors of threatening, but also have security weakness in cases of hacking, vicious code, worm virus, DoS attack, tapping of communication network, and more. As a result, a variety of problems such as abuse of private life, and exposure and stealing of personal information arose. Therefore, the necessity for a security protocol to protect user asset and personal information within a home network is gradually increasing. Thus, this dissertation designs and suggests a home network security protocol using user authentication and approach-control technology to prevent the threat by unauthorized users towards personal information and user asset in advance by providing the gradual authority to corresponding devices based on authorized information, after authorizing the users with a Public Key Certificate.