• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.103-109
• /
• 2008

Many Internet application provide the PKI(public key infrastructure)-based service to provide authentication and message integrity. Several researchers proposed PKI-based p2p network framework. However, in the real world, the use of PKI is not suitable for peer to peer network, because the peer-to-peer network is an open and dynamic network. Moreover, currently there is no nation-to-nation interoperable certificate. In this paper, we designed reliable p2p file sharing application without public key infrastructure. To do this we propose reliable public key distribution mechanism to distribute public key safely without PKI infrastructure for two-tier super-peer architecture. In our system, each peer generates and distributes its public/private key pairs, and the public key is securely distributed without PKI. The proposed mechanism is safe against MITM attack. This mechanism can be applied various P2P applications such as file sharing, IPTV, distributed resource sharing and so on

• The KIPS Transactions:PartC
• /
• v.12C no.5 s.101
• /
• pp.623-632
• /
• 2005

In ad-hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. The security of ad-hoc network is more vulnerable than traditional networks because of the basic characteristics of ad-hoc network, and current muting protocols for ad-hoc networks allow many different types of attacks by malicious nodes. Malicious nodes can disrupt the correct functioning of a routing protocol by modifying routing information, by fabricating false routing information and by impersonating other nodes. We propose a routing suity mechanism based on one-time digital signature. In our proposal, we use one-time digital signatures based on one-way hash functions in order to limit or prevent attacks of malicious nodes. For the purpose of generating and keeping a large number of public key sets, we derive multiple sets of the keys from hash chains by repeated hashing of the public key elements in the first set. After that, each node publishes its own public keys, broadcasts routing message including one-time digital signature during route discovery and route setup. This mechanism provides authentication and message integrity and prevents attacks from malicious nodes. Simulation results indicate that our mechanism increases the routing overhead in a highly mobile environment, but provides great security in the route discovery process and increases the network efficiency.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.11C
• /
• pp.1090-1096
• /
• 2002

The HTTP does not support continuity for browser-server interaction between successive visits or a user due to a stateless feature. Cookies were invented to maintain continuity and state on the Web. Because cookies are transmitted in plain and contain text-character strings encoding relevant information about the user, the attacker can easily copy and modify them for his undue profit. In this paper, we design a secure cookies scheme based on X.509 public key certificate for solving these security weakness of typical web cookies. Our secure cookies scheme provides not only mutual authentication between client and server but also confidentiality and integrity of user information. Additionally, we implement our secure cookies scheme and compare it to the performance with SSL(Secure Socket Layer) protocol that is widely used for security of HTTP environment.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.6C
• /
• pp.651-657
• /
• 2006

This paper propose the technique for the execution authentication of digital signature with TTS(traceable trust server) to guarantee the safe execution of mobile agents. That is to say, it is focused on improving the processing speed of systems and the traffic of network which are problems in the existing studies. The digital signature is used to guarantee the efficient and safe execution and the integrity of mobile agents. The certificate of it is chained with synthesis function, cryptographic algorithm based on public key, and hash function. And white hosts can be protected against the threat of being used maliciously. Then, we prove the efficiency of system overhead and the traffic of network by the analysis. In case the certificate chain of a digital signature is used, the safe execution of mobile agents can be protected against attackers that wish to insert a newly created certificate after cutting off the chain after striking space key 2 times.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.1065-1068
• /
• 2006

u-Healthcare는 의료 장비 및 센서 등을 이용하여 획득된 생체 신호 및 의료정보를 유 무선의 통신수단을 통해 지식 기반의 의료정보로 구축하고 이를 언제, 어디서, 누구든지 이용 가능한 실시간 u-Healthcare 지원 환경을 구축하여 지능형 의료정보 웹 포털 서비스를 제공하는데 목적을 두고 있는 서비스이다. 하지만 현시점에서의 시스템은 생체 신호 및 의료 정보 제공시에 보안에 대한 고려가 이루어지고 있지 않다. 이러한 자원들은 개인 프라이버시에 직결되는 것으로 보안의 필요성이 대두된다. 따라서 본 논문에서는 IP망에서 생체신호 전송을 위한 전송시스템을 설계하고 전송시 생체신호정보에 대해 사용자 인증과 암호화를 적용하여 u-Healthcare 전송시스템을 설계하고 구현하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.347-355
• /
• 2012

A biometric hardware security module is a physical device that comes in the form of smartcard or some other USB type security token is composed with biometric sensor and microcontroller unit (MCU). These modules are designed to process key generation and electronic signature generation inside of the device (so that the security token can safely save and store confidential information, like the electronic signature generation key and the biometric sensing information). However, the existing model is not consistent that can be caused by the disclosure of an ID and password, which is used by the existing personal authentication technique based on the security token, and provide a high level of security and personal authentication techniques that can prevent any intentional misuse of a digital certificate. So, this paper presents a model that can provide high level of security by utilizing the biometric security token and Public Key Infrastructure efficiently, presenting a model for privacy preserving personal authentication that links the biometric security token and the digital certificate.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.85-96
• /
• 2008

Neighbor Discovery(ND) protocol is used to exchange an information of the neighboring nodes on the same link in the IPv6 protocol environment. For protecting the ND protocol, firstly utilizing Authentication Header(AH) of the IPsec protocol was proposed. But the method has some problems-uses of key exchange protocol is not available and it is hard to distribute manual keys. And then secondly the SEcure Neighbor Discovery(SEND) protocol which protects all of the ND message with digital signature was proposed. However, the digital signature technology on the basis of public key cryptography system is commonly known as requiring high cost, therefore it is expected that there is performance degradation in terms of the availability. In the paper, to improve performance of the SEND protocol, we proposed a modified CGA(Cryptographically Generated Address) which is made by additionally adding MAC(Media Access Control) address to the input of the hash function. Also, we proposed cache mechanism. We compared performance of the methods by experimentation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.15-26
• /
• 2011

The development of IT technology and information communication networks activated to online financial transactions; the users were able to get a variety of financial services. However, unlike the positive effect that occurred on 7 July 2009 DDoS(Distribute Denial of Service) attacks, such as damaging to the user, which was caused negative effects. Authentication technology(OTP) is used to online financial transaction, which should be reviewed to safety with various points because the unpredictable attacks can bypass the authentication procedure such as phishing sites, which is occurred. Thus, this paper proposes mobile OTP(One Time Password) Mechanism, which is based on PKI to improve the safety of OTP authentication. The proposed Mechanism is operated based on PKI; the secret is transmitted safely through signatures and public key encryption of the user and the authentication server. The users do not input in the web site, but the generated OTP is directly transmitted to the authentication server. Therefore, it is improvement of the availability of the user and the resolved problem is exposed from the citibank phishing site(USA) in 2006.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.9
• /
• pp.2903-2912
• /
• 2000

The paper is a design and implementation of the Hybrid Messaging System as integrating electronic mail system and common mail system based on PKI(Public Key Infrastructure), A user writes mail through Web Browser and sends the mail to Web Server. CGHCommon Gateway Interface) program sends the mail that was received through the Web Sever to Post Office Electronic Mail Server using SMTP(SimpleMail Transfer Protocol), The End Process program of the Hybrid Messaging System in a Post Office fetches the mail from the Post Office Electronic Mail Server using POP3 (Post Office Protocol 3), prints it and deliver it to recipients, Also, the Hybrid Messaging System is able to sign the mail with a sign private key that the Certificate Authority publics for users and encrypts the mail with a public key of the Post Office Web Server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.1
• /
• pp.11-18
• /
• 2003

As the Internet moves to mobile environment, one of the most serious problems for the security is to required a new security Protocol with safety and efficiency. To solve the problem. we Propose a new Protocol that reduces the communication franc and solves the problem associated with the private security keys supplied by the trusted third party. The protocol is a non-Interactive oblivious transfer protocol, based on the EIGamal public-key algorithm. Due to its Non-Interactive oblivious transfer protocol, it can effectively reduce communication traffic in server-client environment. And it is also possible to increase the efficiency of protocol through the mechanism that authentication probability becomes lower utilizing a challenge selection bit. The protocol complexity becomes higher because it utilizes double exponentiation. This means that the protocol is difficult rather than the existing discrete logarithm or factorization in prime factors. Therefore this can raise the stability of protocol.