• Journal of Digital Convergence
• /
• v.16 no.1
• /
• pp.159-164
• /
• 2018

Biometric information does not need to be stored separately, and there is no risk of loss and no theft. For this reason, it has been attracting attention as an alternative authentication means for existing authentication means such as passwords and authorized certificates. However, there may be a privacy problem due to leakage of personal information stored in the server. To overcome these weaknesses, FIDO solved the problem of leakage of personal information on the server by using biometric information stored on the user device and authenticating. In this paper, we propose a multiple biometric authentication method that can be used in FIDO environment. In order to utilize multiple biometric information, fingerprints and EEG signals can be generated and used in FIDO system. The proposed method can solve the problem due to limitations of existing 2-factor authentication system by authentication using multiple biometric information.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.659-662
• /
• 2021

국내에서는 매년 많은 수의 자격시험이 치러지고 있다. 현재 대부분의 시험장에서 응시자 본인 확인 절차는 감독관이 응시자의 얼굴과 신분증 사진을 비교하는 방식으로 이루어진다. 하지만 이 방식은 사람에 따라 오차가 클 수 있으며, 사진과 눈에 띄는 차이가 없으면 동일인물로 판단하기 쉽다. 최근까지도 대리응시 이슈가 발생하고 있어 근절을 위한 보다 강력한 조치가 필요하다. 본 논문에서는 지문과 오토인코더, SGAN을 이용하여 대리응시방지를 강화할 수 있는 본인 확인 시스템을 제안한다. 이때 응시자의 지문정보가 그대로 인증 서버에 저장되면 응시자의 생체정보가 노출될 수 있다는 문제점이 존재한다. 따라서 오토인코더를 통해 지문의 특징점만 추출하여 인증용 이미지를 생성하고 이 이미지를 서버에 저장하여 학습시키도록 한다. 적은 학습데이터 환경에서 분류기로써 좋은 성능을 갖는 SGAN을 통해 인증 이미지와 응시자가 동일인물인지 확인할 수 있다. 서버가 공격을 받더라도 응시자의 지문데이터가 그대로 노출되지 않게 되어 보안 취약점을 극복할 수 있다.

• Journal of Korean Society for Geospatial Information Science
• /
• v.22 no.4
• /
• pp.135-142
• /
• 2014

As interest in social safety has recently increased at the national level, the various activities which can effectively prevent crimes are being carried out. Because the existing maps related to crimes provide the information about the present condition of crimes by administrative district for users, women and pedestrians who go by night could not actually grasp safe roads in advance. Therefore, this study developed the methodology that can easily extract dangerous areas due to crimes by the digital map 2.0. In the digital map 2.0, location and attribute information of center-lines of roads and building layers were used to find dangerous areas of crimes in these layers. Pavement materials and road width which are already built by the attribute information were used in the center-lines of roads. Crossing angles that roads and roads cross each other were additionally extracted and utilized. The attribute information about building types were input in the building layers of the digital map 2.0. The areas that are more the threshold values set by totaling up all the risk scores when considering pavement materials, road width, crossing angles of road, and building types in the center-lines of roads and road crossings were extracted as the dangerous areas that crimes can occur. Verification of the developed methodology was done by experiment. In the spatial apsect, the dangerous areas of crimes could be found by using the digital 2.0, roads, and building layers only through the experiment. In the administrative aspect to prevent crimes, additional installation of safety facilities such as street lights and security lights in the identified areas which are vulnerable for crimes is thought to be increasing safety of dangerous areas.

• Journal of Software Assessment and Valuation
• /
• v.16 no.1
• /
• pp.65-79
• /
• 2020

As Programmable Logic Controllers (PLCs), popular components in industrial control systems (ICS), are incorporated with the technologies such as micro-controllers, real-time operating systems, and communication capabilities. As the latest PLCs have been connected to the Internet, they are becoming a main target of cyber threats. This paper proposes two sanitizers that improve the security of uC/OS-II based firmware for a PLC. That is, we devise BU sanitizer for detecting out-of-bounds accesses to buffers and UaF sanitizer for fixing use-after-free bugs in the firmware. They can sanitize the binary firmware image generated in a desktop PC before downloading it to the PLC. The BU sanitizer can also detect the violation of control flow integrity using both call graph and symbols of functions in the firmware image. We have implemented the proposed two sanitizers as a prototype system on a PLC running uC/OS-II and demonstrated the effectiveness of them by performing experiments as well as comparing them with the existing sanitizers. These findings can be used to detect and mitigate unintended vulnerabilities during the firmware development phase.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.48 no.2
• /
• pp.105-115
• /
• 2011

User authentication service is an absolutely necessary condition while securely implementing an IT service system. It allows for valid users to securely log-in the system and even to access valid resources from database. For efficiently and securely authenticating users, smart-card has been used as a popular tool because of its convenience and popularity. Furthermore the smart-card can maintain its own power for computation and storage, which makes it easier to be used in all types of authenticating environment that usually needs temporary storage and additional computation for authenticating users and server. First, in 1981, Lamport has designed an authentication service protocol based on user's smart-card. However it has been criticized in aspects of efficiency and security because it uses hash chains and the revealment of server's secret values are not considered. Over the years, many smart-card based authentication service protocol have been designed. Very recently, Xu, Zhu, Feng have suggested a provable and secure smart-card based authentication protocol. In this paper, first, we define all types of attacks in the smart-card based authentication service. According to the defined attacks, however, the protocol by Xu, Zhu, Feng is weak against an attack that an attacker with secret values of server is able to impersonate a valid user without knowing password and secret values of user. An efficient and secure countermeasure is suggested, then the security is analyzed.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.11
• /
• pp.746-754
• /
• 2016

Smart healthcare systems, a convergent industry based on information and communications technologies (ICT), has emerged from personal health management to remote medical treatment as a distinguished industry. The smart healthcare environment provides technology to deliver vital information, such as pulse rate, body temperature, health status, and so on, from wearable devices to the hospital network where the physician is located. However, since it deals with the patient's personal medical information, there is a security issue for personal information management, and the system may be vulnerable to cyber-attacks in wireless networks. Therefore, this study focuses on a key-development and device-management system to generate keys in the smart environment to safely manage devices. The protocol is designed to provide safe communications with the generated key and to manage the devices, as well as the generated key. The security level is analyzed against attack methods that may occur in a healthcare environment, and it was compared with existing key methods and coding capabilities. In the performance evaluation, we analyze the security against attacks occurring in a smart healthcare environment, and the security and efficiency of the existing key encryption method, and we confirmed an improvement of about 15%, compared to the existing cipher systems.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.146-149
• /
• 2013

For in recently years, global cellular network service is changing rapidly to 4G. However, the fast introducing of 4G has been going with not enough research about security threat, it could be many kind of vulnerability. Therefore the research about security threat on 4G network is ongoing in external countries, but not sufficient in domestic. particularly in domestic situation of rapidly increased subscribers, The security threats which are hindering stability and usability could make a fatal effect on many users. 4G network should be considered about the feature of mobile network to protect 4G network stable. Mobile network has limited radio resources, it releases the radio resource which is not used in selected time and reallocate when detected the data transmission. Many signaling messages are transferred in the network entities to allocate or release the radio resource. In this paper, it will be introduced the technology to detect signaling DoS traffic hindering the stability and usability of network entities managing the radio resources by huge signaling message from the repetitive wireless connection/release message.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.5
• /
• pp.36-46
• /
• 2019

The number of hosts connected to the Internet has increased dramatically, introducing the Domain Name System(DNS) in 1984. DNS is now an important key point for all users of the Internet by allowing them to use a convenient character address without memorizing a series of numbers of complex IP address. However, relative to the importance of DNS, there still exist many problems such as the authorization allocation issue, the disputes over public registration, security vulnerability such as DNS cache poisoning, DNS spoofing, man-in-the-middle attack, DNS amplification attack, and the need for many domain names in the age of hyper-connected networks. In this paper, to effectively improve these problems of existing DNS, we proposed a method of implementing DNS using distributed ledger technology, blockchain, and implemented using a Ethereum-based platform. In addition, the qualitative analysis performance comparative evaluation of the existing domain name registration and domain name server was conducted, and conducted security assessments on the proposed system to improve security problem of existing DNS. In conclusion, it was shown that DNS services could be provided high security and high efficiently using blockchain.

• Proceedings of the Korea Institute of Convergence Signal Processing
• /
• 2005.11a
• /
• pp.286-289
• /
• 2005

기존의 물리적 인증도구를 이용한 방식이나 패스워드 인증 방식은 분실, 도난, 해킹 등에 취약점을 가지고 있다. 따라서 지문, 서명, 홍채, 음성, 얼굴 등을 이용한 생체 인식기술을 보안 기술로 적용하려는 연구가 진행중이며 일부는 실용화도 되고 있다. 본 논문에서는 최근 널리 보급되어 있는 임베디드 시스템중의 하나인 PDA에 음성 기술을 이용한 내장형 화자 인증기를 구현하였다. 화자 인증기는 음성기술에서 널리 사용되고 있는 벡터 양자화 기술과 은닉 마코프 모델 기술을 사용하였으며, PDA의 하드웨어적인 제약 사항을 고려하여 사용되는 벡터 코드북을 두 가지로 다르게 하여 각각 구현하였다. 처음은 코드북을 화자 등록시에 발성음만을 이용하여 생성하고 화자인증 시에 이용하는 방법이며, 다른 하나는 대용량의 음성 데이터베이스를 이용하여 코드북을 사전에 생성하여 이를 화자 인증시에 이용하는 방법이다. 화자인증기의 성능평가는 5명의 화자가 10번씩 5개의 단어에 대하여 실험하여, 각각 화자종속 코득북을 이용한 인증기는 88.8%, 99.5%, 화자독립 코드북을 이용한 인증기는 85.6%, 95.5%의 인증율과 거절율을 보였으며, 93.5%와 90.0%의 평균 확률을 보였다.. 실험을 통하여 화자독립 인증기의 경우가 화자종속 인증기의 경우보다 낮은 인식율을 보였지만, 화자종속 인증기에서 나타나는 코드북 훈련시에 발생하는 메모리 문제를 해결 할 수 있었다.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.107-123
• /
• 2013

In a wireless sensor network environment, it is required to ensure anonymity by keeping sensor nodes' identifiers not being revealed and to support real-time authentication, lightweight authentication and synchronization. In particular, there exist possibilities of location information leakage by others, privacy interference and security vulnerability when it comes to wireless telecommunications. Anonymity has been an importance issue in wired and wireless network environment, so that it has been studied in wide range. The sensor nodes are interconnected among them based on wireless network. In terms of the sensor node, the researchers have been emphasizing on its calculating performance limit, storage device limit, and smaller power source. To improve of biometric-based D. He scheme, this study proposes a real-time authentication protocol using Unique Random Sequence Code(URSC) and variable identifier for enhancing network performance and retaining anonymity provision.