• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 한국정보보호학회 2001년도 종합학술발표회논문집
• /
• pp.289-292
• /
• 2001

무선인터넷 접속 프로토콜의 사실상 국제표준이라 할 수 있는 WAP 프로토콜의 규격을 제정하는 WAP 포럼에서는 인증서 및 비밀키의 저장, 그리고 암/복호화 및 전자서명/검증 등의 연산을 지원하기 위한 무선인증모듈 규격을 정의하고 있다. 스마트카드로 구현되는 무선인증모듈의 사용 형태를 고려할 때, 다양한 플랫폼에서의 사용과 사용자의 이동성 지원, 그리고 무선인증모듈을 이용한 정보보호 특성 보장은 필수적인 요구조건이다. 본 논문은 무선인증모듈을 스마트카드로 구현함에 있어 멀티 애플리케이션을 지원하고, 기능 확장성을 보장하기 위한 PKCS #15 기반의 무선인증모듈 설계와 구현 결과를 보인다. 본 논문에서는 접촉형 스마트카드에 대한 국제규격인 ISO/IEC 7816 시리즈 규격을 준수한 설계를 보이고, 지수승 모듈러 연산을 하드웨어적으로 지원받아 RSA 1024 비트 암/복호화 및 전자서명/검증을 처리하는 결과를 보인다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• 제17권8호
• /
• pp.1857-1864
• /
• 2013

In this paper, we improve the quantum cryptography system using a dual photon transmission plaintext user password algorithmwas designed to implementthe exchange. Existing quantum cryptographic key transport protocols, algorithms, mainly as a quantum cryptography system using the paper, but it improved the way the dual photon transmission through the quantum algorithm re not getting transmitted plaintext.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제18권5호
• /
• pp.195-199
• /
• 2008

We present an attack which forges a credential without the help of the credential issuer in the protocol designed by Nakazato, Wang and Yamamura at ASIAN 2007 The attack avoids using the credential issuer's private key by taking advantage of the property of bilinear pairing. Implication of this collusion attack by user and verifiers also discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제28권6호
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• The KIPS Transactions:PartC
• /
• 제10C권6호
• /
• pp.747-754
• /
• 2003

Thia paper suggests a milti user-authentication system comprises that DNA biometric informatiom, owner's RFID(Radio Frequency Identification) smartcard of hardware token, and PKI digital signqture of software. This system improved items proposed in [1] as follows : this mechanism provides one RFID smartcard instead of two user-authentication smartcard(the biometric registered seal card and the DNA personal ID card), and solbers user information exposure as RFID of low proce when the card is lost. In addition, this can be perfect multi user-autentication system to enable identification even in cases such as identical twins, the DNA collected from the blood of patient who has undergone a medical procedure involving blood replacement and the DNA of the blood donor, mutation in the DNA base of cancer cells and other cells. Therefore, the proposed system is applied to terminal log-on with RFID smart card that stores accurate digital DNA biometric information instead of present biometric user-authentication system with the card is lost, which doesn't expose any personal DNA information. The security of PKI digital signature private key can be improved because secure pseudo random number generator can generate infinite one-time pseudo randon number corresponding to a user ID to keep private key of PKI digital signature securely whenever authenticated users access a system. Un addition, this user-authentication system can be used in credit card, resident card, passport, etc. acceletating the use of biometric RFID smart' card. The security of proposed system is shown by statistical anaysis.

• KIISE Transactions on Computing Practices
• /
• 제22권8호
• /
• pp.345-350
• /
• 2016

Cloud computing services have different characteristics from the traditional computing environment such as resource sharing, virtualization, etc. These characteristics of cloud computing environment necessitate specific properties such as user identify, access control, security control property, etc. Recently, Yoo proposed an attribute-based authentication scheme for secure cloud computing. However, Yoo's authentication scheme is vulnerable to customer attack and an adversary can modify the authentication request message. In this paper, we propose a secure and efficient attribute-based authentication scheme for cloud computing based on Yoo's scheme.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 한국컴퓨터정보학회 2020년도 제62차 하계학술대회논문집 28권2호
• /
• pp.261-262
• /
• 2020

현대에 흔히 쓰이는 도어락은 안전과 보안등의 목적과 편리함을 목적에 두고 있다. 실제로 그전에 쓰던 열쇠보다 더 편리하고 분실염려도 없고 복제키 등으로 인한 사건, 사고로 인한 범죄율이 줄어들었다. 도어락은 사용자가 손으로 직접 비밀번호를 입력하여 잠금을 해제하는 방식이고 이 과정에서 도어락에 지문이나 표시가 남으며 비밀번호가 주위에 쉽게 노출될 수 있다. 본 논문은 위의 문제를 해결하기 위해 아두이노로 라즈베리파이와 앱을 무선 통신하여 '원격 제어가 가능한 스마트 도어락'을 고안했다. 아두이노 와이파이 모듈을 통해 스마트폰으로 도어락을 원격으로 제어할 수 있으며 라즈베리파이 카메라 모듈과 초음파 센서를 통해 도어락에 접근하는 사람을 감지하고 확인할 수 있다. 이 기능으로 범죄를 예방할 수 있으며 자녀들의 귀가 여부도 확인할 수 있고 문을 열어줘야 할 상황에 비밀번호 노출없이 문을 열어줄 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• 제16권4호
• /
• pp.139-146
• /
• 2006

A Signcryption proposed by Yuliang Zheng in 1997 is a hybrid public key primitive that combines a digital signature and a encryption. It provides more efficient method than a straightforward composition of an signature scheme with a encryption scheme. In a mobile communication environment, the authenticated key agreement protocol should be designed to have lower computational complexity and memory requirements. The password-based authenticated key exchange protocol is to authenticate a client and a server using an easily memorable password. This paper proposes an secure Authenticated Key Exchange protocol using Signcryption scheme. In Addition we also show that it is secure and a more efficient that other exiting authenticated key exchange protocol.

• The Transactions of the Korea Information Processing Society
• /
• 제7권9호
• /
• pp.2903-2912
• /
• 2000

The paper is a design and implementation of the Hybrid Messaging System as integrating electronic mail system and common mail system based on PKI(Public Key Infrastructure), A user writes mail through Web Browser and sends the mail to Web Server. CGHCommon Gateway Interface) program sends the mail that was received through the Web Sever to Post Office Electronic Mail Server using SMTP(SimpleMail Transfer Protocol), The End Process program of the Hybrid Messaging System in a Post Office fetches the mail from the Post Office Electronic Mail Server using POP3 (Post Office Protocol 3), prints it and deliver it to recipients, Also, the Hybrid Messaging System is able to sign the mail with a sign private key that the Certificate Authority publics for users and encrypts the mail with a public key of the Post Office Web Server.

• Journal of Broadcast Engineering
• /
• 제6권1호
• /
• pp.50-57
• /
• 2001

A digital watermarking is a newly developed scheme to embed invisible or inaudible information Into the host data in order to insist the copyright of the owner or the creator. This paper describes a robust data embedding scheme that employs inner product and adaptive quantization. Compared to the previous works for digital watermarking, our proposed scheme can embed relatively large amount of Information, since a secrete key Is not directly relaxed to the watermark data. A secret key is used for the design of random direction vectors. which are taken Inner product with the DCT transformed feature set data. In odder to achieve robustness against malicious attacks. we exploit the Properties of human visual system In designing the random direction vectors which behave as embedded noises. Experimental results show that we can recover the embedded information without utilizing the original host data. We also demonstrate that the ownership assertion is possible even though The watermarked data may undergo common signal processing operations, such as JPEG compression. clopping. and filtering.