• Journal of KIISE:Information Networking
• /
• v.28 no.3
• /
• pp.309-320
• /
• 2001

This paper deals with security issues in a mobile agent system, especially protecting agent data from malicious agent servers. For this purpose, one-time key generation system, OKGS in short, is proposed. In OKGS, we integrate notions of a one-way hash function and a coupler. One-way function plays a major role in ensuring confidentiality and integrity of agent data. And the notion of a coupler is used to establish inter-relationship among consecutive encryption keys for agent data, i.e. all agent keys form a unidirectional chain. With these two features of OKGS, therefore, only the agent owner, who creates the agent bearing data, can decrypt and protect all the agent data which are gathered in the itinerary.

• The KIPS Transactions:PartC
• /
• v.16C no.3
• /
• pp.335-346
• /
• 2009

Mobile environments are evolving the main communication environment as a develops of communication technology. In mobile environments, sensitive information can be compromised on-line, so demand for security has increased. Also, mobile devices that provide various services are in danger from malware and illegal devices, phishing and sniffing etc, and the privacy. Therefore, MTM(Mobile Trusted Module) is developed and promoted by TCG(Trusted Computing Group), which is an industry standard body to enhance the security level in the mobile computing environment. MTM protects user privacy and platform integrity, because it is embedded in the platform, and it is physically secure. However, a security approach is required when secret data is migrated elsewhere, because MTM provides strong security functions. In this paper, we analyze the TCG standard and migration method for cryptographic key, then we propose a secure migration scheme for cryptographic key using key Backup/Recovery method.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.6
• /
• pp.1-8
• /
• 2019

Medical information is an important personal information for patients, and it must be protected. In particular, when medical personnel approach electronic medical records, authentication for enhanced security is essential. However, the existing public certificate-based certification model did not reflect the security characteristics of the electronic medical record(EMR) due to problems such as personal key management and authority delegation. In this study, we propose a fingerprint recognition-based authentication model with enhanced security to solve problems in the approach of the existing electronic medical record system. The proposed authentication model is an EMR system based on fingerprint recognition using PEMS (Private-key Escrow Management Server), which is applied with the private key commission protocol and the private key withdrawal protocol, enabling the problem of personal key management and authority delegation to be resolved at source. The performance experiment of the proposed certification model confirmed that the performance time was improved compared to the existing public certificate-based authentication, and the user's convenience was increased by recognizing fingerprints by replacing the electronic signature password.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.4 no.3
• /
• pp.182-188
• /
• 2011

Recently Yoon et al. proposed the remote user authentication scheme using smart cards. But their scheme has not satisfied security requirements which should be considered in the user authentication scheme using the password based smart card. In this paper, we prove that Yoon et al.'s scheme is vulnerable to a password guessing attack in case that the attacker steals the user's smart card and extracts the information from the smart card. Accordingly, this paper proposes the improved user authentication scheme based on the hash functin and random nonce that can withstand various possible attacks including a password guessing attack. The result of comparative analysis demonstrates that the proposed scheme is more secure and efficient than Yoon et al.'s scheme, with a trivial trade-off to require just a few more exclusive-OR operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.

• Proceedings of the KIEE Conference
• /
• 2000.07d
• /
• pp.2781-2783
• /
• 2000

방범에 사용되는 여러 종류의 센서를 컴퓨터를 이용하여 사용할 수 있는 방안을 연구하고 기술적인 문제를 파악하여 해결하고, Protocol을 정하여 방범 시스템 프로그램을 작성하고 컴퓨터 상에서 효율적인 방범이 이루어질 수 있도록 했다. 본 연구의 보안 시스템의 동작 순서는 다음과 같다. 사용자는 외출할 때 출입문 근처에 설치되어 있는 키패드를 이용하마 방범시스템을 작동시킨다. 침입자가 있으면 여러 장소에 설치된 센서가 감지되어 이 신호를 인터페이스를 통해 컴퓨터로 보낸다. 컴퓨터는 신호가 감지된 위치, 감지 시간을 기록하고 USB 포트에 연결된 CCD 카메라를 통하여 영상을 저장하고. 보안 책임자의 전화기로 침입자가 있다는 사실을 통보해 주도록 설계된 시스템이다. 방범시스템의 해제는 키패드를 이용하여 비밀번호를 입력하여 저장되어 있는 번호와 동일할 경우에만 해제가 될 수 있도록 구성하였다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.04a
• /
• pp.322-324
• /
• 2014

모바일 환경이 발달함에 따라서 사용자의 개인 모바일 기기에 저장되었던 민감한 개인정보 및 기업의 비밀과 같이 기밀성을 필요로 하는 데이터의 누출 사고가 빈번히 발생하고 있다. 본 논문에서는 모바일 기기의 데이터를 지정된 장소에서만 안전히 사용할 수 있도록 하는 기법을 제안한다. 제안된 기법은 공개키 암호화 시스템을 바탕으로 지정된 장소에서만 발행되는 키를 통해서만 모바일 기기의 접근이 가능하게 함으로써 데이터 사용 위치를 강제하고, 의도하지 않은 데이터 누출을 방지한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.5-15
• /
• 2015

Electronic transactions have been increasing with the development of the high-speed Internet and wireless communication. However, in recent years financial corporations and mobile carriers were attacked by hackers. And large numbers of privacy information have been leaked. In particular, in the case of credit card information can be misused in the online transaction, and the damage of this given to cardholder. To prevent these problems, it has been proposed to use a virtual card number instead of the actual card number. But it has security vulnerability and requires additional security infrastructure. In this paper, we analyzed the proposed virtual card number schemes. and we propose a new virtual credit card number scheme. In the newly proposed scheme, cardholder generates a key pair (public key/private key) and pre-register public key to the issuer. then, cardholder can pay no additional security infrastructure while still efficiently satisfy the security requirements.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.41-48
• /
• 2018

Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.1-6
• /
• 2015

The IoT(Internet of things) technology enable objects around user to be connected with each other for sharing information. To support security is the mandatory requirement in IoT because it is related to the disclosure of private information but also directly related to the human safety. However, it is difficult to apply traditional security mechanism into lightweight devices. This is owing to the fact that many IoT devices are generally resource constrained and powered by battery. PSK(Pre-Shared Key) based approach, which share secret key in advance between communication entities thereafter operate security functions, is suitable for light-weight device. That is because PSK is costly efficient than a session key establishment approach based on public key algorithm. However, how to safely set a PSK of the lightweight device in advance is a difficult issue because input/output interfaces such as keyboard or display are constrained in general lightweight devices. To solve the problem, we propose and develop a secure PSK configuration scheme for resource constrained devices in IoT.