• Journal of Internet Computing and Services
• /
• v.7 no.3
• /
• pp.133-142
• /
• 2006

The purpose of the multiple key agreement protocol is to get efficiency in computational and communicational aspects compared to multiple executions of single key agreement protocol. However ID based tripartite multiple key agreement protocols have been proposed, it is reported that they can not resist unknown key-share attack or impersonation attack. How to design a secure and efficient ID-based authenticated tripartite multiple key agreement scheme to prevent all kinds of attacks remains an open problem. This paper proposes a multiple key agreement scheme combing the existing single key agreement protocol with a key derivation function. The proposed scheme can not only increase computational efficiency compared to the existing multiple key agreement protocol, but can ensure security of the proposed schemes by using a security proofed single key agreement protocol and key derivation function.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.91-96
• /
• 2003

업무 편의성 요구 증가와 웹 서비스의 발전으로 웹 기반 원격근무 업무 시스템이 증가하고 있는 반면, 웹 취약점의 확산과 개방형 환경으로 인해 잠재적 위협이 증가되고 있다. 이러한 위협에 적절히 대응하기 위해서는 개발 단계 전반에서 보안 요소를 고려하여 안전한 업무 시스템을 구축해야 한다. 이를 위해 본 논문에서는 업무 시스템이 요구하는 보안 수준에 부합하는 보안 목표를 설정하고, 요구 보안 수준을 충족할 수 있도록 전체 개발 프로세스 상의 보안 관리 활동을 정의한다. 또한, 신원 인증 및 접근제어, 세션 관리, 이벤트 로깅, 데이터 검증, 알려진 취약점 대응, 그리고 프라이버시 보호와 같은 보안 요소들을 분석하여 시스템의 안전한 구축 방법을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.53-57
• /
• 2010

Recently, Lee et al. proposed a delegation-based authentication protocol for secure and private roaming service in global mobility networks. In this paper, we show that the protocol cannot protect the privacy of an user even though the protocol provides the user anonymity. To prove the weakness, we show that the protocol cannot provide the unlinkability and also examine the weakness of the protocol caused by the lack of the unlinkability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.607-616
• /
• 2014

Face recognition is a big challenge in surveillance system since different rotation angles of the face make the difficulty to recognize the face of the same person. This paper proposes a novel method to recognize face with different head poses by using 3D information of the face. Firstly, head pose estimation (estimation of different head pose angles) is accomplished by the POSIT algorithm. Then, 3D face image data is constructed by using head pose estimation. After that, 2D image and the constructed 3D face matching is performed. Face verification is accomplished by using commercial face recognition SDK. Performance evaluation of the proposed method indicates that the error range of head pose estimation is below 10 degree and the matching rate is about 95%.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.12C
• /
• pp.1692-1706
• /
• 2004

Recently, there are rapid development of information and communication and rapid growth of e-business users. Therefore we try to solve security problem on the internet environment which charges from wire internet to wireless internet or wire/wireless internet. Since the wireless mobile environment is limited, researches such as small size, end-to-end and privacy security are performed by many people. Wireless e-business adopts credit card WPP protocol and AIP protocol proposed by ASPeCT. WAP, one of the protocol used by WPP has weakness of leaking out information from WG which conned wire and wireless communication. certification chain based AIP protocol requires a lot of computation time and user IDs are known to others. We propose a Micro-Payment protocol based on credit card. Our protocol use the encryption techniques of the public key with ID to ensure the secret of transaction in the step of session key generation. IDs are generated using ECC based Weil Paring. We also use the certification with hidden electronic sign to transmit the payment result. The proposed protocol solves the privacy protection and Non-repudiation p개blem. We solve not only the safety and efficiency problem but also independent of specific wireless platform. The protocol requires the certification organization attent the certification process of payment. Therefore, other domain provide also receive an efficient and safe service.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.1
• /
• pp.81-86
• /
• 2009

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. In this paper, we propose a new identification scheme One Pass Identification. The security of Password base System is based on the square root problem, and Password base System is secure against the well known attacks including pre-play attack, off-line dictionary attack and server comprise. A number of pass of Password base System is one, and Password base System processes the password and does not need the key. We think that Password base System is excellent for the consuming time to verify the prover.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.4
• /
• pp.1926-1934
• /
• 2013

M2M (Machine-to-Machine Communication) refers to technologies that allow wired and wireless systems to communicate with other devices with similar capabilities. M2M has special features which consist of low electricity consumption, cheap expenses, WAN, WLAN and others. Therefore, it can communicate via a network. Also, it can handle itself without a person's management. However, it has a wireless-communicate weakness because of the machine-communicate request, and also it is difficult to administrate and control each other. So In this Paper, It suggests the safety protocol between Device, Gateway and Network Domain in M2M environment. Proposed protocol is based on ID-Based encryption's certificate and creates session key between the Access Server and the Core Server in the Network Domain. It uses that session key for sending and receiving data in mutual, and adds key renewal protocol so it will automatically update discern result. a comparative analysis of the existing M2M communication technologies and PKI-based certificate technology is compared with the proposed protocol efficiency and safety.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.31-40
• /
• 2014

In Korea, the Public Key Infrastructure (PKI) has been introduced. For secure information transmission and identification, the electronic signature authorization system of a certificate-based is built, and then the service provide.The certificate is stored in location what users can easily access and copy. Thus, there is a risk that can be stolen by malware or web account hacking. In addition, private key passwords can be exposed by the logging tool, after keyboard security features are disabled. Each of these security weaknesses is a potential conduit for identity theft, property/asset theft, and theft of the actual certificates. The present study proposes a method to prevent the private key file access illegally. When a certificate is stored, the private key is encrypted by the dependent element of the device, and it is stored securely. If private key leakage occurs, the retrieved key could not be used on other devices.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.6
• /
• pp.492-500
• /
• 2013

The One-Time Password(OTP) Generator is used as a multi-factor authentication method to ensure secure transaction during e-Financial transaction in the bank and securities company. The OTP based e-Financial Transaction Verification Protocol ensures secure e-financial transaction through confirming the user's identity using OTP authentication information and counters not only Man-in-the-Browser(MITB) attacks but also memory hacking attacks. However, it is possible to generate correct OTPs due to potential of stealing sensitive information of the OTP generator through intelligent phishing, pharming, social engineering attacks. Therefore, it needs another scheme to prevent from above threats, and this paper proposes advanced scheme using Physical Unclonable Functions(PUFs) to solve these problems. First, it is impossible to generate the same OTP values because of the hysically unclonable features of PUFs. In addition, it is impossible to clone OTP generator with hardware techniques. Consequently, the proposed protocol provides stronger and more robust authentication protocol than existing one by adding PUFs in the OTP generator.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.5
• /
• pp.604-612
• /
• 2019

PKI Internet banking is used to have users register their public keys with the banking server together with the identity information, and verify the signature for both user and transaction authentications by using the registered public keys. Although the Blockchain-based financial systems such as Bitcoin adopt similar digital signature-based authentication scheme, there is no server that participants can register public keys with because they perform P2P payment transactions. The purpose of this paper is to identify the advantages and disadvantages of the Blockchain-based payment transactions by analyzing the differences between the most common PKI Internet banking and Blockchain payment systems. Based on the analysis, this paper suggests the issues that need to be enhanced from the aspects of architecture and security in order for Blockchain payment transaction systems to be applied universally.