• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.2
• /
• pp.81-85
• /
• 2009

In VANET, it is required one-way broadcast transmission because vehicles move at high speed and warning messages need to broadcast. our protocol employs digital signatures to authenticate nodes along the path. this prevents impersonation attacks and message modification attacks. our protocol also employs the node list to recognize intermediate nodes of the path. The node list, the time, and the nonce can prevent replay attacks.

• Review of KIISC
• /
• v.15 no.6
• /
• pp.19-30
• /
• 2005

본 논문은 현재 생체인식에서의 큰 문제로 대두되고 있는 개인 정보(Privacy) 보호문제를 해결하기 위한 방법들을 소개하고 있다. 이를 위해서는 여러 가지 기술이 사용되는데, 우선 생체정보가 도난 되었을 경우 그 피해를 최소화하기 위해 원래의 생체정보를 저장하는 것이 아니라 변환된 생체정보를 저장하고 사용하는 생체정보 변환 기술을 소개한다. 또한 원래의 생체정보가 유출되어 이를 이용해 위조 생체 등을 만들어 공격할 경우를 대비할 수 있는 위조 생체 검출 기술을 소개하며, 생체정보의 유출된 출처를 찾기 위해 생체정보에 소유권 등을 표시하는 데이터 은닉 기법도 소개한다. 이 외에 생체정보를 이용하여 일반적인 암호화 알고리즘에 사용되는 키를 은닉하고 생체정보를 통해 인증된 사용자에 한하여 키를 사용하도록 하는 방법도 소개한다. 끝으로 이러한 개인 정보 보호 기술들을 이용하여 생체인식 시스템의 보안성을 향상시키는 방법에 대하여 논의한다.

• Information and Communications Magazine
• /
• v.24 no.4
• /
• pp.36-48
• /
• 2007

최근 생체 인식 시스템의 보급과 함께, 생체 인식 시스템의 인증 정확도 외에 생체 데이터와 생체 인식 시스템 자체의 보안성, 그리고 개인의 프라이버시 보호에 대해 요구가 증가되고 있다. 생체 데이터와 생체 인식 시스템의 보안성 증대를 위해서는 다양한 기술이 연구되고 있는데, 본 논문에서는 (과기부지정 ERC) 생체인식센터에서 중점적으로 연구하고 있는 생체 정보 보호 기술에 대하여 소개한다. 이러한 생체 정보 보호 기술에는 생체정보가 도난 되었을 경우 그 피해를 최소화하기 위해 원래의 생체정보를 그대로 저장하는 것이 아니라 이를 바꾸어 변환된 생체정보를 저장하고 사용하는 생체 정보 변환 기술이 있다. 또한, 원래의 생체정보가 유출되고 이를 이용하여 위조 생체 등을 만들어 공격할 경우를 대비할 수 있는 위조 생체 검출 기술이 있으며, 생체정보의 유출된 출처를 찾기 위해 생체정보에 소유 책임기관 등을 표시하는 데이터 은닉 기법이 연구되고 있다. 이 외에 생체정보를 이용하여 일반적인 암호화 알고리즘에 사용되는 키를 은닉하고 생체정보를 통해 인증된 사용자에 한하여 키를 사용하도록 하는 방법도 본 논문에서 소개한다. 끝으로 이러한 생체 정보 보호 기술을 이용하여 생체 인식 시스템의 보안성을 향상시키는 방법에 대하여 논의한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.113-119
• /
• 2003

In WISA 2002, Ham et al. proposed a one-way mobile payment system. They claimed that the electronic cash of the system satisfies unforgeability and double spending prevention. In this paper, we point out that their system is not secure as they claimed by showing that the forgery of payment scripts is possible.

• Convergence Security Journal
• /
• v.7 no.1
• /
• pp.63-75
• /
• 2007

Most of computer systems to be connected to network have been exposed to some network attacks and became to targets of system attack. System managers have established the IDS to prevent the system attacks over network. The previous IDS have decided intrusions detecting the requested connection packets more than critical values in order to detect attacks. This techniques have False Positive possibilities and have difficulties to detect the slow scan increasing the time between sending scan probes and the coordinated scan originating from multiple hosts. We propose the port scan detection rules detecting the RST/ACK flag packets to request some abnormal connections and design the data structures capturing some of packets. This proposed system is decreased a False Positive possibility and can detect the slow scan, because a few data can be maintained for long times. This system can also detect the coordinated scan effectively detecting the RST/ACK flag packets to be occurred the target system.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.1
• /
• pp.273-278
• /
• 2013

Recently, user authentication schemes using smart cards for multi-server environment have been proposed for practical applications. In 2009, Liao-Wang proposed a secure dynamic ID based remote user authentication scheme for multi-server environment that can withstand the various possible attacks and provide user anonymity. In this paper, we analyze the security of Liao-Wang's scheme, and we show that Liao-Wang's scheme is still insecure against the forgery attack, the password guessing attack, the session key attack, and the insider attack. In addition, Liao-Wang's scheme does not provide user anonymity between the user and the server.

• Journal of Convergence for Information Technology
• /
• v.9 no.9
• /
• pp.52-57
• /
• 2019

DNS stands for 'Domain Name System' and uses IP addresses to identify devices connected to the network on the network. IP is a protocol that registers and manages aliases such as IPs because it is difficult for general users to remember. In recent years, the abuse of such DNS is increasing abroad, and behind the scenes, called 'DNS pionage,' are developing and evolving new rules and malware. DNSpionage attack is abusing DNS system such as Increasing hacking success rate, leading to fake sites, changing or forged data. As a result it is increasing the damage cases. As the global DNS system is expanding to the extent that it is out of control. Therefore, in this research, the countermeasures of DNSpionage attack is proposed to contribute to build a secure and efficient DNS system.

• Journal of the Korea Convergence Society
• /
• v.7 no.4
• /
• pp.33-38
• /
• 2016

DDoS attack has been continuously utilized that caused the excessively large amount of traffic that network bandwidth or server was unable to deal with paralyzing the service. Most of the people regard NTP as the biggest cause of DDoS. However, according to recently executed DDoS attack, there have been many SSDP attack in the use of amplified technique. According to characteristics of SSDP, there is no connection for making a forgery of source IP address and amplified resources feasible. Therefore, it is frequently used for attack. Especially, as it is mostly used as a protocol for causing DDoS attack on IoT devices that constitute smart home including a wireless router, media server, webcam, smart TV, and network printer. Hereupon, it is anticipated for servers of attacks to gradually increase. This might cause a serious threat to major information of human lives, major government bodies, and company system as well as on IoT devices. This study is intended to identify DDoS attack techniques in the use of weakness of SSDP protocol occurring in IoT devices and attacking scenario and counter-measures on them.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.3 no.3
• /
• pp.31-38
• /
• 2010

It has become more difficult to correspond an cyber attack quickly as patterns of attack become various and complex. However, current security mechanisms just have passive defense functionalities. In this paper, we propose new network security architecture to respond various cyber attacks rapidly and to chase and isolate the attackers through cooperation between security zones. The proposed architecture makes it possible to deal effectively with cyber attacks such as IP spoofing or DDoS(Distributed Denial of Service), by using active packet technology including a mobile code on active network. Also, it is designed to have more active correspondent than that of existing mechanisms. We implemented these mechanisms in Linux routers and experimented on a testbed to verify realization possibility of attacker response framework using mobile code. The experimentation results are analyzed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.8C
• /
• pp.697-702
• /
• 2012

In 2011, C.-T. Li et al. proposed a secure user authentication scheme, which is an improvement over Kim et al.'s scheme to resolve several security flaws such as off-line password guessing attack and masquerading attack. C.-T. Li et al. claimed that their scheme prevents smart card security related attacks. Moreover, it provides mutual authentication and session key establishment. However, we found that their scheme is vulnerable to password guessing attack through password change phase, smart card forgery attack and stolen verifier attack. Moreover, C.-T. Li et al.'s scheme is not secure against password guessing attack as they claimed. In this paper, we also point out that their scheme is not practical to use.