• Korean Security Journal
• /
• no.53
• /
• pp.211-228
• /
• 2017

In May 2012, the police was empowered to electronically obtain location information of mobile devices from the telecommunication service provides for the purpose of rescue by the Act on the Protection, Use, ETC. of Location Information, after years of pressure with repeated serious violent crime outbreaks and controversy concerning the risk of breaching privacy. This study examines the environmental, legal, and technological challenges related to location tracking at the time of five years after the amendment of the law. The bottom line of police's locating power is to secure the lives of people in deadly emergent circumstance. Therefore, location tracking using given information should be swiftly proceeded after consideration and judgment of justification in timely manner to electronically request information to mobile carriers, and it is necessary to have somewhat flexibility of interpretation to be applied to diverse situation. In addition, location tracking technology should be continuously updated through cooperation with the stake-holders. Recognizing substantial problems in practice, we identified and explored the issues including obtaining prior consent for tracking the user's location in case of emergency, confirmation of emergency situation requiring police presence, qualification of legitimate requester, and limited applicability in various circumstances, which are required to reconsidered in conjunction with the personal information protection laws. Additional practical issues may include the expenses for information provision and other incentives to promote active cooperation by the telecom companies.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.10a
• /
• pp.207-210
• /
• 2013

Recently, rapid innovation of Smartphone is changing the paradigm of our daily life. Smartphone users, opinion experts more than 99 percent of the economically active population is using, it has reached the saturation past the early stages of formation. Smartphone is equipped with a general purpose OS possible the implementation of high performance environment similar level as a personal computer. Also, it is a mobile communication terminal scalable which can be removed or installed various applications. Such extensibility, it is possible to use different applications through the Apps store. In addition, it is also possible various services which are location based service. However, these services also benefit many but it also has a disadvantage of invasion of privacy and disclosure of personal information. In this research, we aim to analyze factors influencing on perceived value and risk in location based service of Smartphone. In addition, we aim to analyze the causal relationship with perceived value and risk in satisfaction and recommendation intention. This study suggests practical and theoretical implications based on the results.

• The KIPS Transactions:PartC
• /
• v.10C no.7
• /
• pp.867-878
• /
• 2003

In thls Paper, we Propose a new scheme, protecting information about the location of a mobile user against attacks from inside users of the mobile communication, especially the network providers. There have already been some proposals about how to protect location information of user in mobile communication environments〔1-5〕. Among them, Kesdogan et al.〔2, 3〕 proposed a new method, using so-called temporary pseudonyms and also described protection method against a passive and an active attack of network providers. However, the description of protection method against the active attack between the two is not clear. Moreover, there is an additional load that it should append a reachability manager〔1, 6〕 to the proposed system. Therefore, we propose a new scheme improving the above method of Kesdogan et al. and analyze its security and effectiveness.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.5C
• /
• pp.410-419
• /
• 2012

This paper proposes a secure and efficient anonymous authentication scheme for health information push service based on indoor location in hospital. The proposed scheme has the following benefits: (1)It is just based on a secure one-way hash function for avoiding complex computations for both health care operations users and health care centers. (2)It does not require sensitive verification table which may cause health care centers to become an attractive target for numerous attacks(e.g., insertion attacks and stolen-verifier attacks), (3)It provides higher security level (e.g., secure mutual authentication and key establishment, confidential communication, user's privacy, simple key management, and session key independence). As result, the proposed scheme is very suitable for various location-based medical information service environments using lightweight-device(e.g., smartphone) because of very low computation overload on the part of both health care operations users and health care centers.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.469-480
• /
• 2008

The recently proposed RFID(Radio Frequency Identification) authentication protocol based on a hash function can be divided into two types according to the type of information used for authentication between a reader and a tag: either a value fixed or one updated dynamically in a tag memory. In this paper, we classify the protocols into a static ID-based and a dynamic-ID based protocol and then analyze their respective strengths and weaknesses. Also, we define a new security model including forward/backward traceability, synchronization, forgery attacks. Based on the model, we analyze the previous protocols and propose a new dynamic-ID based RFID mutual authentication protocol. Our protocol provide enhanced RFID user privacy compared to previous protocols and identify a tag efficiently in terms of the operation quantity of a tag and database.

• The KIPS Transactions:PartC
• /
• v.16C no.3
• /
• pp.347-356
• /
• 2009

In an RFID search protocol, a reader uses designated query to determine whether a specific tag is in the vicinity of the reader. This fundamental difference makes search protocol more vulnerable to replay attacks than authentication protocols. Due to this, techniques used in existing RFID authentication protocols may not be suitable for RFID search protocols. In this paper, we propose two RFID search protocols, one based on static ID and the other based on dynamic ID, which use counter to prevent replay attacks. Moreover, we propose a security model for RFID search protocols that includes forward/backward traceability, de-synchronization and forgery attack. Based on this model, we analyze security of our protocols and related works.

• Journal of Convergence for Information Technology
• /
• v.9 no.7
• /
• pp.100-105
• /
• 2019

As IoT Technology develops and Era of Hyperconnectivity comes, various kinds of customized services became available. As a next-generation display, a smart mirror accesses multimedia devices and provides various services, so it can serve as a social learning tool for the children and the old ones, as well as adults who need information. Smart Mirror must be able to identify users for individualized services. However, since the Smart Mirror is an easily accessible device, there is a possibility that information such as an individual's pattern and habit stored in the smart mirror may be exposed to the outside. Also, the other possibility of leakage of personal location information is through personal schedule or appointment stored in the smart mirror, and another possibility that privacy can be violated is through checking the health state via personal photographs. In this research, we propose a system that identify users by the information the users registered about their physique just like their face, one that provides individually customized service to users after identifying them, and one which provides minimal information and service for unauthenticated users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.6
• /
• pp.57-68
• /
• 2004

Recently, Radio Frequency Identification (RFID) systems stands in the spotlight of industry as a common and useful tool in manufacturing, supply chain management (SCM) and stock management. In the near future, low-cost RFID Electronic Product Code; (EPC) or smart-labels may be a practical replacement for optical barcodes on consumer items. However, manufacturing cheap and small RFID tags, and developing secure RFID authentication Protocols are problems which need to be solved. In spite of advances in semiconductor technology, computation and storage ability of the tag are so limited that it is difficult and too expensive to apply existing crypto-systems to RFID tags. Thus it is necessary to create a new protocol which would require less storage space and lower computation costs and that is secure in the RFID system's environments. In this paper, we propose a RFID authentication protocol that is secure against location tracking and spoofing attacks. Our protocol can be used as a practical solution for privacy protection because it requires less computations in database than the previous RFID authentication protocol.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.21-31
• /
• 2008

Ubiquitous environment is constructed by development of an IT technology, offer environment of many service changed to mobile environment. Also, existed service offered at fixed position like home or company, but according to development of mobile device. user require service as moving. Wibro can offer as user moving using mobile device. As requirement should be included authentication, in case of authentication between UICC and AAA authentication server is offered in Wibro, service is available. However, when UICC requires initial authentication to AAA authentication server, identification information of UICC expose as plaintext, so privacy infringement of mobile device occurs. Therefore, identification information of terminal generate randomly using OTP(One-Time Password) that generated in mobile terminal, and we proposed mechanism of privacy protection. Also, we proposed mechanism that offer secure service to user as offer authentication from OTP framework, and offer OTP combination authentication detailedly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.115-124
• /
• 2008

In vehicular networks, vehicles should be able to authenticate each other to securely communicate with network-based infrastructure, and their locations and identifiers should not be exposed from the communication messages. however, when an accident occurs, the investigating authorities have to trace down its origin. As vehicles communicate not only with RSUs(Road Side Units) but also with other vehicles, it is important to minimize the number of communication flows among the vehicles while the communication satisfies the several security properties such as anonymity, authenticity, and traceability. In our paper, when the mutual authentication protocol is working between vehicles and RSUs, the protocol offers the traceability with privacy protection using pseudonym and MAC (Message Authentication Code) chain. And also by using MAC-chain as one-time pseudonyms, our protocol does not need a separate way to manage pseudonyms.