• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1478-1481
• /
• 2009

수동형 RFID(Radio Frequency Identification)는 제한된 자원을 가지고 있으며, 무선채널을 사용하는 기술이다. 하지만 도청과 같은 악의적인 공격과 프라이버시 침해와 같은 문제점이 있으며, 이를 해결하기 위한 각종 암호화 기법 및 알고리즘과 인증 프로토콜이 있다. AES(Advanced Encryption Standard)는 RFID에 적용 가능한 대표적인 대칭키 암호화 알고리즘으로써 그 안정성이 검증되었지만, RFID 태그에서 사용하기 위해서는 키 분배와 같은 문제점을 해결하여야 한다. 본 논문에서는 AES와 난수사용을 기반으로 하는 개선된 RFID 인증 프로토콜을 제안한다. 리더에서 발생된 난수는 새로운 키를 생성하고, 태그와 리더를 인증하는 용도로 사용하며, 난수를 통해 생성된 키는 메시지를 암호화 하는데 이용한다. 따라서, 본 논문의 난수사용은 대칭키의 노출을 막아 키 분배 문제를 해결하며, 인증 단계를 줄일 수 있다. 또한, 태그에서 한번의 암호화만 수행되므로 태그에 발생하는 오버헤드를 최소화하며 도청, 재전송, 스푸핑 및 위치 추적과 같은 공격에도 안전하다.

• Journal of Convergence for Information Technology
• /
• v.10 no.5
• /
• pp.16-22
• /
• 2020

In this paper, the technology and capabilities required for the job of developing security software recommended by the Cybersecurity Human Resources Development Framework of the National Initiative for Cybersecurity Education (NICE) were studied. In this paper, we describe what security skills are needed for the task of developing security software and what security capabilities should be held. The focus of this paper is to analyze the consistency between security technologies (core and specialized technologies) required for security software development tasks and the curriculum of information protection-related departments located in Seoul, Korea. The reason for this analysis is to see how the curriculum at five universities in Seoul is suitable for performing security software development tasks. In conclusion, if the five relevant departments studied are to intensively train developers of development tasks for security software, they are commonly required to train security testing and software debugging, how secure software is developed, risk management, privacy and information assurance.

• Journal of KIISE:Databases
• /
• v.32 no.3
• /
• pp.243-253
• /
• 2005

Dissemination of XML data on the internet could breach the privacy of data providers unless access to the disseminated XML data is carefully controlled. Recently, the methods using encryption have been proposed for such access control. However, in these methods, the performance of processing queries has not been addressed. A query processor cannot identify the contents of encrypted XML data unless the data are decrypted. This limitation incurs overhead of decrypting the parts of the XML data that would not contribute to the query result. In this paper, we propose the notion of query-aware decryption for efficient processing of queries against encrypted XML data. Query-aware decryption allows us to decrypt only those parts that would contribute to the query result. For this purpose, we disseminate an encrypted XML index along with the encrypted XML data. This index, when decrypted, informs us where the query results are located in the encrypted XML data, thus preventing unnecessary decryption for other parts of the data. Since the size of this index is much smaller than that of the encrypted XML data, the cost of decrypting this index is negligible compared with that for unnecessary decryption of the data itself. The experimental results show that our method improves the performance of query processing by up to 6 times compared with those of existing methods. Finally, we formally prove that dissemination of the encrypted XML index does not compromise security.

• Journal of Internet Computing and Services
• /
• v.20 no.3
• /
• pp.119-128
• /
• 2019

This study aims to analyze the research trends on Smart City and to present implications to policy maker, industry professional, and researcher. Cities around globe have undergone the rapid progress in urbanization and the consequent dramatic increase in urban dwellings over the past few decades, and faced many urban problems in such areas as transportation, environment and housing. Cities around the globe are in a hurry to introduce Smart City to pursue a common goal of solving these urban problems and improving the quality of their lives. However, various conceptual approaches to smart city are causing uncertainty in setting policy goals and establishing direction for implementation. The study collected 11,527 papers titled "Smart City(cities)" from the Scopus DB and Springer DB, and then analyze research status, topic, trends based on abstracts and publication date(year) information using the LDA based Topic Modeling approaches. Research topics are classified into three categories(Services, Technologies, and User Perspective) and eight regarding topics. Out of eight topics, citizen-driven innovation is the most frequently referred. Additional topic network analysis reveals that data and privacy/security are the most prevailing topics affecting others. This study is expected to helps understand the trends of Smart City researches and predict the future researches.

• The Journal of the Acoustical Society of Korea
• /
• v.38 no.4
• /
• pp.396-405
• /
• 2019

The speech privacy of closed office rooms located in a university campus was measured and assessed in terms of SPC (Speech Privacy Class) values. The measurements of two quantities, the LD (Level Difference) between a source and a receiving room, and the background noise level ($L_b$) at the receiving room were carried out in 5 rooms located in 3 different buildings in the university campus. Each of the 5 rooms was adjacent to both offices and corridors through walls. The TL (Transmission Loss) between the source and the receiver room was also measured to compare the difference of two standard methods, ASTM E2836-10 and KS F 2809. The present results show that the speech privacy of the 5 office rooms is not met the requirement for a minimum SPC values of 70. A minimum LD value of 41 dB between the source and the receiver room should be achieved for having a SPC value of 70 when the mean measured value of $L_b$ at the receiving room is 29.2 dB. That is, the TL(avg) value averaged over the octave bands from 160 Hz to 5000 Hz between the source and the receiver room should be or greater than 40 dB. The most important architectural factor influencing the LD value is the presence of openings, such as doors, and windows, on the adjacent walls between the source and receiving room. Therefore, if the opening of the adjacent wall is replaced by an opening with high sound insulation, the appropriate SPC value of the research and office rooms can be achieved.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.63-71
• /
• 2006

In this paper, we propose a secure solution for user authentication by using fingerprint verification on the sensor-client-server model, even with the client that is not necessarily trusted by the sensor holder or the server. To protect possible attacks launched at the untrusted client, our solution makes the fingerprint sensor validate the result computed by the client for the feature extraction. However, the validation should be simple so that the resource-constrained fingerprint sensor can validate it in real-time. To solve this problem, we separate the feature extraction into binarization and minutiae extraction, and assign the time-consuming binarization to the client. After receiving the result of binarization from the client, the sensor conducts a simple validation to check the result, performs the minutiae extraction with the received binary image from the client, and then sends the extracted minutiae to the server. Based on the experimental results, the proposed solution for fingerprint verification can be performed on the sensor-client-server model securely and in real-time with the aid of an untrusted client.

• Journal of KIISE:Computer Systems and Theory
• /
• v.30 no.2
• /
• pp.78-92
• /
• 2003

In related to mobile communication environment, many researchers have studied problems concerning current locations of mobile users and exposure of their movements in the privacy aspect so far [1,2,3,4,5,6,7,8,9]. Among them, Kesdogan and Pfitzmann [3,6] proposed effective solutions using temporary pseudonym identification, called TP(Temporary Pseudonym ) to solve them. After that, Kesdogan et al. proposed an improved method protecting mobile users from some types of attacks of network providers in [8]. However, among their methods, in particular the method, attaching the other new device (so-called Reachability Manager) to system against active attack of network providers, is alterative rather than practical and is not clear. Moreover, it requires the other cost and overhead. Therefore we propose a practical method against active attack of network providers without attaching new device in original environments. The basie idea of proposed method is to protect a fraud act of network provider as a inside user by exchanging a secret information, which only users and network providers know, via network provider between mobile user and the trusted third party (so-called Trust Device). Moreover, we introduce a new payment protocol which applied our method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.05a
• /
• pp.517-520
• /
• 2008

Wireless sensor network supporting healthcare environment should provide customized service in accordance with context information such as continuous location change and status information for people or movable object. In addition, we should consider data transmission guarantees a person's bio information and privacy security provided through sensor network. In this paper analyzes LEACH protocol which guarantees the dynamic self-configuration, energy efficiency through configuration of inter-node hierarchical cluster between nodes and key distribution protocol used for security for data transmission between nodes. Based on this analysis result, we suggested self-configuration routing protocol supporting node mobility which is weakness of the existing LEACH protocol and data transmission method by applying key-pool pre-distribution method whose memory consumption is low, cluster unit public key method to sensor node.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.3
• /
• pp.737-744
• /
• 2010

The use of RFID recently tends to increase and is expected to expand all over the industry and life. However, RFID is much vulnerable to the malign threats such as eavesdropping, replay attack, spoofing attack, location tracking in the process of authentication. In particular, it is difficult to apply authentication protocol used in the other previous system to low-priced RFID tag. After all, this paper suggests the scheme of efficient authentication protocol for RFID privacy protection. Compared to the previous scheme, suggested scheme reinforces the checking process of transmission data and is secure from eavesdropping and spoofing attack. It minimizes the operation work of the tag and is very useful to apply to the low-priced tag. It also has the merit to confirm the efficiency of communication by reducing the communication rounds.

• The Journal of Society for e-Business Studies
• /
• v.18 no.3
• /
• pp.107-123
• /
• 2013

In a wireless sensor network environment, it is required to ensure anonymity by keeping sensor nodes' identifiers not being revealed and to support real-time authentication, lightweight authentication and synchronization. In particular, there exist possibilities of location information leakage by others, privacy interference and security vulnerability when it comes to wireless telecommunications. Anonymity has been an importance issue in wired and wireless network environment, so that it has been studied in wide range. The sensor nodes are interconnected among them based on wireless network. In terms of the sensor node, the researchers have been emphasizing on its calculating performance limit, storage device limit, and smaller power source. To improve of biometric-based D. He scheme, this study proposes a real-time authentication protocol using Unique Random Sequence Code(URSC) and variable identifier for enhancing network performance and retaining anonymity provision.