• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.97-102
• /
• 2023

IoT is being used in a lot of industry domain such as smart home, smart ocean, smart energy, and smart farm, as well as legacy information services. For a server, an IoT device using the same protocol is a trusted object. Therefore, a malicious attacker can use an unauthorized IoT device to access IoT-based information services and access unauthorized important information, and then modify or extract it to the outside. In this study, to improve these problems, we propose an IoT device authentication system used in IoT-based information service. The IoT device authentication system proposed in this study applies identifier-based authentication such as MAC address. If the IoT device authentication function proposed in this study is used, only the authenticated IoT device can access the server. Since this study applies a method of terminating the session of an unauthorized IoT device, additional research on the access deny method, which is a more secure authentication method, is needed.

• Journal of Industrial Convergence
• /
• v.21 no.9
• /
• pp.49-56
• /
• 2023

ID is used as identifying information and password as user authentication for ID-based authentication. In order to have a secure user authentication, the password is generated as a hash value on the client and sent to the server, where it is compared with the stored information and authentication is performed. However, if even one character is incorrect, the different hash value is generated, authentication will be failed and cannot be performed and various functions cannot be applied to the password. In this study, we generate several hash value including imaginary number of entered password and transmit to server and perform authentcation. we propose a technique can grants the right differentially to give various rights to the user who have many rights by one account. This can defend shoulder surfing attack by imaginary password and provide convenience to users who have various rights by granting right based on password.

• Journal of Digital Convergence
• /
• v.13 no.9
• /
• pp.297-302
• /
• 2015

The increase in applying IT to vehicles has given birth to smart cars or connected cars. As smarts cars become connected with external network systems, threats to communication security are on the rise. With simulation test results supporting such threats to Convergence security in vehicular communication, concerns are raised over relevant vulnerabilities, while an increasing number of studies on secure vehicular communication are published. Hacking attacks against vehicles are more dangerous than other types of hacking attempts because such attacks may threaten drivers' lives and cause social instability. This paper designed a Convergence security protocol for inter-vehicle and intra-vehicle communication using a hash function, nonce, public keys, time stamps and passwords. The proposed protocol was tested with a formal verification tool, Casper/FDR, and found secure and safe against external attacks.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.1
• /
• pp.551-557
• /
• 2021

With increase of electric vehicle in the road, the number of charging/discharging infrastructure for electric vehicle in public space is also increased rapidly. To charge or discharge the electric vehicle the user of electric vehicle and service provider should verify the each other's identity to minimize security vulnerability. This paper proposes mutual authentication scheme between electric vehicle and charging/discharging service provider with help of hash function and Message Authentication Code(MAC). Also efficient operating scheme for charging/discharging service system is proposed. The analysis shows that the system has robustness against security vulnerability. Also this system can keep the sensitive personal information of service user safely.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.261-263
• /
• 2022

The National Program for Excellence in SW is underway to innovate the software education system and cultivate software professionals with creative convergence thinking in response to the demand for software manpower. This program was started by selecting 8 universities in 2015, and in September 2022, 44 universities are participating. The Wonkwang University's National Program for Excellence in SW, which was selected for this project in 2018, adopted the SW competency certification system to strengthen SW competency and many students actively participated. In this paper, the SW competency certification system program was examined, and lecture evaluation in related subjects and the performance of the certification system were analyzed in detail. Through the analysis results, the performance of the SW competency certification system was identified.

• Proceedings of the Korean Institute of Intelligent Systems Conference
• /
• 2001.05a
• /
• pp.241-245
• /
• 2001

얼굴인식은 이미지의 많은 변동(표정, 조명, 얼굴의 방향 등)으로 인해 한가지 인식 방법으로는 높은 인식률을 얻기 어렵다. 이러한 어려움을 해결하기 위해, 여러 가지 정보를 융합시키는 데이터 퓨전 방법이 연구되었다. 기존의 데이터 퓨전 방법은 보조적인 생체 정보(지문, 음성 등)를 융합하여 얼굴인식기를 보조하는 방식을 취하였다. 이 논문에서는 보조적인 생체 정보를 사용하지 않고, 기존의 얼굴인식방법을 통해 얻어지는 상호보완적인 정보를 융합하여 사용하였다. 개별적인 얼굴인식기의 정보를 융합하기 위해, 전체적으로는 Dempster-Shafer의 퓨전이론에 근거하면서, 핵심이 되는 질량함수를 새로운 방식으로 재정의한 퓨전모델을 제안하였다. 제안된 퓨전모델을 사용하여 개별적인 얼굴인식기의 정보를 융합한 결과, 생체정보 없이, 개별적인 얼굴인식기보다 나은 인식률을 얻을 수 있었다.

• Review of KIISC
• /
• v.31 no.3
• /
• pp.61-71
• /
• 2021

최근 블록체인 기술의 적용 범위가 전 산업으로 확대되고 있으며, 고부가가치 정보와 디지털 자산이 블록체인 분산 데이터베이스에 저장되고 관리되면서 블록체인을 대상으로 하는 보안 위협이 급격히 증가하고 있다. 특히 가용성 저하 공격, 분산 서비스 거부 공격, 비정상 거래, 악의적 거래, 51% 공격과 같이 블록체인을 대상으로 한 공격 기법이 고도화되고 피해 규모가 커지고 있다. 블록체인은 금융, 물류, 의료, 인증 등 전 산업 분야에 활용될 가능성이 높아지고 있어서 블록체인 네트워크 보안 위협을 신속하고 정확하게 탐지하는 기술에 대한 연구가 요구된다. 본 논문에서는 블록체인 네트워크 보안 위협에 대해 분석하고, 주요 위협 탐지 기술과 최신 동향을 분석한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.07a
• /
• pp.249-250
• /
• 2023

본 논문은 HTML과 CSS를 사용하여 기본적인 웹페이지를 작성하고, 카카오 지도 API를 활용하여 주변 스터디 룸 위치를 입력할 수 있는 기능을 구현한다. 카카오 개발자 웹사이트에서 API 키를 발급받아야 하며, 이를 사용하여 JavaScript 코드를 작성하고 웹페이지에 추가하여 지도와 위치 입력 기능을 구현한다. 또한, 회원가입 및 로그인 기능을 구현하기 위해 Node. JS를 사용하며, 사용자의 회원가입 정보를 입력받아 DB에 저장하고 로그인 시 DB와 비교하여 인증하는 기능을 포함합니다. MySQL을 사용하여 DB 테이블을 생성하고 연동하는 작업을 수행한다.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.51-57
• /
• 2024

Although industrial control systems (ICSs) recently keep evolving with the introduction of Industrial IoT converging information technology (IT) and operational technology (OT), it also leads to a variety of threats and vulnerabilities, which was not experienced in the past ICS with no connection to the external network. Since various control command messages are sent to field devices of the ICS for the purpose of monitoring and controlling the operational processes, it is required to guarantee the message integrity as well as control center authentication. In case of the conventional message integrity codes and signature schemes based on symmetric keys and public keys, respectively, they are not suitable considering the asymmetry between the control center and field devices. Especially, compromised node attacks can be mounted against the symmetric-key-based schemes. In this paper, we propose message authentication scheme based on double hash chains constructed from cryptographic hash function without introducing other primitives, and then propose extension scheme using Merkle tree for multiple uses of the double hash chains. It is shown that the proposed scheme is much more efficient in computational complexity than other conventional schemes.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.83-88
• /
• 2016

Over recent years there has been considerable growth in interest in the use of biometric systems for personal authentication. Biometrics is a field of technology which has been and is being used in the identification of individuals based on some physical attribute. By using biometrics, authentication is directly linked to the person, rather than their token or password. Biometric authentication is a type of system that relies on the unique biological characteristics of individuals to verify identity for secure access to electronic systems. In 2013, Althobati et al. proposed an efficient remote user authentication protocol using biometric information. However, we uncovered Althobati et al.'s protocol does not guarantee its main security goal of mutual authentication. We showed this by mounting threat of data integrity and bypassing the gateway node attack on Althobati et al.'s protocol. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in device. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in WSN(Wireless Sensor Networks) operate with resource constraints such as limited power, computation, and storage space.