• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.11a
• /
• pp.764-767
• /
• 2013

Near Field Communication (NFC) 기능이 가능한 스마트폰을 통해 경제적인 효과 및 편의성을 증대시킬 수 있는 서비스들이 늘어나고 있다. 하지만 그에 따른 NFC 보안기술은 미흡한 실정이다. 그 중 출입인증서비스는 데이터를 보호하고 사용자에게 편리성을 제공해야하는 서비스이다. 본 연구에서는 모바일 NFC 출입서비스 시 발생 가능한 보안취약점과 관련연구에 대해 분석하고 이를 해결하기위한 경량화된 출입인증메커니즘을 제안하여 안전성을 증가시키고, 불필요한 연산을 줄여 향상된 속도를 제공하는 NFC 출입서비스를 제공하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.05a
• /
• pp.1159-1162
• /
• 2008

언제 어디서나 인터넷에 접속하여 필요한 정보를 얻을 수 있는 서비스를 Wibro(Wireless Broadband)라고 한다. 서비스를 제공하기 위해 중요한 기술요소 중 하나가 보안이다. 최근 보다 안전한인증 메커니즘을 설계할 수 있는 UICC기반의 EAP-AKA프로토콜이 제안되었다. 그러나 이 프로토콜은 프라이버시 보호 문제와, 인증서버에 저장공간 오버헤드, 비밀키 노출에 따른 전방향 안전성제공의 문제점들이 있다. 본 논문에서는 UICC기반의 EAP-AKA프로토콜의 문제점을 살펴보고 이러한 문제점을 해결하기 위한 전방향 안정성을 제공하는 Wibro인증 및 키 동의 프로토콜을 제안한다.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.45 no.10
• /
• pp.40-48
• /
• 2008

Security of self organized mobile ad hoc networks is an important issue because administration information in the networks is managed by the constituent nodes. Especially authentication mechanism is necessary for trust setup between newly joining nodes and the network. The authentication models and protocols which are based on the wireline infrastructure could not be practical for mobile ad hoc network. Although public key algorithm-based method is widely used for authentication, it is not easy to be applied to mobile ad hoc networks because they do not have infrastructure such as centralized CA which is needed for certificate verification. In this paper, we consider the public key based random CA group method proposed in [1] to provide efficient authentication scheme to mobile ad hoc networks and analyze the performance of the method, which is then compared to the home CA method. From the analysis results, we see that the random CA method where the function of CA is distributed to some mobile nodes and the authentication information is propagated to randomly chosen CAs shows higher reliability and lower cost than home CA method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.769-780
• /
• 2014

In general, internet users need to remember several IDs and passwords when they use diverse web sites. From an effective management perspective, SSO system was suggested to reduce user inconvenience. Kerberos authentication, which uses centralized system management, is a typical example of a broker-based SSO authentication model. However, further research is required, because the existing Kerberos authentication system has security vulnerability problems of password and replay attacks. In SSO authentication systems, a major security vulnerability is the replay attack. When user credentials are seized by attackers, an authorized session can be obtained through a replay attack. In this paper, an improved SSO authentication model based on the broker-based model and a secure lightweight SSO mechanism against credential replay attack is proposed.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.4B
• /
• pp.435-441
• /
• 2009

The one-time password system solves the problem concerning password reuse caused by the repeated utilization of an identical password. The password reuse problem occurs due to the cyclic repetition at the time of password creation, and authentication failure can occur due to time deviation or non-synchronization of the number of authentication. In this study, the password is created asynchronously and exchanged with the user, who then signs using a digital signature in exchange for the password and a valid verification is requested along with the certificate to ensure non-repudiation. Besides this, a verification system for one-time password is proposed and designed to improve security by utilizing the validity verification that is divided into certificate verification and password verification. Comparative analysis shows that the mechanism proposed in this study is better than the existing methods in terms of replay attack, non-repudiation and synchronization failure.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.7
• /
• pp.181-188
• /
• 2008

Nowadays, WiMAX which provides internet service with a middle and low speed serves more function and is wider than Wi-Fi. While they solve the security risks as subscribers do handover by subscriber's re-certification procedure as the Network range is getting wider, there are more security problems making the problems of electric-power consumption and delay. This paper suggests a handover mechanism which simplify the subscriber's re-certification procedure and prevents a security problem as doing handover for solving the problem of delay and the rate of processing. The mechanism can cooperate with PKI structure to increase flexibility and security and minimize network re-entry procedure or re-certification procedure by providing continual service. As a result. the mechanism's throughput as the number of subscribers is lower than IEEE 802.16e and the mechanism proves that it is secure from the attack of man-in-the-middle and reply as doing handover.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1057-1068
• /
• 2012

According to advance on vehicle technology, many kinds of ECU(Electronic Control Unit) are equipped inside the vehicle. In-vehicle communication among ECUs is performed through CAN(Controller Area Networks). CAN have high reliability. However, it has many vulnerabilities because there is not any security mechanism for CAN. Recently, many papers proposed attacks of in-vehicle communication by using these vulnerabilities. In this paper, we propose an wireless attack model using a mobile radio communication network. We propose a secure authentication mechanism for in-vehicle network communication that assure confidentiality and integrity of data packets and also protect in-vehicle communication from the replay attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.145-156
• /
• 2010

Now a days, the development of TV and internet like communicational technique makes IPTV service which combines internet with multimedia contents increase. But when a user gets service in specific place, the certification process and user's ID check in IPTV service is complicate so that there occurs communicational difficulty like increasing illegal users and service delay etc. This paper proposes communication security mechanism to prevent Clone attack which happens in wireless section by efficiently extracting illegal user. The proposed mechanism performs key distribution procedure, inter certification procedure, and key initiation procedure by putting security agent in RFID-USB for RFID tags users use to perform plug-and-plug function. Also, the proposed mechanism updates the hased token value by its ID and the random number which RFID-USB creates whenever a user accesses in the area of RFID-USB so that it protects reply attack and man-in-the-middle attack which happen often in the area of wireless section.

• The KIPS Transactions:PartC
• /
• v.9C no.3
• /
• pp.313-322
• /
• 2002

In this paper, proposes Kerberos certification mechanism that improve certification service of PKINIT base that announce in IETF CAT Working Ggroup. Did to certificate other realm because search position of outside realm through DNS and apply X.509 directory certification system, acquire public key from DNS server by chain (CertPath) between realms by certification and Key exchange way that provide service between realms applying X.509, DS/BNS of PKINIT base. In order to provide regional services, Certification and key exchange between realms use Kerberos' symmetric method and Session connection used Directory service to connection X.509 is designed using an asymmetric method. Excluded random number ($K_{rand}$) generation and duplex encryption progress to confirm Client. A Design of Kerberos system that have effect and simplification of certification formality that reduce Overload on communication.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3C
• /
• pp.426-435
• /
• 2004

The DIAMETER protocol provides Authentication, Authorization, and Accounting (AAA) transactions across the Internet. SIP(Session Initiation Protocol) will be used for new types of signaling, such as instant messaging and application level mobility across networks. And SIP will be a major signaling protocol for next generation wireless networks. But the Digest authentication scheme is not using a secure method of user authentication in SIP, and it is vulnerable to man-in-the-middle attacks or dictionary attacks. This study focused on designing a SIP proxy for interworking with AAA server with respect to user authentication and security analysis. We compared and analyzed the security aspects of the scenarios and propose two proposals that a response which include the user address and password-based mutual authentication and key agreement protocol. It is claimed to be more secure against common attacks than current scenarios.