• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.229-236
• /
• 2008

In this paper, re proposed scheme that it safely exchange encrypted keys without Trust Third Party(TTP) and Pre-distributing keys in ubiquitous environments. Existing paper assume that exist a TTP or already pre-distributed encrypted keys between nodes. However, there methods are not sufficient for wireless environments without infrastructure. Some existing paper try to use the Diffie-Hellman algorithm for the problem, but it is vulnerable to Replay and Man-in-the middle attack from the malicious nodes. Therefore, Authentication problem between nodes is solved by modified the Diffie-Hellman algorithm using ${\mu}TESLA$. We propose safe, lightweight, and robust pair-wise agreement algorithm adding. One Time Password(OTP) using timestamp to modified the Diffie-Hellman in ubiquitous environments, and verify a safety about proposed algorithm.

• The Journal of the Korea Contents Association
• /
• v.9 no.1
• /
• pp.115-122
• /
• 2009

In this paper, we proposed scheme that we use a difference of timestamp in time in Ubiquitous environments as we use the Diffie-Hellman method that OTP was applied to when it deliver a key between nodes, and can detect a malicious node at these papers. Existing methods attempted the malicious node detection in the ways that used correct synchronization or directed antenna in time. We propose an intermediate malicious node detection way at these papers without an directed antenna addition or the Trusted Third Party (TTP) as we apply the OTP which used timestamp to a Diffie-Hellman method, and we verify safety regarding this. A way to propose at these papers is easily the way how application is possible in Ubiquitous environment.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.1
• /
• pp.143-151
• /
• 2015

Biometric technology has been proposed as a new means to replace conventional PIN or password because it is hard to be lost and has the low possibility of illegal use. However, unlike a PIN, password, and personal information there is no way to modify the exposure if it is exposed and used illegally. Therefore, the existing single modality with single biometrics is critical when it expose. However in this paper, we use a multi-modality and multi-biometrics to authenticate between users and TTP or between users and financial institutions. Thereby, we propose a more reliable method and compared this paper with existed methods about security and performance in this paper.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.26 no.11C
• /
• pp.24-32
• /
• 2001

Recently, in the case that provides electronic services using Internet, we need the non-repudiation service that supplies a technological evidence about actions between a sender and a receiver that violate the promised protocol. Also, this service offers legal evidences while producing controversy. In this paper, we propose a protocol that improves the efficiency and offers the fairness of non-repudiation service by the extension of ability of TTP (Trusted Third Party). The proposed protocol adds a Time Check function and an Alert Message to extend the ability of TTP. Through the computer simulation, we prove that the proposed protocol has better efficiency than previous protocols.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2000.04a
• /
• pp.1205-1209
• /
• 2000

이동 주체의 전자 상거래 참여는 계약 문서나 결제 정보 교환 서비스에 대해 사용자 실체에 대한 증명과 교환 메시지의 사후 검증 수단을 요구하고 있다. 본 논문에서는 이동 주체의 이동성에 따른 한계적 계산 능력 및 대역폭 사용을 고려하여 부분적으로 제 3의 신뢰 기관(Trusted Third Party, TTP)의 효율적인 참여 구조를 수용한 상호 공정 계약 프로토콜을 제안하였다. 본 논문에서는 기존 공정 계약 프로토콜에 대한 연구를 상거래 주체에 대한 이동성을 지원하기 위해 상호 공정 계약 프로토콜로 확장하였다. 제안한 프로토콜은 이동성에 대한 한계적 능력에 대해 해당 TTP와 공개키를 기반으로 거래 주체간의 상호 인증을 수행하도록 하였으며, 이러한 초기화를 수행한 이후 상거래 주체는 해당 인증 결과를 기반으로 주체간 상호 메시지 교환을 위한 공정 계약 프로토콜을 수행하도록 하였다. 또한 사전에 동의한 계약 과정 이외의 예외 상황 발생시 부분적 TTP의 참여를 허용하여 시스템의 대단위 계산 능력에 대한 효율성을 보장할 수 있다.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.4
• /
• pp.121-127
• /
• 2012

Biometric technology has been proposed as a new means to replace conventional PIN or password because it is hard to be lost and has the low possibility of illegal use. However, unlike a PIN or password, there is no way to modify the exposure if it is exposed and used illegally. To solve the problems, we propose to apply OTP using biometric information to mobile devices for more secure and adaptable authentication. In this paper, we propose a secure framework for delivering biometric information as mobile OTP to the server (TTP) and compared this paper with existed methods about security and performance.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.3
• /
• pp.251-260
• /
• 2011

In this paper, we proposed a scheme that it safely exchanges encrypted keys without Trust Third Party (TTP) and Pre-distributing keys in multi-hop clustering sensor networks. Existing research assume that it exists a TTP or already it was pre-distributed a encrypted key between nodes. However, existing methods are not sufficient for USN environment without infrastructure. Some existing studies using a random number Diffie-Hellman algorithm to solve the problem. but the method was vulnerable to Replay and Man-in-the-middle attack from the malicious nodes. Therefore, authentication problem between nodes is solved by adding a ��TESLA. In this paper, we propose a modified Diffie-Hellman algorithm that it is safe, lightweight, and robust pair-wise agreement algorithm by adding One Time Password (OTP) with timestamp. Lastly, authentication, confidentiality, integrity, non-impersonation, backward secrecy, and forward secrecy to verify that it is safe.

• Review of KIISC
• /
• v.23 no.3
• /
• pp.46-50
• /
• 2013

최근, 피싱 파밍 등 전자거래 환경의 보안위협의 크게 증가하면서 안전한 전자거래를 위한 다양한 인증기술에 대한 논의가 활발히 진행되고 있다. 본 논문에서는 이와 관련하여 ITU-T SG17 국제표준화기구에서 추진하는 OTP 기반 부인방지에 대한 표준안을 분석하고, 해당 프레임워크의 실제 전자거래 환경에 적용하기 위한 방안을 분석한다. 기존 전자거래 환경에서는 전자거래에 대한 부인방지 기능을 제공할 수 있는 기술로 공개키 기반의 전자서명이 주로 사용되었는데, 해당 표준안은 대칭키 기반의 일회용패스워드(OTP) 기술을 이용해서 부인방지 기능을 제공할 수 있는 새로운 방법을 제시하고 있다. OTP 부인방지 프레임워크는 사용자와 서비스제공자가 OTP 생성키를 이용해서 거래정보와 연계된 부인방지토큰 요청 메시지를 생성하고, 제3의 신뢰기관인 TTP를 통해 부인방지토큰을 생성 및 검증한다. 해당 프레임워크에서는 부인방지 서비스를 제공하기위한 4가지 서비스 모델을 제시하고 있어서, 전자거래환경에 맞는 서비스 모델을 선택적으로 적용이 가능하다.

• Journal of Digital Convergence
• /
• v.10 no.2
• /
• pp.193-200
• /
• 2012

The existing EMR method placing computer servers in hospitals could expose patients' personal information to hospital officers and people for wrong purposes. In addition, if medical malpractice occurs, the possibility of distorting medical records might be higher because patients' medical records are stored in hospitals. This study provides an electronic medical record with a security system to solve patients' information disclosure. The electronic medical record system could be utilized as an important information when medical malpractice occurs. This system can provide higher security services certifying patients safely and efficiently as well as protecting patients' personal information.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.129-141
• /
• 2010

In digital computing environment, for the mal functions in appliances and system errors, the unaccepted intrusion should be occurred. The evidence collecting technology uses the system which was damaged by intruders and that system is used as evidence materials in the court of justice. However the collected evidences are easily modified and damaged in the gathering evidence process, the evidence analysis process and in the court. That’s why we have to prove the evidence’s integrity to be valuably used in the court. In this paper, we propose a mechanism for securing the reliability and the integrity of digital evidence that can properly support the Computer Forensics. The proposed mechanism shares and manages the digital evidence through mutual authenticating the damaged system, evidence collecting system, evidence managing system and the court(TTP: Trusted Third Party) and provides a secure access control model to establish the secure evidence management policy which assures that the collected evidence has the corresponded legal effect.