• Journal of KIISE
• /
• v.42 no.1
• /
• pp.23-32
• /
• 2015

In the Android market, a large portion of the market share consists of third party applications, but not much research has been performed in this respect. Of these applications, mobile Voice Over IP (VoIP) applications are one of the types of applications that are used the most. In this paper, we focus on user authentication methods for three representative applications of the Google Voice service, which is a famous mobile VoIP application. Then, with respect to the Android file system, we developed a method to store and to send user information for authentication. Finally, we demonstrate a vulnerability in the mechanism and propose an improved mechanism for user authentication by using hash chaining and an elliptic curve Diffie-Hellman key exchange.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.3
• /
• pp.485-492
• /
• 2008

Computers used fer light-weight computing environments are considerably limited in resources and performance running in ubiquitous environment. Because of the limited resources, it is difficult to apply existing security technologies to the light-weight computers. In this paper, light-weight security software is implemented using RC-5 encryption and SHA-1 authentication algorithm which is appropriate for light-weight computing environments. The design of components based on security software of a light-weight computer application and the test-bed for security software are presented. The simulation verifies the correctness of the security software. The architecture of the light-weight and reconfigurable security software for light-weight computer applications is proposed. The proposed security software is small size and provides reconfigurable security library based on the light-weight component and the software manager that configures software platform is loaded with the library at the time it is needed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.5
• /
• pp.863-869
• /
• 2008

In this paper, a system with sensor network security mechanism which can be applied to home network structure is designed and it is implemented on a virtual network of a home network middleware. The basic structure of home networking middleware supports one-to-one (unicast) or broadcast communication mode between the lookup server and service nodes on the network. Confidentiality and authentication are key security factors of the one-to-one communication and user authentication is crucial for broadcasting mode. One of the sensor network's security techniques SPINS consists of SNEP and ${\mu}TESLA$. The SNEP ensures confidentiality and authentication, and ${\mu}TESLA$ provides broadcast authentication. We propose a SPIN based home network middleware and it is implemented by using the CBC-MAC for MAC generation, the counter mode (CTR) for message freshness, the pseudo random function (PRF) and RC5 as encryption algorithm. The implementation result shows that an attacker cannot decrypt the message though he gets the secure key because of CTR mode. In addition, we confirmed that a received message of the server is authenticated using MAC.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.10
• /
• pp.1875-1882
• /
• 2008

Nowadays, usage of mobile unit which has a characteristic of low cost and high efficiency is being generalized because of frequent use of internet-based variable service and application in IEEE 802.16 WiMAX. A study for handling a security problem of high speed internet service is rising while the use of a mobile is being generalized. This paper suggests a security mechanism which provides safety from certification load of SS and a security attack as well as a basic function which is provided from IEEE 802.16e standard to satisfy security demand of IEEE802.16 WiMAX. The proposed mechanism exchangeskey material information for TEK and data code by using 난수(?) and secret value created by SS and BS, also reduces capacity load of BS not to perform an additional certificate procedure of BS by using the early certification information and certificate of SS.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.73-85
• /
• 2001

Electronic check schemes are more efficient than electronic coin scheme with respect to computational costs and the amount of information exchanged. In spite of these, difficulties in making a refund reusable and in representing the face value of a check have discouraged its development. In this paper, a new online electronic check system is presented, which solves the above problems. This system uses the partially blind signature to provide user anonymity and to represent the face value of a check. The partially blind signature enables us to make the format of refunds and initially withdrawn checks identical. Thus, it allows refunds to be reused to buy goods without any limitatiosn. Both initially withdrawn checks and refunds in our system guarantee untraceability as well as unlinkability. We also use a one-time secret key as the serial number of a check to increase the efficiency of payments. The presented check system also provides multiple offline shopping sessions to minimize the number of online messages handled by a bank. During the multiple offline shopping session, we use a one-way accumulator to provide non-repudiation service. We also analyze our new systems our new system\`s security, efficiency, and atomicity.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.109-120
• /
• 2008

VoIP utilizes the Internet for the services, and therefore it is vulnerable to intrusions and attacks. Because provided services deal with information related to privacy of users, it requires high level security including authentication and the confidentiality/integrity of signaling messages and media streams. However, when such a protocol is implemented in a VoIP phone, the implementation can have limitations due to the limited resources. The present study purposed to implement VoIP security protocols and to evaluate their performance in terms of connection quality and voice quality by applying them to SIP proxy and UA (User Agent). In the result of performance evaluation, the application of the security protocols did not lower voice quality, but connection quality was high in the DTLS based security protocol. As the protocol was applicable to signaling and media paths based on DTLS, we found that it can be a solution for the limited resources of VoIP phone.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.55-72
• /
• 1997

This paper presents a digital signature scheme for facsimile document which directly embeds a signature onto the document. We use multiple reference lines which have been scanned just before and modify each distance of changing pels both on the reference line specified by key and on the coding line with a single bit of the signature data. The time to take in signature is reduced by spreading of signature. Non-repudiation in origin, the 3rd condition of digital signature is realized by proposed digital signature scheme. The transmitter embeds the signature secretly and transfers it, and the receiver makes a check of any forgery on the signature and the document. This scheme is compatible with the ITU-T.4(CCITT G3 or G4 facsimile standards). The total amount of data transmitted and the image quality are about the same to that of the original document, and thus a third party notices that no signature is embedded on the document.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.131-139
• /
• 2012

The cloud storage has the client lend and use the device as a form of service rather than owning it, and thus the client pays the charge for the service that he or she actually uses, making it beneficial over the self-managed data center. When the storage service is provided on public cloud, however, the clients does not have any control over the user data, which brings a problem of violating data confidentiality. In this paper, we propose a gateway that works between the public cloud and the client for the purpose of guaranteeing the confidentiality of user data stored in cloud. The gateway encrypts or decrypts, and then delivers the user data without the client's intervention. In addition, it provides the function of exchanging keys to allow the client to access through another gateway. The proposed idea has been tested on a commercial public cloud and verified to satisfy security and compatibility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.473-483
• /
• 2012

To achieve an entire end-to-end security, the classical authentication setting such that all participants have a same password is not practical since a password is not a common secret but a personal secret depending on an individual. Thus, an efficient client to client different password-based authenticated key agreement protocol (for short, EC2C-PAKA) has been suggested in the cross-realm setting. Very recently, however, a security weakness of the EC2C-PAKA protocol has been analyzed by Feng and Xu. They have claimed that the EC2C-PAKA protocol is insecure against a password impersonation attack. They also have presented an improved version of the EC2C-PAKA protocol. In this paper, we demonstrate that their claim on the insecurity of EC2C-PAKA protocol against a password impersonation attack is not valid. We show that the EC2C-PAKA protocol is still secure against the password impersonation attack. In addition, ironically, we show that the improved protocol by Feng and Xu is insecure against an impersonation attack such that a server holding password of Alice in realm A can impersonate Bob in realm B. We also discuss a countermeasure to prevent the attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.3-16
• /
• 2010

Recently in the field of the wireless sensor network, many researchers are attracted to pairing cryptography since it has ability to distribute keys without additive communication. In this paper, we propose efficient hardware implementation of ${\eta}_T$ pairing which is one of various pairing scheme. we suggest efficient hardware architecture of ${\eta}_T$ pairing based on parallel processing and register/resource optimization, and then we present the result of our FPGA implementation over GF($2^{239}$). Our implementation gives 15% better result than others in Area Time Product.