• The Journal of Society for e-Business Studies
• /
• v.22 no.2
• /
• pp.169-185
• /
• 2017

Juliano Rizzo and Thai Duong, the authors of the BEAST attack [11, 12] on SSL, have proposed a new attack named CRIME [13] which is Compression Ratio Info-leak Made Easy. The CRIME exploits how data compression and encryption interact to discover secret information about the underlying encrypted data. Repeating this method allows an attacker to eventually decrypt the data and recover HTTP session cookies. This security weakness targets in SPDY and SSL/TLS compression. The attack becomes effective because the attacker is enable to choose different input data and observe the length of the encrypted data that comes out. Since Transport Layer Security (TLS) ensures integrity of data transmitted between two parties (server and client) and provides strong authentication for both parties, in the last few years, it has a wide range of attacks on SSL/TLS which have exploited various features in the TLS mechanism. In this paper, we will discuss about the CRIME and other versions of SSL/TLS attacks along with countermeasures, implementations. We also present direction for SSL/TLS attacks resistance in practice.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1147-1157
• /
• 2014

Intelligent transportation system (ITS) is realized through a highly ephemeral network, i.e. vehicular ad hoc network (VANET) which is on its way towards the deployment stage, thanks to the advancements in the automobile and communication technologies. However, it has not been successful, at least to date, to install the technology in the mass of vehicles due to security and privacy challenges. Besides, the users of such technology do not want to put their privacy at stake as a result of communication with peer vehicles or with the infrastructure. Therefore serious privacy measures should be taken before bringing this technology to the roads. To date, privacy issues in ephemeral networks in general and in VANET in particular, have been dealt with through various approaches. So far, multiple pseudonymous approach is the most prominent approach. However, recently it has been found out that even multiple pseudonyms cannot protect the privacy of the user and profilation is still possible even if different pseudonym is used with every message. Therefore, another privacy-aware mechanism is essential in vehicular networks. In this paper, we propose a novel identity exchange mechanism to preserve conditional privacy of the users in VANET. Users exchange their pseudonyms with neighbors and then use neighbors' pseudonyms in their own messages. To this end, our proposed scheme conditionally preserves the privacy where the senders of the message can be revoked by the authorities in case of any dispute.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.4 no.1
• /
• pp.267-282
• /
• 2000

With the development of computer&network technology and the growth of its dependance, computer failures not only lose human and material resources but also make organization's competition weak as a side-effect of information society. Therefore, people consider computer security as important factor. Intrusion Detection Systems (IDS) detect intrusions and take an appropriate action against them in order to protect a computer from system failure due to illegal intrusion. A variety of methods and models for IDS have been developed until now, but the existing methods or models aren't enough to detect intrusions because of the complexity of computer network the vulnerability of the object system, insufficient understanding for information security and the appearance of new illegal intrusion method. We propose a new IDS model to be suitable at the information system organized by homogeneous hosts and design for the IDS model and implement the prototype of it for feasibility study. The IDS model consist of many distributed unit sensor IDSs at homogeneous hosts and if any of distributed unit sensor IDSs detect anomaly system call among system call sequences generated by a process, the anomaly system call can be dynamically shared with other unit sensor IDSs. This makes the IDS model can effectively detect new intruders about whole information system.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.75-81
• /
• 2003

User authentication, including confidentiality, integrity over untrusted networks, is an important part of security for systems that allow remote access. Using human-memorable Password for remote user authentication is not easy due to the low entropy of the password, which constrained by the memory of the user. This paper presents a new password authentication and key agreement protocol suitable for authenticating users and exchanging keys over an insecure channel. The new protocol resists the dictionary attack and offers perfect forward secrecy, which means that revealing the password to an attacher does not help him obtain the session keys of past sessions against future compromises. Additionally user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the server. It does not have to resort to a PKI or trusted third party such as a key server or arbitrator So no keys and certificates stored on the users computer. Further desirable properties are to minimize setup time by keeping the number of flows and the computation time. This is very useful in application which secure password authentication is required such as home banking through web, SSL, SET, IPSEC, telnet, ftp, and user mobile situation.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.8B
• /
• pp.730-737
• /
• 2003

In this paper, we present an efficient authentication proxy for IEEE 802.1x systems based on the port-based access control mechanism. An IEEE 802.1x system consists of PC supplicants, a bridge with authentication client functions, and an authentication server. For the network security and user authentication purposes, a supplicant who wants to access Internet should be authorized to access the bridge port using the Extended Authentication Protocol (EAP) over LAN. The frame of EAP over LAN is then relayed to the authentication server by the bridge. After several transactions between the supplicant and the server via the bridge, the supplicant may be either authorized or not. Noting that the transactions between the relaying bridge and the server will be increased as the number of supplicants grows in public networks, we propose a scheme for reducing the transactions by employing an authentication proxy function at the bridge. The proxy is allowed to cache the supplicant's user ID and password during his first transaction with the server. For the next authentication procedure of the same supplicant, the proxy function of the bridge handles the authentication transactions using its cache on behalf of the authentication server. Since the main authentication server handles only the first authentication transaction of each supplicant, the processing load of the server can be reduced. Also, the authentication transaction delay experienced by a supplicant can be decreased compared with the conventional 802.1x system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.10
• /
• pp.2105-2112
• /
• 2009

Recently RFID system has been adopted in various fields rapidly. However, we ought to solve the problem of privacy invasion that can be occurred by obtaining information of RFID Tag without any permission for popularization of RFID system To solve the problems, it is Ohkubo et al.'s Hash-Chain Scheme which is the safest method. However, this method has a problem that requesting lots of computing process because of increasing numbers of Tag. Therefore, We suggest the way (process) satisfied with all necessary security of Privacy Protection Shreme and decreased in Tag Identification Time in this paper. First, We'll suggest the SP-Division Algorithm seperating SPs using the Performance Measurement consequence of each node after framing the program to create Hash-Chain Calculated table to get optimized performance because of character of the grid environment comprised of heterogeneous system. If we compare consequence fixed the number of nodes to 4 with a single node, equal partition, and SP partition, when the total number of SPs is 1000, 40%, 49%, when the total number of SPs is 2000, 42%, 51%, when the total number of SPs is 3000, 39%, 49%, and when the total number of SPs is 4000, 46%, 56% is improved.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.11
• /
• pp.2093-2099
• /
• 2016

This paper describes a design of crypto-processor that supports multiple block cipher algorithms of PRESENT, ARIA, and AES. The crypto-processor integrates three cores that are PRmo (PRESENT with mode of operation), AR_AS (ARIA_AES), and AES-16b. The PRmo core implementing 64-bit block cipher PRESENT supports key length 80-bit and 128-bit, and four modes of operation including ECB, CBC, OFB, and CTR. The AR_AS core supporting key length 128-bit and 256-bit integrates two 128-bit block ciphers ARIA and AES into a single data-path by utilizing resource sharing technique. The AES-16b core supporting key length 128-bit implements AES with a reduced data-path of 16-bit for minimizing hardware. Each crypto-core contains its own on-the-fly key scheduler, and consecutive blocks of plaintext/ciphertext can be processed without reloading key. The crypto-processor was verified by FPGA implementation. The crypto-processor implemented with a $0.18{\mu}m$ CMOS cell library occupies 54,500 gate equivalents (GEs), and it can operate with 55 MHz clock frequency.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.12B
• /
• pp.1452-1458
• /
• 2009

In this paper, Our proposed Multipurpose Complex Card UHF band RFID small-size Tag antenna. Multi purpose Complex Card UHF band RFID small-size Tag antenna that is to minimize the low efficiency of RFID Tag Read Range that generates space limitation and a conductor surrounded by inducing fingerpring system with dual(HF, UHF) Card is presented. Our proposed UHF band RFID small-size Tag antenna is for the Multipurpose Complex Card that is mounted on the fingerpring system as well as the HF Tag. It also enables to minimize and facilitates Tag chip matching by adjusting Tapered, Meander line and Loop structure. Given the card substance properties and periphery circuit, the proposed small-size Tag antenna, in this report, is designed with PET film with size of $50{\times}15mm^2$. The RFID small-size Tag method for measurements is used by EPCglobal Static Test instrument in Anechoic Chamber, which is tested with dual Card, within the car and in wallet. It is found that Read Range is 3.8m from the EPCglobal Static Test, Maximum Read Range within the car from the field test results in 7.6m. Proposed Tag antenna is will be used in the parking control security system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2009.10a
• /
• pp.1010-1013
• /
• 2009

The youths of the farming village have moved to the metropolis, thus the most of the manpower which engages to a production remained in the village reaches layer old age and all thing sprouts long the whole and it is one. So to remove the waste of barn rather than to give feed to the livestock is hard that what step all automation of this part is necessary. Consequently we have developed the automation system in order to reduce the massive death of the livestock at the time of intense cold and hot. The system will be able to clean the waste of the barn and confront quickly in the change of temperature which is sudden it came. And we proposed also the system that will be able to watch at real-time and monitor the operational environment from a remote using CCD camera. In this paper, we proposed the remote control system which uses PDA in order to control the automation system of a stall while moving. The proposed system was embodied in order for the control and the monitor while the user is mobile using PDA screens. We also added a protection system in that system. The system sends the case warning and SMS while will have the fire and the intrusion from the outside and prevents a robbery.

• KIPS Transactions on Software and Data Engineering
• /
• v.10 no.10
• /
• pp.391-398
• /
• 2021

Since the leased line is a structure that exclusively uses two connected areas for data transmission, a stable quality level and security are ensured, and despite the rapid increase in the number of switched lines, it is a line method that is continuously used a lot in companies. However, because the cost is relatively high, one of the important roles of the network operator in the enterprise is to maintain the optimal state by properly arranging and utilizing the resources of the network leased line. In other words, in order to properly support business service requirements, it is essential to properly manage bandwidth resources of leased lines from the viewpoint of data transmission, and properly predicting and managing leased line usage becomes a key factor. Therefore, in this study, various prediction models were applied and performance was evaluated based on the actual usage rate data of leased lines used in corporate networks. In general, the performance of each prediction was measured and compared by applying the smoothing model and ARIMA model, which are widely used as statistical methods, and the representative models of deep learning based on artificial neural networks, which are being studied a lot these days. In addition, based on the experimental results, we proposed the items to be considered in order for each model to achieve good performance for prediction from the viewpoint of effective operation of leased line resources.