• Korean Security Journal
• /
• no.30
• /
• pp.61-83
• /
• 2012

Al-Qaeda follower who planned to attacks the Pentagon and the Assembly by unmanned aircraft equipped with explosives was caught in the dictionary in September 2011. In addition, high-performance unmanned aerial vehicles in the United States 'sentinel' of the technology being leaked to Iran in late 2011 was an accident. Terrorist attacks on the forces used unmanned aircraft will be the day the not too distant. The purpose of this research is to provide response plans against acts of terrorism utilizing unmanned aircrafts to prevent large losses of lives such as the terrorist attacks of September 11. Discussing in detail, this research suggests revising and newly implementing the definition and categorization of unmanned aircrafts as well as relevant punishment in current aeronautics regulations as an initial response against acts of terrorism utilizing unmanned aircrafts. This is in order to newly implement and revise current relevant regulations that inadequately address the rapidly developing and changing unmanned aircrafts which will lead to increased sense of alarm for the potential terrorists, and also to introduce a systematic tool to punish those who commit such acts by clearly establishing the grounds for punishment. Also, under the binary operating system over airspace currently implemented globally, it is impossible to identify and control the infiltration of airspace by unmanned aircrafts. Recognizing such limitations, this research suggests a combined operation of airspace for unmanned and manned aircrafts as a second way of response for acts of terrorism utilizing unmanned aircrafts. A systematic integrated operation of airspace will appropriately control unmanned/ manned aircrafts that were not previously reported or otherwise have deviated from navigation routes, and will be able to prevent terrorism attempts utilizing aircrafts beforehand.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.1
• /
• pp.81-86
• /
• 2009

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. In this paper, we propose a new identification scheme One Pass Identification. The security of Password base System is based on the square root problem, and Password base System is secure against the well known attacks including pre-play attack, off-line dictionary attack and server comprise. A number of pass of Password base System is one, and Password base System processes the password and does not need the key. We think that Password base System is excellent for the consuming time to verify the prover.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.9 no.3
• /
• pp.627-632
• /
• 2005

Almost all network systems provide an authentication mechanism based on user ID and password. In such system, it is easy to obtain the user password using a sniffer program with illegal eavesdropping. The one-time password and challenge-response method are useful authentication schemes that protect the user passwords against eavesdropping. In client/ server environments, the one-time password scheme using time is especially useful because it solves the synchronization problem. It is the stability that is based on Square Root problem, and we would like to suggest OPI(One Pass Identification), enhancing the stability for all of the well-known attacks by now including Free-playing attack, off-line Literal attack, Server and so on. OPI does not need to create the special key to read the password. OPI is very excellent in identifying the approved person within a very short time.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.9
• /
• pp.91-101
• /
• 2012

Key exchange protocols are essential for building a secure communication channel over an insecure open network. In particular, password-based key exchange protocols are designed to work when user authentication is done via the use of passwords. But, passwords are easy for human beings to remember, but are low entropy and thus are subject to dictionary attacks. Recently, Zhao and Gu proposed a new server-aided protocol for password-based key exchange. Zhao and Gu's protocol was claimed to be provably secure in a formal adversarial model which captures the notion of leakage of ephemeral secret keys. In this paper, we mount a replay attack on Zhao and Gu's protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. Our result implies that Zhao and Gu's proof of security for the protocol is invalid.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.17-30
• /
• 2008

In the paper, we consider password-based authenticated key exchange with different passwords, where the users do not share a password between themselves, but only with the server. The users make a session key using their different passwords with the help of the server. We propose an efficient password-based authenticated key exchange protocol with different passwords which achieves forward secrecy without random oracles. In fact this amount of computation and the number of rounds are comparable to the most efficient password-based authenticated key exchange protocol in the random oracle model. The protocol requires a client only to memorize a human-memorable password, and all other information necessary to run the protocol is made public.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.73-82
• /
• 2009

This paper proposes an efficient and secure user authentication and key agreement scheme instead of the HTTP digest and TLS between the SIP UA and server. Although a number of security schemes for authentication and key exchange in SIP network are proposed, they still suffer from heavy computation overhead on the UA's side. The proposed scheme uses the HTIP Digest authentication and employs the Diffie-Hellman algorithm to protect user password against dictionary attacks. For a resource-constrained SIP UA, the proposed scheme delegates cryptographically computational operations like an exponentiation operation to the SIP server so that it is more efficient than the existing schemes in terms of energy consumption on the UA. Furthermore, it allows the proposed scheme to be easily applied to the deployed SIP networks since it does not require major modification to the signaling path associated with current SIP standard.