• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.469-480
• /
• 2008

The recently proposed RFID(Radio Frequency Identification) authentication protocol based on a hash function can be divided into two types according to the type of information used for authentication between a reader and a tag: either a value fixed or one updated dynamically in a tag memory. In this paper, we classify the protocols into a static ID-based and a dynamic-ID based protocol and then analyze their respective strengths and weaknesses. Also, we define a new security model including forward/backward traceability, synchronization, forgery attacks. Based on the model, we analyze the previous protocols and propose a new dynamic-ID based RFID mutual authentication protocol. Our protocol provide enhanced RFID user privacy compared to previous protocols and identify a tag efficiently in terms of the operation quantity of a tag and database.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.33 no.2C
• /
• pp.208-218
• /
• 2008

We are sure that RFID system should be a widely used automatic identification system because of its various advantages and applications. However, many people know that invasions of privacy in RFID system is still critical problem that makes it difficult to be used. Many works for solving this problem have focused on light-weight cryptographic functioning in the RFID tag. An agent scheme is another approach that an agent device controls communications between the tag and the reader for protecting privacy. Generally an agent device has strong security modules and enough capability to process high-level cryptographic protocols and can guarantees consumer privacy. In this paper, we present an enhanced mobile agent for RFID privacy protection. In enhanced MARP, we modified some phases of the original MARP to reduce the probability of successful eavesdropping and to reduce the number of tag's protocol participation. And back-end server can authenticate mobile agents more easily using public key cryptography in this scheme. It guarantees not only privacy protection but also preventing forgery.

• Journal of Internet Computing and Services
• /
• v.20 no.2
• /
• pp.61-68
• /
• 2019

Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.4
• /
• pp.7-16
• /
• 2020

The mobile electronic notification service delivers notifications through mobile phone text or app-based message push to solve various problems of the paper-based mail service. And it is a service that an electronic document relay company proves to prove delivery. In order for public and administrative agencies to provide mobile electronic notification service, the user's identification information of the mobile phone number or the subscribed app is required. To overcome these limitations, ICT-regulated sandbox system was used to allow collective conversion of users' resident registration numbers into connecting information (CI). Therefore, in this paper, we propose a technical method for safe management of user CI in mobile electronic notice service, identity verification of electronic notice readers, and prevention of forgery and forgery of electronic notices. Through the proposed method, it is confirmed that the service can be activated by minimizing the adverse function of the mobile electronic notification service by securing the user's convenience and technical safety for the CI.

• Journal of Digital Convergence
• /
• v.12 no.2
• /
• pp.285-293
• /
• 2014

Two-dimensional PDF417 bar code has a wide range of use and has a storage capacity to compress a large amount of data. With these characteristics, PDF417 has been used in various ways to prevent the forgery and alteration of important information in documents. On the other hand, previous decoding methods in PDF417 barcode are slow and inefficient because they simply employ the standard specifications of AIM (Association for Automatic Identification and Mobility). Therefore, this paper propose an efficient and fast algorithm of decoding PDF417 bar code. As a result, the proposed decoding algorithm will be more faster and efficient than previous methods.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.8
• /
• pp.1466-1477
• /
• 2016

Public key infrastructure(PKI), principle technology of the certificate, is a security technology providing functions such as identification, non-repudiation, and anti-forgery of electronic documents on the Internet. Our government and financial organizations use PKI authentication using ActiveX to prevent security accident on the Internet service. However, like ActiveX, plug-in technology is vulnerable to security and inconvenience since it is only serviceable to certain browser. Therefore, the research on HTML5 authentication system has been conducted actively. Recently, domestic bank introduced PKI authentication complying with web standard for the first time. However, it still has inconvenience to register a certification on each website because of same origin policy of web storage. This paper proposes the certificate based SSO protocol that complying with web standard to provide user authentication using certificate on several sites by going around same origin policy and its security proof.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.6
• /
• pp.97-105
• /
• 2021

In this paper, we propose BCON, a service that allows individuals to store personal contents safely, and reliably guarantee their ownership of contents, certifying their identities with DIDs(Decentralized identifiers). DID technology, which supports decentralized identification service based on a blockchain that cannot forgery or alter data, allows users to selectively provide their information, controlling personal information and reinforcing their sovereignty over their identity. BCON stores information about the content specified by a user on the blockchain and Authenticates the user's identity based on DID technology. It also provides functions for the user to safely upload and download the user's content to a distributed database. BCON consists of the content service verifier, the content storage service, the content management contract, and the user application, administrating rhe DID registry for Authority management.

• Journal of Korea Society of Industrial Information Systems
• /
• v.28 no.5
• /
• pp.41-54
• /
• 2023

Smart grid that supports efficient energy production and management is used in various fields and industries. However, because of the environment in which services are provided through open networks, it is essential to resolve trust issues regarding security vulnerabilities and privacy preservation. In particular, the identification information of smart meter is managed by a centralized server, which makes it vulnerable to security attacks such as device stolen, data forgery, alteration, and deletion. To solve these problems, this paper proposes a blockchain based authentication protocol for a smart meter. The proposed scheme issues an unique decentralized identifiers (DIDs) for individual smart meter through blockchain and utilizes a random values based on physical unclonable function (PUF) to strengthen the integrity and reliability of data. In addition, we analyze the security of the proposed scheme using informal security analysis and AVISPA simulation, and show the efficiency of the proposed scheme by comparing with related work.

• Korean Security Journal
• /
• no.21
• /
• pp.155-175
• /
• 2009

RFID that provide automatic identification by reading a tag attached to material through radio frequency without direct touch has some specification, such as rapid identification, long distance identification and penetration, so it is being used for distribution, transportation and safety by using the frequency of 125KHz, 134KHz, 13.56MHz, 433.92MHz, 900MHz, and 2.45GHz. Also it is one of main part of Ubiquitous that means connecting to net-work any time and any place they want. RFID is expected to be new growth industry worldwide, so Korean government think it as prospective field and promote research project and exhibition business program to linked with industry effectively. RFID could be used for access control of person and vehicle according to section and for personal certify with password. RFID can provide more confident security than magnetic card, so it could be used to prevent forgery of register card, passport and the others. Active RFID could be used for protecting operation service using it's long distance date transmission by application with positioning system. And RFID's identification and tracking function can provide effective visitor management through visitor's register, personal identification, position check and can control visitor's movement in the secure area without their approval. Also RFID can make possible of the efficient management and prevention of loss of carrying equipments and others. RFID could be applied to copying machine to manager and control it's user, copying quantity and It could provide some function such as observation of copy content, access control of user. RFID tag adhered to small storage device prevent carrying out of item using the position tracking function and control carrying-in and carrying-out of material efficiently. magnetic card and smart card have been doing good job in identification and control of person, but RFID can do above functions. RFID is very useful device but we should consider the prevention of privacy during its application.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.10
• /
• pp.1-6
• /
• 2019

As mobile technologies such as Internet of Things (IoT)-based smart homes and financial technologies (FinTech) are developed, authentication by smart devices is used everywhere. As a result, presence-based biometric authentication using smart devices has become a new mainstream in knowledge-based authentication methods like the existing passwords. The electrocardiogram (ECG) is less prone to forgery, and high-level personal identification is its unique feature from among various biometric authentication methods, such as the pulse, fingerprints, the face, and the iris. Biometric authentication using an ECG is receiving a great deal of attention due to its uses in healthcare and FinTech. In this study, we implemented an ECG authentication system that allows users to easily measure and authenticate their ECG waveforms using a miniaturized wearable device, rather than a large and expensive measurement device. The implemented ECG authentication system identifies ECG features through P-Q-R-S-T feature point identification, and was user-certified under the proposed authentication protocols. Finally, assessment of measurements in a majority of adult males showed a relatively low false acceptance rate of 1.73%, and a low false rejection rate of 4.14%, in a stable normal state. In a high-activity state, the false acceptance rate was 13.72%, and the false rejection rate was 21.68%. In a high-heart rate state, the false acceptance rate was 10.48%, and the false rejection rate was 11.21%.