• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.61 no.8
• /
• pp.1186-1192
• /
• 2012

In Jeju Smart Grid field test, Zigbee technology is being used as one of customer side solutions for AMI. Although Zigbee networks that provides effective connectivity and control among devices are advantages in ease of implementation and use, the data can be exposed to cyber attacks such as eavesdrop, unauthorized data dissemination and forgery. Currently authentication and confidentiality services are provided with the network and link keys generated based on public key pairs that are pre-installed in offline. However, the network is vulnerable once a hacker intrudes into a local network because operation and management policies for the generated keys are not well-established yet. In this paper, the vulnerability of the Zigbee security system in the customer side environment of Jeju Smart Grid field test is analyzed. Then, two-way authentication with the unique identifiers of devices and user-specific group management policies are proposed to resolve the vulnerability.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.85-92
• /
• 2010

There is an authentication method for participants with an encrypted ID and password as a symmetric-key in multilateral video conferencing. It is hard to manage when the security-keys makes many while the transportation processing for the encryption and decryption get complicated when the video conferencing involves a number of participants and the third party as an attackers to gain unauthorized symmetric-key to access video conference which makes a problem less secrecy. This study suggests three ways to enhance security in video conference: first, we present PKI-based X.509 certificate for authenticating the participants of multilateral conferencing and we suggest to encode and decode the video conference media data using a secrecy key created by each of the conference participants; second, a more secured multilateral video conferencing can be expected in a group communication by using the participants secrecy key in creating and distributing group keys, where the group key will be renewed whenever there is change in the group member; and finally, we suggest to encode the RTP payload of the media data before transmission.

• Journal of Digital Convergence
• /
• v.10 no.4
• /
• pp.217-222
• /
• 2012

Group communication on the Internet is exploding in popularity. Video conferencing, Enterprise IM, desktop sharing, and numerous forms of e-commerce are but a few examples of the ways in which the Internet is being used for business. The growing use of group communication has highlighted the need for advances in security. There are several approaches to securing user identities and other information transmitted over the Internet. One of the foundations of secure communication is key management, a building block for encryption, authentication, access control, and authorization.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2013.05a
• /
• pp.607-609
• /
• 2013

최근 분산 시스템의 기술이 발전하면서 소셜 네트워크 서비스(SNS)도 분산방식으로 전환해가는 추세이다. 특히, 모바일 기기 발전과 공급 확산으로 인해 모바일 기기의 분산 SNS에 대한 연구로 클라우드 컴퓨팅 기술을 응용한 모바일 클라우드 SNS가 연구되고 있다. 또한, 제 3자의 미인증 모바일 기기를 사용한 SNS 접속으로 인한 피해가 증가되고 있는 반면, 이를 방지하는 사용자 모바일 기기 인증에 대한 연구는 미흡하다. 따라서 본 논문은 Proxy Re-Encryption 기술을 응용하여 안전한 모바일 기기 인증 프로토콜을 제안한다.

• Journal of KIISE
• /
• v.42 no.1
• /
• pp.97-106
• /
• 2015

Recently, research on database encryption for data protection and query result authentication methods has been performed more actively in the database outsourcing environment. Existing database encryption schemes are vulnerable to order matching and counting attack of intruders who have background knowledge of the original database domain. Existing query result integrity auditing methods suffer from the transmission overhead of verification object. To resolve these problems, we propose a group-order preserving encryption index and a query result authentication method based on the encryption index. Our group-order preserving encryption index groups the original data for data encryption and support query processing without data decryption. We generate group ids by using the Hilbert-curve so that we can protect the group information while processing a query. Finally, our periodic function based data grouping and query result authentication scheme can reduce the data size of the query result verification. Through performance evaluation, we show that our method achieves better performance than an existing bucket-based verification scheme, it is 1.6 times faster in terms of query processing time and produces verification data that is 20 times smaller.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.18 no.4
• /
• pp.19-26
• /
• 2018

In recent years, the substantial increase in the population's average age leads to an exceeded number of older persons comparing with the number of any other age group. As a result, both industry and academia are focused on the development of several solutions aimed to guarantee a healthy and safe lifestyle to the elderly. Ambient Assisted Living (AAL) approach is the way to guarantee better life conditions for the aged and for monitoring their health conditions by the development of innovative technologies and services. AAL technologies can also provide more safety for the elderly, offering emergency response mechanisms, fall detection solutions, and video surveillance systems. Unfortunately, due to the sensitive nature of AAL data, AAL systems should satisfy security requirements such as integrity, confidentiality, availability, anonymity, and others. In this paper, we propose an adaptive authentication protocol for the AAL systems. The proposed authentication protocol not only supports several important security requirements needed by the AAL systems, but can also withstand various types of attacks. In addition, the security analysis results show that the proposed authentication protocol is more efficient and secure than the existing authentication protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.89-100
• /
• 2002

In this paper, we propose a group key management architecture for the secure group communications in mobile netwowrks and authenticated key agreement protocol for this system. Most of existing group key management schemes un certificates based on the public key for the purpose of user authentication and key agreement in secure fashion however, we use the ICPK(Implicitly Certified Public key) to reduce the bandwidth for a certificate exchanging and to improve a computational efficiency. In this architecture, we use two-tier approach to deal with key management where the whole group is divided into two parts; the first is a cell groups consisted of mobile hosts and another is a control group consisted of cell group managers. This approach can provide flexibility of key management such that the affection for a membership change is locally restricted to the cell group which is an autonomous area of the CGM(Cell Group Manager).

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2012.07a
• /
• pp.373-375
• /
• 2012

최근 다양하고 전문적인 웹 서비스와 어플리케이션들이 사용자를 위해 제공되고 있다. 이러한 서비스들은 보통 사용자의 인증을 거친 뒤 검증된 사용자에 한해 서비스를 제공하기 때문에 사용자는 매번 서비스별로 회원가입을 해야 하는 불편함을 겪고 있다. 이러한 불편함을 해결하기 위해 제 3의 서비스가 사용자의 보호된 데이터에 접근할 수 있도록 허가하는 OAuth 프로토콜이 등장하게 되었다. 본 논문에서는 OAuth 프로토콜의 동작과정과 문제점을 분석하고 피싱 공격 방어를 위한 확장된 프로토콜을 제안한다. 본 논문에서 제안하는 프로토콜은 기존의 OAuth 프로토콜에 인증 절차를 추가한 것이다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.7 no.2
• /
• pp.11-18
• /
• 1997

Chaum and Heyst first proposed group signature which is based on the undeniable signature. So, a receiver of the signature can't verify a group signature without cooperation of the signer and, in case of dispute later on, he can't reveal the identity of the signer without help of the group members. Park et. al. proposed an id-based group signature with self-authentication, in which the receiver of the signature reveals the identity of the signer without help of the group members. However, the proposed scheme has two problem : 1) the receiver can't identify the signer, since every keys of the group members hold the identification procedure. 2) By collusion of the group members, new secret key for a group signature can be computed and the secret key of the trusted center can be revealed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.29-43
• /
• 2019

In recent years, as the network traffic in the WSN(Wireless Sensor Network) has been increased by the growing number of IoT wireless devices, SDWSN(Software-Defined Wireless Sensor Network) and its security that aims a secure SDN(Software-Defined Networking) for efficiently managing network resources in WSN have received much attention. In this paper, we study on how to efficiently and securely design a PUF(Physical Unclonable Function)-assisted group key distribution scheme for the SDWSN environment. Recently, Huang et al. have designed a group key distribution scheme using the strengths of SDN and the physical security features of PUF. However, we observe that Huang et al.'s scheme has weak points that it does not only lack of authentication for the auxiliary controller but also it maintains the redundant synchronization information. In this paper, we securely design an authentication process of the auxiliary controller and improve the vulnerabilities of Huang et al.'s scheme by adding counter strings and random information but deleting the redundant synchronization information.