• Journal of Convergence for Information Technology
• /
• v.7 no.3
• /
• pp.91-96
• /
• 2017

IoT which is an abbreviation of Internet of Things refers to the communication network service among various objects such as people-people, objects-objects interconnection. The characteristic of IoT that enables direct connection among each device makes security to be considered as more emphasized factor. Though a security module such as an authentication protocol for resolving various security problems that may occur in the IoT environment has been developed, some weak points in security are still being revealed. Therefore, this paper proposes a method for including a protocol including gateway authentication procedure and mutual authentication between the devices and gateways. Protocols with additional authentication procedures can appropriately respond to attackers' spoofing attacks. In addition, important information in the message used for authentication process is protected by encryption or hash function so that it can respond to wiretapping attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.1
• /
• pp.476-496
• /
• 2018

With the advancement and deployment of wireless communication techniques, wireless body area network (WBAN) has emerged as a promising approach for e-healthcare that collects the data of vital body parameters and movements for sensing and communicating wearable or implantable healthful related information. In order to avoid any possible rancorous attacks and resource abuse, employing lightweight ciphers is most effective to implement encryption, decryption, message authentication and digital signature for security of WBAN. As a typical lightweight cryptosystem with an extended sponge function framework, the PHOTON family is flexible to provide security for the RFID and other highly-constrained devices. In this paper, we propose a differential fault analysis to break three flavors of the PHOTON family successfully. The mathematical analysis and simulating experimental results show that 33, 69 and 86 random faults in average are required to recover each message input for PHOTON-80/20/16, PHOTON-160/36/36 and PHOTON-224/32/32, respectively. It is the first result of breaking PHOTON with the differential fault analysis. It provides a new reference for the security analysis of the same structure of the lightweight hash functions in the WBAN.

• The KIPS Transactions:PartC
• /
• v.11C no.7 s.96
• /
• pp.981-992
• /
• 2004

The established NEIS has a lot of problems in the management of security. It does not realize access control in following authority because it only uses PKI certification in user certification and the use of central concentration DBMS and plain text are increased hacking possibility in NEIS. So, This paper suggests a new NEIS for the secure management of data and authority certification. First, we suggest the approached authority in AC pf PMI and user certification in following the role, RBAC. Second, we realize DB encryption plan by digital signature for the purpose of preventig DB hacking. Third, we suggest SQL counterfeit prevention by one-way hash function and safe data transmission per-formed DB encryption by digital signature.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.6
• /
• pp.425-429
• /
• 2009

Recently, Chen et al.'s proposed mutual authentication scheme based on the quadratic resiidue, finding the squaring root problem, for avoiding exhaustive search on the server. But, if a malicious reader sends same random value, the tag is traced by an adversary. Moreover, there is realization problem because of its limited ability to compute squaring and hash function. In this paper, we analyze Chen et al.'s scheme and its weakness. Furthermore we present an improved mutual authentication scheme based on the quadratic residue which solves the tracing problem by generating random value on the tag and uses only squaring. We also make the scheme satisfy to forward secrecy without updating and synchronizing and avoid exhaustive search.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.95-105
• /
• 2005

As a research on PKI is being very popular, the study relating to certificate status validation is being grown with aim to reduce an overhead of the protocol and to provide an efficient operation. The OCSP of the standard protocol related to the study enables applications to determine the revocation state of an identified certificate. However, the OCSP server can not service millions of certificate status validation requests from clients in a second on E-commerce because of the computational time for signature and verification. So, we propose the Real-time Certificate Status Validation Protocol(RCSVP) that has smaller computational time than OCSP. RCSVP server reduce the computational time of certificate status validation using hash function and common secret value. Also RCSVP client does not need the computational time of certificate verification to acquire the public key from an identified certificate. Therefore, the proposed protocol enables server to response millions of certificate status validation requests from clients in a second on E-commerce.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.10C
• /
• pp.1011-1022
• /
• 2006

WSN(Wireless Sensor Network) performs to detect and collect environmental information for one purpose. The WSN is composed of a sink node and several sensor nodes and has a constraint in an aspect of energy consumption caused by limited battery resource. So many required mechanisms in WSN should consider the remaining energy condition. To deploy WSN, tile collected information is required to protect from an adversary over the network in many cases. The security mechanism should be provided for collecting the information over the network. we propose asynchronized key management considering energy efficiency over WSN. The proposed key management is focused on independence and difference of the keys used to deliver the information over several routes over the network, so disclosure of any key does not results in exposure of total key information over the overall WSN. Also, we use hash function to update key information for energy efficiency Periodically. We define the insecurity for requested security Properties and Proof that the security properties are guaranteed. Also, we evaluate and analyze the energy efficiency for the proposed mechanism.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.9
• /
• pp.2021-2030
• /
• 2012

Premature ventricular contraction(PVC) is the most common disease among arrhythmia and it may cause serious situations such as ventricular fibrillation and ventricular tachycardia. Particularly, in the healthcare system that must continuously monitor patient's situation, it is necessary to process ECG (Electrocardiography) signal in realtime. In other words, the design of algorithm that exactly detects R wave using minimal computation and classifies PVC by analyzing the persons's physical condition and/or environment is needed. Thus, the patient adaptive pattern matching algorithm for the classification of PVC is presented in this paper. For this purpose, we detected R wave through the preprocessing method, adaptive threshold and window. Also, we applied pattern matching method to classify each patient's normal cardiac behavior through the Hash function. The performance of R wave detection and abnormal beat classification is evaluated by using MIT-BIH arrhythmia database. The achieved scores indicate the average of 99.33% in R wave detection and the rate of 0.32% in abnormal beat classification error.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.1
• /
• pp.195-202
• /
• 2011

RFID(Radio Frequency IDentification) is a system to identify objects and its usage is being extended to distribution, healthcare, and air&port etc. RFID is a contactless system environment, and reducing tag authentication time is important because multiple tags are identified at the same time. Studies about RFID system so far is, however, mostly to improve security vulnerability in the tag authentication process. Therefore, this paper suggests an efficient scheme to decrease the time of tag authentication which is also safe for the security of tag authentication process. The proposed scheme cuts down on the tag ID search time because it searches only the classified relevant ID in the database, which is one of many components of RFID system, by using identification bits for tag ID search. Consequently, the suggested scheme decreases process time for tag ID authentication by reducing the processing time and the load of the database. It also brings performance improvement of RFID system as it improves the energy applicability of passive tag.

• The Journal of the Korea Contents Association
• /
• v.15 no.11
• /
• pp.501-508
• /
• 2015

Most web sites, information systems use the ID/Password technique to identify and authenticate users. But ID/Password technique is vulnerable to security. The user must remember the ID/Password and, the password should include alphabets, numbers, and special characters, not to be predicted easily. User also needs to change your password periodically. In this paper, we propose the user authentication method that the user authentication information stored in the external storage to authenticate a user. If another person knows the ID/Password, he can't log in a system without the external storage. Whenever a user logs in a system, authentication information is generated, and is stored in the external storage. Therefore, the proposed user authentication method is the traditional ID/Password security technique, but it enhances security and, increases user convenience.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.462-473
• /
• 2010

The RFID system has the security problem of location tracking and user privacy. In order to solve this problem, the cryptographic access method using hash function is difficult to in real applications. Because there is a limit of computing and storage capacity of Tag, but the safety is proved. The lightweight authentication methods like HB and LMAP guarantee the high efficiency, but the safety is not enough to use. In this paper, we use the AES for RFID Authentication, and solve the problem of using fixed key with key change step by step. The symmetric keys of the tag and server are changed by the random number generated by tag, reader and server successively. This could prevent the key exposure. As a result, the output of the tag and reader always changes. These key changes could make it possible to prevent eavesdropping, replay attack, location tracking and spoofing.