• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.89-108
• /
• 2010

Recently many mutual authentication protocol for light-weight hash-based for RFID have been proposed. Most of them have assumed that communications between a backend server and reader are secure, and not considered threats for backend server and RFID reader impersonation. In the real world, however, attacks against database or reader are more effective rather than attacks against RFID tag, at least from attacker's perspective. In this paper, we assume that all communications are not secure to attackers except the physical attack, and considering realistic threats for designing a mutual authentication protocol based on hash function. And It supports a mutual authentication and can protect against the replay attack, impersonation attack, location tracking attack, and denial of service attack in the related work. We besides provide a secure and efficient RFID mutual authentication protocol which resists impersonation attacks on all of the entities and alow a backend server to search tag-related information efficiently. We conclude with analyzing the safety and efficiency among latest works.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.33-42
• /
• 2002

We present a systematic way to armor a zero-knowledge interactive proof based identification scheme that has badly chosen keys. Keys are sometimes mistakenly chosen to be weak(neither random nor long), and a weak key is often preferred to a strong key so that it might be easy for human to remember. Weak keys severely degrade the security of ZKIP based identification schemes. We show using off-line guessing attack how the weak key threats the security of ZlKIP based identification schemes. For the proper usage of ZKIP, we introduce a specialized form of ZKIP, which has a secret coin-tossing stage. Using the secret coin tossing, a secure framework is proposed for ZKIP based identification schemes with weak key in the ideal cipher model. The framework is very useful in password based authentication and key exchange protocol

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1387-1399
• /
• 2016

In a hyper-connected society realized through IoT-enabled technology, a large amount of data is collected by various devices and is processed to provide new services to users. While communicating through a network, it is essential for devices to execute mutual authentication since users' privacy can be infringed by malicious attackers. ID-based signature enables authentication and key exchange with a unique ID of a device. However, most of the previous ID-based signature schemes based on RSA require an additional step to share parameters for key exchange so that they are not suitable for resource-constrained devices in terms of efficiency. In this paper, we design an efficient ID-based signature and thereby propose an efficient ID-based authentication and key exchange protocol in which sessions for both an authentication and a key exchange are executed simultaneously. In addition, we prove the security of our scheme under the RSA onewayness problem and analyze the efficiency by comparing with the previous schemes.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38C no.1
• /
• pp.12-18
• /
• 2013

In 2012, Woosik Bae proposed a DAP3-RS(Design of Authentication Protocol for Privacy Protection in RFID Systems) using the hash function and AES(Advanced Encryption Standard) algorithm to hide Tag's identification and to generates variable data in every session. He argued that the DAP3-RS is safe from spoofing attack, replay attack, traffic analysis and etc. Also, the DAP3-RS resolved problem by fixed metaID of Hash-Lock protocol using AES algorithm. However, unlike his argue, attacker can pass authentication and traffic analysis using by same data and fixed hash value on the wireless. We proposed authentication protocol based on AES algorithm. Also, our protocol is secure and efficient in comparison with the DAP3-RS.

• Journal of Dairy Science and Biotechnology
• /
• v.33 no.4
• /
• pp.253-262
• /
• 2015

The authentication and implications of misleading labeling in milk and dairy products is important to protect against cheating consumers from adulteration and to alert sensitive consumers to any undeclared potential allergens. This need to support milk and dairy products labeling has led to the development of specific analytical techniques for the analysis of milk and dairy products ingredients. Recently, several methods based on polymerase chain reaction (PCR), including restriction fragment length polymorphism (PCR-RFLP), multiplex PCR, species-specific PCR, and real-time PCR, have been proposed as useful means for identifying species of origin in milk and dairy products, as well as quantifying and detecting any adulteration. These methods have particular advantages owing to their high specificity and sensitivity, as well as rapid processing time. In this review, we provide an updated and extensive overview of the PCR-based methods used for milk and dairy products authentication with a particular focus on the application of PCR methods to detect adulteration.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.5
• /
• pp.1087-1096
• /
• 2011

Vehicular Ad Hoc Network(VANET) using wireless network is offering the communications between vehicle and vehicle(V2V) or vehicle and infrastructure(V2I). VANET is being actively researched from industry field and university because of the rapid developments of the industry and vehicular automation. Information, collected from VANET, of velocity, acceleration, condition of road and environments provides various services related with safe drive to the drivers, so security over network is the inevitable factor. For the secure message authentication, a number of authentication proposals have been proposed. Among of them, a scheme, proposed by Jung, applying database search algorithm, Bloom filter, to RAISE scheme, is efficient authentication algorithm in a dense space. However, k-anonymity used for obtaining the accurate vehicular identification in the paper has a weak point. Whenever requesting the righteous identification, all hash value of messages are calculated. For this reason, as the number of car increases, a amount of hash operation increases exponentially. Moreover the paper does not provide a complete key exchange algorithm while the hand-over operation. In this paper, we use a Received Signal Strength Indicator(RSSI) based velocity and distance estimation algorithm to localize the identification and provide the secure and efficient algorithm in which the problem of hand-over algorithm is corrected.

• Information Systems Review
• /
• v.23 no.4
• /
• pp.1-22
• /
• 2021

In the newly encountered economy caused by the Corona virus Disease-19, remote transaction becomes a new normal that disrupt traditional economic order. In the middle of the disruption, mobile tech is placed and remote finance on mobile is highly noticed and considered as an infra-tech to support the new ecology, In mobile finance. remote payment is becoming the most common service and personal identification on it is critical to operate the new service. There are various means of remotely identifying a person. Recently the use of biometric information is increasing. In this study, a correlation analysis was conducted on factors that effects to biometrics usage and the intention to use in remote personal identification. Variables for critical factor in the remote identification were classified into 4 groups such as Performance expectancy, Effort expectancy, Social influence, and Security. The empirical analysis based on the Unified Theory of Acceptance and Use of Technology (UTAUT) was conducted. The relationship between variables and the intention to use is also analyzed. In the study, stepwise regression analysis was conducted four times in which variables were adjusted in individual stage. As a result, the analysis suggests that performance expectancy, effort expectancy, social influence, security have positive effects for intention to use. Additionally, effort expectancy and security have moderating effects to intention to use depends on biometric authentication experience. The analysis has shown positive effect of variables grouped on the intention to use them. It also suggests that the intention to use biometric authentication will quickly grow. This study is expected to make a contribution to utilize and improve the use of biometric information in mobile payment.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.101-107
• /
• 2007

In recent years, electronic financial services, such as internet banking, come into wide use since the personal computer and network technology have made reasonably good progress. The growth of electronic financial service contributes to promoting the business efficiency of financial institution and promoting the convenience of financial customer, while the security on electronic financial service is getting more important because it is not face-to-face financial service. Therefore, the financial sector had decided to introduce the OTP (One Time Password) in order to authenticate the identification of customer and has built the Integrated OTP Authentication Center for a customer being able to use only one OTP token in electronic financial transaction with several financial institution. In this paper, we introduce the business of Integrated OTP Authentication Center and present the security analysis on integrated OPT authentication service, which is the main function of Integrated OTP Authentication Center.

• Journal of Information Processing Systems
• /
• v.14 no.5
• /
• pp.1114-1135
• /
• 2018

A multiple classification system based on a new boosting technique has been approached utilizing different biometric traits, that is, color face, iris and eye along with fingerprints of right and left hands, handwriting, palm-print, gait (silhouettes) and wrist-vein for person authentication. The images of different biometric traits were taken from different standard databases such as FEI, UTIRIS, CASIA, IAM and CIE. This system is comprised of three different super-classifiers to individually perform person identification. The individual classifiers corresponding to each super-classifier in their turn identify different biometric features and their conclusions are integrated together in their respective super-classifiers. The decisions from individual super-classifiers are integrated together through a mega-super-classifier to perform the final conclusion using programming based boosting. The mega-super-classifier system using different super-classifiers in a compact form is more reliable than single classifier or even single super-classifier system. The system has been evaluated with accuracy, precision, recall and F-score metrics through holdout method and confusion matrix for each of the single classifiers, super-classifiers and finally the mega-super-classifier. The different performance evaluations are appreciable. Also the learning and the recognition time is fairly reasonable. Thereby making the system is efficient and effective.

• Journal of KIISE:Computer Systems and Theory
• /
• v.32 no.10
• /
• pp.512-519
• /
• 2005

E-BLP security model considers the reliability of the processes that are real subjects in systems. This paper deals with the implementation of the E-BLP model for secure embedded systems. Implemented EBSM(E-BLP Based Security Module) consists of three components: identification and authentication, access control and BRC(Dynamic Reliability Check) that checks the process behavior dynamically. Access Control of EBSM ensures unreliable processes not to access the sensitive objects and the DRC detects the buffer overflow attack by normal user. Besides, the performance overhead of the embedded system applying the EBSM is introduced.