• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.7B
• /
• pp.858-867
• /
• 2011

The RFID(Radio-Frequency IDentification) systems have many security problem such as eavesdropping, a replay attack, location tracking and DoS(Denial of Service) attacks. Because RFID systems use radio-frequency. So research are being made to solve the problem of RFID systems, one of which is AES algorithm. This paper presents an authentication protocol using AES and one-time random number to secure other attacks like eavesdropping, a replay attack, location tracking, In addtion, RSMAP uses OTP(One-Time Pad) in order to safely transmit.

• Journal of KIISE:Computer Systems and Theory
• /
• v.26 no.10
• /
• pp.1237-1247
• /
• 1999

이질적 분산 환경에서 전자 상거래는 신임장을 기반으로 상거래 참여자들에 대한 인증 서비스가 제공되어야 한다. 본 연구에서는 CORBA 보안 명세 1 를 기반으로 전자 상거래 참여자들에 대한 객체 단위 인증 및 권한 부여 기법을 제공하는 상호 인증 서비스 구조를 제안한다. 이 구조는 Kerberos 2 의 인증 기법 및 인증 키 교환 기법으로 전자 상거래 참여자간에 상대 주체의 신원 확인 뿐 아니라 거래 진행 중 취득한 정보의 근원을 파악할 수 있도록 하였다. 또한 Kerberos 기법을 CORBA 플랫폼 기반의 상호 인증 구조로서 분산 환경에 대해 확장하였으므로 키 관리 등 보안 정보 관리에 있어 효율적이다.Abstract Electronic commerce shall provide its subjects with a credential-based authentication service in the heterogeneous distributed computing environment. In this paper, based on CORBA security service specification 1 which OMG defined, we propose the mutual authentication service for subjects of electronic commerce, providing the authentication of object level and the authenticated key exchange. This proposed structure, by Kerberos 2 for the authentication and the authenticated key exchange, assures not only the identification of a partner but also the confidence of origin of business item for negotiations between subjects of electronic commerce. Since our deployed Kerberos is extended to the mutual authentication service based on CORBA platform, it is efficient for security administration to manage the information such as a key management in the heterogeneous distributed computing environment.

• Journal of Internet of Things and Convergence
• /
• v.1 no.1
• /
• pp.39-44
• /
• 2015

Organization is increasing the authorizing process to use public certificate and bio information. Certificate, has evolved to be able to parallel distributes the bio authentication and portable bio-authentication device. Authentication using an individual's PC and smart devices continue to generalize, while convenience for authentication is increased by comparison Study on cooperation with the security at the network level's a weak situation. If ask authentication method through the cooperation of the public certificate and bio information work with current network access control, there is a possibility to develop a more powerful security policy. by cooperation weaknesses against vulnerable personal authentication techniques on security token in a reliable and secure personal authentication techniques, such as bio-recognition, Bio Information for identification and to prevent exposing a methodology suggest to validate whether or not to carry out in this paper. In addition, organize the scenario that can work with the 802.1x network authentication method, and presented a proposal aimed at realization.

• The Journal of the Korea Contents Association
• /
• v.17 no.7
• /
• pp.276-282
• /
• 2017

Password-based authentication is vulnerable because of its low cost and convenience, but it is still widely used. In order to increase the security of the password-based user authentication method, the password is changed frequently, and it is recommended to use a combination of numbers, alphabets and special characters when generating the password. However, it is difficult for users to remember passwords that are difficult to create and it is not easy to change passwords periodically. Therefore, in this paper, we implemented a user authentication system that does not require a password by using the USB memory that is commonly used. Authentication data used for authentication is protected by USB data stored in USB memory using USB device information to improve security. Also, the authentication data is one-time and reusable.Based on this, it is possible to have the same security as the password authentication system and the security level such as certificate or fingerprint recognition.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.10 no.3
• /
• pp.560-566
• /
• 2009

A low-power Radio Frequency Identification (RFID) system is an auto-identification technology that reads and writes an information of things without physical contacts using radio frequency. It is unescapable against unlawful modification, eavesdropping, tracking, or privacy of individuals because RFID systems use the radio frequency and RFID tags. Therefore we create a key using hash chain between database and tag and this process can prevent above attacks. Also we support the efficiency of proposed protocol using hash function to abate computation.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.3
• /
• pp.75-80
• /
• 2015

Vulnerability management is in compliance with security policies, and then, this is to ensure the continuity and availability of the business. In this paper, the application vulnerability management and IT infrastructure of the system is that it must be identified. And a viable vulnerability management plan should be drawn from the development phase. There are many that are not defined vulnerability in the area of identification and authentication, encryption, access control in identification and classification of vulnerabilities. They define the area without missing much in technical, managerial, and operational point of view. Determining whether the response of the identified vulnerability, and to select a countermeasure for eliminating the vulnerability.

• Journal of Digital Convergence
• /
• v.20 no.5
• /
• pp.637-642
• /
• 2022

Self-authentication technology using electrocardiogram (ECG) signals is drawing attention as a self-authentication technology that can replace existing bio-authentication. A device that recognizes a digital electronic key can be mounted on a vehicle to wirelessly exchange data with a car, and a function that can lock or unlock a car door or start a car by using a smartphone can be controlled through a smartphone. However, smart keys are vulnerable to security, so smart keys applied with bio-authentication technology were studied to solve this problem and provide driver convenience. A personal authentication algorithm using electrocardiogram was mounted on a watch-type wearable device to authenticate bio, and when personal authentication was completed, it could function as a smart key of a car. The certification rate was 95 per cent achieved. Drivers do not need to have a smart key, and they propose a smart key as an alternative that can safely protect it from loss and hacking. Smart keys using personal authentication technology using electrocardiogram can be applied to various fields through personal authentication and will study methods that can be applied to identification devices using electrocardiogram in the future.

• Journal of KIISE:Computer Systems and Theory
• /
• v.35 no.7
• /
• pp.332-339
• /
• 2008

Radio Frequency Identification (RFID) technology is an important part of infrastructures in ubiquitous computing. Although all products using tags is a target of these services, these products also are a target of attacking on user privacy and services using authentication problem between user and merchant, unfortunately. Presently, it is very important about security mechanism of RFID system and in this paper, we analyze the security protocol among many kinds of mechanisms to solve privacy and authentication problem using formal verification and propose a modified novel protocol. In addition, the possibility of practical implementation for proposed protocol will be discussed.

• The Journal of the Korea Contents Association
• /
• v.20 no.9
• /
• pp.389-396
• /
• 2020

E-authentication is one of the key functions for electronic transactions with the identification function made through the information systems. With the abolition of the mandatory use of public certificates, various private e-authentication services have emerged, and are developing to provide various additional services in addition to e-authentication. In this study, we explored the factors that affect user satisfaction with e-authentication services, compared the relative influence among the factors that we explored, and produced implications that could contribute to strengthening the competitiveness of e-authentication services. Based on the characteristics of e-authentication service, we searched and found four factors such as availability, convenience, added functionality and security. After that, we established and analyzed our research model to analyze the causal relationship between these four factors and user satisfaction. The analysis results showed that availability, convenience and security had significant effects on user satisfaction, but added functionality had no significant impact. In addition, compared to availability and convenience, security had a very strong impact on user satisfaction. This study suggests that e-authentication service providers should make efforts to make users aware of the usefulness of additional services while enhancing security.

• Journal of Information Processing Systems
• /
• v.9 no.2
• /
• pp.333-348
• /
• 2013

Mobile authentication/identification has grown into a priority issue nowadays because of its existing outdated mechanisms, such as PINs or passwords. In this paper, we introduce gait recognition by using a mobile accelerometer as not only effective but also as an implicit identification model. Unlike previous works, the gait recognition only performs well with a particular mobile specification (e.g., a fixed sampling rate). Our work focuses on constructing a unique adaptive mechanism that could be independently deployed with the specification of mobile devices. To do this, the impact of the sampling rate on the preprocessing steps, such as noise elimination, data segmentation, and feature extraction, is examined in depth. Moreover, the degrees of agreement between the gait features that were extracted from two different mobiles, including both the Average Error Rate (AER) and Intra-class Correlation Coefficients (ICC), are assessed to evaluate the possibility of constructing a device-independent mechanism. We achieved the classification accuracy approximately $91.33{\pm}0.67%$ for both devices, which showed that it is feasible and reliable to construct adaptive cross-device gait recognition on a mobile phone.