• Journal of the Korean Institute of Intelligent Systems
• /
• v.19 no.2
• /
• pp.160-167
• /
• 2009

This paper describes how to protect the personal information of a biometric reference provider wherein biometric reference and personally identifiable information are bounded in a biometric system. To overcome the shortcomings of the simple personal authentication method using a password, such as identify theft, a biometric system that utilizes physical and behavioral characteristics of each person is usually adopted. In the biometric system, the biometric information itself is personal information, and it can be used as an unique identifier that can identify a particular individual when combining with the other information. As a result, secure protection methods are required for generating, storing, and transmitting biometric information. Considering these issues, this paper proposes a method for ensuring confidentiality and integrity in storing and transferring personally identifiable information that is used in conjunction with biometric information, by extending the related X9.84 standard. This paper also outlines the usefulness of the proposition by defining a standard format represented by ASN.1, and implementing it.

• The KIPS Transactions:PartC
• /
• v.10C no.7
• /
• pp.867-878
• /
• 2003

In thls Paper, we Propose a new scheme, protecting information about the location of a mobile user against attacks from inside users of the mobile communication, especially the network providers. There have already been some proposals about how to protect location information of user in mobile communication environments〔1-5〕. Among them, Kesdogan et al.〔2, 3〕 proposed a new method, using so-called temporary pseudonyms and also described protection method against a passive and an active attack of network providers. However, the description of protection method against the active attack between the two is not clear. Moreover, there is an additional load that it should append a reachability manager〔1, 6〕 to the proposed system. Therefore, we propose a new scheme improving the above method of Kesdogan et al. and analyze its security and effectiveness.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.11
• /
• pp.495-502
• /
• 2013

In this paper, we present an anonymous authentication and location assurance protocol for secure location-aware services over vehicular ad hoc networks (VANETs). In other to achieve our goal, we propose the notion of a location-aware signing key so as to strongly bind geographic location information to cryptographic function while providing conditional privacy preservation which is a desirable property for secure vehicular communications. Furthermore, the proposed protocol provides an efficient procedure based on hash chain technique for revocation checking to effectively alleviate communication and computational costs on vehicles in VANETs. Finally, we demonstrate comprehensive analysis to confirm the fulfillment of the security objectives, and the efficiency and effectiveness of the proposed protocol.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.10
• /
• pp.4250-4267
• /
• 2015

Although many revocable group signature schemes has been proposed in vehicular ad hoc networks (VANETs), the existing schemes suffer from long computation delay on revocation that they cannot adapt to the dynamic VANETs. Based on Chinese remainder theorem and Schnorr signature algorithm, this paper proposes an efficient revocable group signature scheme in VANETs. In the proposed scheme, it only need to update the corresponding group public key when a member quits the group, and in the meanwhile the key pairs of unchanged group members are not influenced. Furthermore, this scheme can achieve privacy protection by making use of blind certificates. Before joining to the VANETs, users register at local trusted agencies (LTAs) with their ID cards to obtain blind certificates. The blind certificate will be submitted to road-side units (RSUs) to verify the legality of users. Thus, the real identities of users can be protected. In addition, if there is a dispute, users can combine to submit open applications to RSUs against a disputed member. And LTAs can determine the real identity of the disputed member. Moreover, since the key pairs employed by a user are different in different groups, attackers are not able to track the movement of users with the obtained public keys in a group. Furthermore, performance analysis shows that proposed scheme has less computation cost than existing schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.1
• /
• pp.131-146
• /
• 2012

As one of the four basic technologies of IOT (Internet of Things), M2M technology whose advance could influence on the technology of Internet of Things has a rapid development. Mobile Payment is one of the most widespread applications in M2M. Due to applying wireless network in Mobile Payment, the security issues based on wireless network have to be solved. The technologies applied in solutions generally include two sorts, encryption mechanism and authentication mechanism, the focus in this paper is the authentication mechanism of Mobile Payment. In this paper, we consider that there are four vital things in the authentication mechanism of Mobile Payment: two-way authentication, re-authentication, roaming authentication and inside authentication. Two-way authentication is to make the mobile device and the center system trust each other, and two-way authentication is the foundation of the other three. Re-authentication is to re-establish the active communication after the mobile subscriber changes his point of attachment to the network. Inside authentication is to prevent the attacker from obtaining the privacy via attacking the mobile device if the attacker captures the mobile device. Roaming authentication is to prove the mobile subscriber's legitimate identity to the foreign agency when he roams into a foreign place, and roaming authentication can be regarded as the integration of the above three. After making a simulation of our proposed authentication mechanism and analyzing the existed schemes, we summarize that the authentication mechanism based on the mentioned above in this paper and the encryption mechanism establish the integrate security framework of Mobile Payment together. This makes the parties of Mobile Payment apply the services which Mobile Payment provides credibly.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.2
• /
• pp.33-38
• /
• 2008

Biometric based authentication can provide strong security guarantee about the identity of users. However, security of biometric data is particularly important as compromise of the data will be permanent. Cancelable biometrics stores a non - invertible transformed version of the biometric data. Thus, even if the storage is compromised, the biometric data remains safe. Cancelable biometrics also provide a higher level of privacy by allowing many templates for the same biometric data and hence non-linkability of user's data stored in different databases. In this paper, we proposed the fast polynomial reconstruction algorithm for fuzzy fingerprint vault. The proposed method needs (k+1) real points to reconstruct the polynomial of degree (k-1). It enhances the speed, however, by $300{\sim}1500$ times according to the degree of polynomial compared with the exhaust search.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.143-151
• /
• 2011

When a real-time data transfer is not possible between a reader and a back-end server in the mobile environment, the reader should support a capability to search a certain tag without communicating with a back-end server. Some recent papers related to the mobile reader-based tag search protocol have addressed privacy concerns for the reader and the tags. However, to our best knowledge, there are no papers addressing the problem arising from reusing tag lists existed in the mobile reader. In other words, there arise a problem that a mobile reader which has lost an right to access to a specific tag is able to search that tag by reusing a tag list for searching a particular tag. If mobile reader having an unauthorized tag list, the mobile reader can reuse a particular tag list. Our protocol provides the enhanced secure tag lists preventing the reuse of the tag lists and an efficient tag search protocol based on dynamic identity in the mobile reader-based RFID environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.105-114
• /
• 2009

Messages exchanged among vehicles must be authenticated in order to provide collision avoidance and cooperative driving services in VANET. However, digitally signing the messages can violate the privacy of users. Therefore, we require authentication systems that can provide conditional anonymity. Recently, Zhang et al. proposed conditionally anonymous authentication system for VANET using tamper-resistant hardware. In their system, vehicles can generate identity-based public keys by themselves and use them to sign messages. Moreover, they use batch verification to effectively verify signed messages. In this paper, we provide amelioration to Zhang et al.'s system in the following respects. First, we use a more efficient probabilistic signature scheme. Second, unlike Zhang et al., we use a security proven batch verification scheme. We also provide effective solutions for key revocation and anonymity revocation problems.

• The Journal of the Convergence on Culture Technology
• /
• v.7 no.4
• /
• pp.735-743
• /
• 2021

The mobile electronic notice service (MENS) is a service that delivers a mobile electronic notice to a smartphone in the person's name through an authorized electronic document intermediary instead of a bill that was delivered by mail using paper. In order to provide the MENS, information is needed to identify the same user between the sending agency and the authorized electronic document relay. In this paper, we propose a standard for safe conversion and utilization of Connecting Information (CI) used as user identification information for MENS. In the proposed method, it is necessary for the requesting institution to send the electronic notice to provide the resident registration number to the identity verification institution and convert it into the CI. In this case, a safe and efficient MENS will be possible by proposing a review standard and processing method to verify the appropriateness of the conversion of CI. By applying the proposed method to the MENS, it can contribute to service activation and reinforcement of user privacy protection.

• Convergence Security Journal
• /
• v.22 no.4
• /
• pp.99-107
• /
• 2022

The use of smart home appliances and Internet of Things (IoT) devices is growing, enabling new interactions and automation in the home. This technology relies heavily on mobile services which leaves it vulnerable to the increasing threat of hacking, identity theft, information leakage, serious infringement of personal privacy, abnormal access, and erroneous operation. Confirming or proving such security breaches have occurred is also currently insufficient. Furthermore, due to the restricted nature of IoT devices, such as their specifications and operating environments, it is difficult to provide the same level of internet security as personal computers. Therefore, to increase the security on smart home IoT devices, attention is needed on (1) preventing hacking and user authority theft; (2) disabling abnormal manipulation; and (3) strengthening audit records for device operation. In response to this, we present a plan to build a cloud security authentication platform which features security authentication management functionality between mobile terminals and IoT devices.