• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1921-1936
• /
• 2017

Internet of Thing (IoT) and NFC (Near Field Communication) have got a good adaptable structure that it can be easily combined with any wireless network. Since IoT/NFC can be used to communicate wirelessly with all the transactions that can be done remotely without any physical connections. In this paper, we propose an enhanced secure IoT/NFC protocol based on LTE network that enhances the original security level provided by the LTE. Our approach is new in a sense that it covers LTE in contrast to old networks like GSM and 3G, which substantially treated in the literature. Moreover, both GSM and 3G have several drawbacks when they are combined with the NFC technology, which has potential weakness in confidentiality, integrity, and authentication. Hence our new approach will resolve the security of the new LTE system. We expect that our protocol will result in new secure applications for the smart phone markets.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.86-88
• /
• 2017

The digital door lock is an electronic door lock that uses a password system and has the function of automatically locking the door when the door is closed, thus eliminating the worry about the door lock. As the technology has gradually developed, various authentication technologies such as semiconductor key system, RFID, and fingerprint recognition have been introduced. However, there is a danger of copying the door lock key, and there are password stealing and infringement. In this paper, we develop a remote control system that can unlock or open a smartphone to supplement the user's risk. The system you are going to develop can use WiFi to check if the door is locked or open on your smartphone, and you can lock or unlock the door remotely.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.4
• /
• pp.651-660
• /
• 2008

The widespread use of public networks, such as the Internet, for the exchange of sensitive data that need a severe security, like legally valid documents and business transactions. At the same time public-key certificates used for sensitive data interchange form the viewpoint of data integrity and authentication. But there are some weakness of data transfer capacity and security in public key infrastructure(PKI) environment. This paper use the RSA one-way accumulator to realize an efficient and dynamic authenticated dictionary, where untrusted directories provide cryptographically verifiable answers to membership queries on a set maintained by a trusted source.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.2
• /
• pp.29-42
• /
• 2019

As online services become more and more popular due to the development of IT, non-face-to-face transactions are continuously increasing rather than face-to-face transactions. The personal identity proofing service(PIPS) based on the alternative method of the resident registration number is used for the purpose of confirming the identity of the other party on the Internet. However, in the case of the current PIPS, the personal information of the PIPS user is excessively provided to the online service provider. As a result, privacy problems of online users, shortage of choice of information providing options, and lack of differentiation of authentication methods are becoming problems. Therefore, this paper proposes a method to improve the PIPS based on the current resident registration number alternative method and to provide a method to differentiate the provision of excessive personal information. In the proposed method, we analyze trends and current status of overseas online PIPS in order to provide a method of providing differentiation of personal information and proposes an effective improvement method applicable to domestic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.4
• /
• pp.177-186
• /
• 2003

DRM(Digital Rights Management) is a technology that manages secure distributions and copyrights of digital contents on the Internet. It is general giving the rights to use the encrypted contents that are downloaded by a simple authorization process in the existing DRM system. Once this is done you are allowed to access. In this paper, we use RTP(Real-time Transport Protocol) for end-to-end real-time data transmission. And the system is designed to make it Possible to Protect copyrights and to distribute contents with safety through periodic authentication. We implemented DRM system to stand this basis. The proposed system vests only authorized users with authority to access the license. Hence it prevents contents to be distributed and copied illegally on networks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.49-60
• /
• 2011

Instant Messenger is one of the most popular communication service when translating message or data each other through Internet. For digital crime investigation, therefore, it is obviously important to obtain communication trace and contents derived from Instant Messenger. This is because that gathering traditional communication histories also have been important until now. However, extracting communication trace and contents are not easy because they are generally encrypted or obfuscated in local system, futhermore, sometimes they are located at server computer for Instant Messenger. This paper researches on extracting communication histories against NateOn, BuddyBuddy, Yahoo! messenger and Mi3 messenger, and obtaining user password or bypassing authentication system to Instant Messenger Service when a user use auto-login option.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.709-710
• /
• 2009

IT 기술은 인터넷 및 휴대 디바이스의 발전으로 인해 유비쿼터스 환경으로 발전해 나가고 있다. 이와 같은 변화는 사용자들에게 다양한 서비스를 제공될 것이며, 사용자들은 모바일 디바이스를 이용하여 이동하면서도 서비스를 받고자 하는 요구가 증대되고 있다. 그러나 현재의 발전 예상과 다양한 서비스와는 반대로 무선 환경이라는 특성으로 인해 기존의 유선망보다 다양한 위협사항 및 취약점을 가지고 있다. 즉 무선 환경에서 모바일 디바이스에 대한 스니핑, 도청, 서비스거부 공격, 중간자 공격, 비인가 장비 공격, 악성소프트웨어 감영 등의 보안 취약성을 내포하고 있으며, 또한 기존의 무선 환경이 가지는 위협사항을 그대로 가지고 있어 모바일 디바이스 보안에 대한 연구는 매우 중요한 실정이다. 이러한 문제점을 해결하는 방안으로 기존의 유선망뿐만 아니라 비약적으로 발전하고 있는 무선망의 WiBro, Mobile IP 등과 같은 다양한 서비스 및 프로토콜 상에서 안전하고 신뢰성 있는 인증 인가 과금을 체계적으로 제공하도록 경량화된 디바이스 보안 기술에 대한 연구를 수행하고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.844-847
• /
• 2011

Wireless mesh network (WMN) is a type of mobile ad-hoc network consists of wireless router, mobile clients and gateway which connects the network with the Internet. To provide security in the network it is required to encrypt the message sent among the communicating nodes in such way so that only legitimate user can retrieve the original data. Several security mechanisms have been proposed so far to enhance the security of WMN. However, there still exists a need for a comprehensive mechanism to prevent attacks in data communication. Considering the characteristic of mesh network, in this paper we proposed a public key cryptography based security architecture to establish a secure key agreement among communicating nodes in mesh network. The proposed security architecture consists of two major sections: client data protection and network data protection. Client data protection deals with the mutual authentication between the client and the access router and provide client to access router encryption for data confidentiality using standard IEEE 802.11i protocol. On the other hand, network data protection ensures encrypted routing and data transfer in the multi hop backbone network. For the network data protection, we used the pre-distributed public key to form a secure backbone infrastructure.

• Journal of Advanced Information Technology and Convergence
• /
• v.9 no.2
• /
• pp.15-27
• /
• 2019

This paper deals with a web-based public address system for conveying information for different institutions. An architecture for a Short Messaging Service (SMS) based public address (PA) system that can be programmed by an authorized mobile phone or device is proposed. This PA system will facilitate information transfer from heads of offices, managers, directors, and deans of the institutions to its constituents or unit area as well as enable postings of information with proper authentication and validation remotely. The system supports high priority messaging, allowing the conveyance of critical and time sensitive information. The mobility management support for the PA system will be based on the Hierarchical Mobile Internet Protocol version 6 (HMIPv6), hence, allowing for a seamless connectivity to the system. The major advantage of this proposed PA system as compared with the traditional electronic displays and bulletin boards is seamless mobility wherein the display devices can be programmed remotely by heads of the institutions and business organization. It also allows faster communication and immediate actions concerning the different institutions, organizations, and businesses, thus, ensuring high productivity.

• Journal of Internet Computing and Services
• /
• v.16 no.1
• /
• pp.47-55
• /
• 2015

Recently, the environment of a hospital information system is a trend to combine various SMART technologies. Accordingly, various smart devices, such as a smart phone, Tablet PC is utilized in the medical information system. Also, these environments consist of various applications executing on heterogeneous sensors, devices, systems and networks. In these hospital information system environment, applying a security service by traditional access control method cause a problems. Most of the existing security system uses the access control list structure. It is only permitted access defined by an access control matrix such as client name, service object method name. The major problem with the static approach cannot quickly adapt to changed situations. Hence, we needs to new security mechanisms which provides more flexible and can be easily adapted to various environments with very different security requirements. In addition, for addressing the changing of service medical treatment of the patient, the researching is needed. In this paper, we suggest a dynamic approach to medical information systems in smart mobile environments. We focus on how to access medical information systems according to dynamic access control methods based on the existence of the hospital's information system environments. The physical environments consist of a mobile x-ray imaging devices, dedicated mobile/general smart devices, PACS, EMR server and authorization server. The software environment was developed based on the .Net Framework for synchronization and monitoring services based on mobile X-ray imaging equipment Windows7 OS. And dedicated a smart device application, we implemented a dynamic access services through JSP and Java SDK is based on the Android OS. PACS and mobile X-ray image devices in hospital, medical information between the dedicated smart devices are based on the DICOM medical image standard information. In addition, EMR information is based on H7. In order to providing dynamic access control service, we classify the context of the patients according to conditions of bio-information such as oxygen saturation, heart rate, BP and body temperature etc. It shows event trace diagrams which divided into two parts like general situation, emergency situation. And, we designed the dynamic approach of the medical care information by authentication method. The authentication Information are contained ID/PWD, the roles, position and working hours, emergency certification codes for emergency patients. General situations of dynamic access control method may have access to medical information by the value of the authentication information. In the case of an emergency, was to have access to medical information by an emergency code, without the authentication information. And, we constructed the medical information integration database scheme that is consist medical information, patient, medical staff and medical image information according to medical information standards.y Finally, we show the usefulness of the dynamic access application service based on the smart devices for execution results of the proposed system according to patient contexts such as general and emergency situation. Especially, the proposed systems are providing effective medical information services with smart devices in emergency situation by dynamic access control methods. As results, we expect the proposed systems to be useful for u-hospital information systems and services.