• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.35-41
• /
• 2015

Internet of Things has a wide range of vulnerabilities are exposed to information security threats. However, this does not deal with the basic solution, the vaccine does not secure encryption for the data transmission. The encryption and authentication message transmitted from one node to the construction of the secure wireless sensor networks is required. In order to satisfy the constraint, and security requirements of the sensor network, lightweight encryption and authentication technologies, the light key management technology for the sensor environment it is required. Mandatory sensor network security technology, privacy protection technology subchannel attack prevention, and technology. In order to establish a secure wireless sensor networks encrypt messages sent between the nodes and it is important to authenticate. Lightweight it shall apply the intrusion detection mechanism functions to securely detect the presence of the node on the network. From the sensor node is not involved will determine the authenticity of the terminal authentication technologies, there is a need for a system. Network security technology in an Internet environment objects is a technique for enhancing the security of communication channel between the devices and the sensor to be the center.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.40 no.3
• /
• pp.116-122
• /
• 2017

Advances in information technology, communication and network technology are radically facilitating digital convergences as the integration of human, equipment, and space in the current industry 4.0 era. In industry 4.0 environment, the vast amount of information with networked computing technology can be simultaneously accessible even in limited physical space. Two main benefit points out of these information are the convenience and efficiency in their online transactions either buying things online or selling online. Even though there exist so many benefits that information technology can create for the people doing business over the internet there is a critical problem to be answered. In spite of many such advantages, however, online transactions have many dysfunctions such as personal information leakage, account hacking, and cybercrime. Without preparing the appropriate protection methods or schema people reluctantly use the transaction or would find some other partners with enhanced information security environment. In this paper we suggested a novel selection criteria that can be used to evaluate the reliable means of authentication against the expected risks under on-going IoT based environment. Our selection criteria consists of 4 steps. The first step is services and risk identification step. The second step is evaluation of risk occurrence step. The third step includes the evaluation of the extent of damage. And the final step is the assessment of the level of risk. With the help of the above 4 step-approach people can systematically identify potential risks hiding in the online transactions and effectively avoid by taking appropriate counter actions.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.303-311
• /
• 2022

The tremendous growth of the Internet of things is unbelievable. Many IoT devices have emerged on the market over the last decade. This has made our everyday life easier inside our homes. The technology used at home has changed significantly over the past several decades, leading to what is known today as the smart home. However, this growth has also brought new challenges to our home security and privacy. With the smart home becoming more mainstream, cybersecurity issues have become a fundamental concern. The smart home is an environment where heterogeneous devices and appliances are interconnected through the Internet of Things (IoT) to provide smart services to residents. These services include home climate control, energy management, video on demand, music on-demand, remote healthcare, remote control, and other similar services in a ubiquitous manner. Smart home devices can be controlled via the Internet using smartphones. However, connecting smart home appliances to wireless networks and the Internet makes individuals vulnerable to malicious attacks. Remote access within the same environment or over the Internet requires an effective access control mechanism. This paper intends to shed light on how smart home devices are working as well as the type of security and privacy threats of the smart home. It also illustrated the types of authentication methods that can be used with smart home devices. In addition, a comparison of Smart home IoT-based security protocols was presented along with a security countermeasure that can be used in a smart home environment. Finally, a few open problems were mentioned as future research directions for researchers.

• Journal of Internet Computing and Services
• /
• v.19 no.6
• /
• pp.31-40
• /
• 2018

With the development of IT technology recently, medical information systems are being constructed in an integrated u-health environment through cloud services, IoT technologies, and mobile applications. These kinds of medical information systems should provide the medical staff with authorities to access patients' medical information for emergency status treatments or therapeutic purposes. Therefore, in the medical information systems, the reliable and prompt authentication processes are necessary to access the biometric information and the medical information of the patients in charge of the medical staff. However, medical information systems are accessing with simple and static user authentication mechanism using only medical ID / PWD in the present system environment. For this reason, in this paper, we suggest a dynamic situation authentication mechanism that provides transparency of medical information access including various authentication factors considering patient's emergency status condition and dynamic situation authentication system supporting it. Our dynamic Situation Authentication is a combination of user authentication and mobile device authentication, which includes various authentication factor attributes such as emergency status, role of medical staff, their working hours, and their working positions and so forth. We designed and implemented a dynamic situation authentication system including emergency status decision, dynamic situation authentication, and authentication support DB construction. Finally, in order to verify the serviceability of the suggested dynamic situation authentication system, the medical staffs download the mobile application from the medical information server to the medical staff's own mobile device together with the dynamic situation authentication process and the permission to access medical information to the patient and showed access to medical information.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.10
• /
• pp.1-6
• /
• 2019

As mobile technologies such as Internet of Things (IoT)-based smart homes and financial technologies (FinTech) are developed, authentication by smart devices is used everywhere. As a result, presence-based biometric authentication using smart devices has become a new mainstream in knowledge-based authentication methods like the existing passwords. The electrocardiogram (ECG) is less prone to forgery, and high-level personal identification is its unique feature from among various biometric authentication methods, such as the pulse, fingerprints, the face, and the iris. Biometric authentication using an ECG is receiving a great deal of attention due to its uses in healthcare and FinTech. In this study, we implemented an ECG authentication system that allows users to easily measure and authenticate their ECG waveforms using a miniaturized wearable device, rather than a large and expensive measurement device. The implemented ECG authentication system identifies ECG features through P-Q-R-S-T feature point identification, and was user-certified under the proposed authentication protocols. Finally, assessment of measurements in a majority of adult males showed a relatively low false acceptance rate of 1.73%, and a low false rejection rate of 4.14%, in a stable normal state. In a high-activity state, the false acceptance rate was 13.72%, and the false rejection rate was 21.68%. In a high-heart rate state, the false acceptance rate was 10.48%, and the false rejection rate was 11.21%.

• Journal of the Microelectronics and Packaging Society
• /
• v.23 no.2
• /
• pp.29-35
• /
• 2016

With the pace of rapid innovation in technology of IoT (Internet of Things) and smart devices, biometric technology becomes one of the most progressive industries. Recent trends in biometrics show most are focused on embedding biometric sensors in mobile devices for user authentication. Multifactor biometrics such as fingerprint, retina, voice, etc. are considering as identification system to provide users with services more secured and convenient. Here we, therefore, demonstrate some major technologies and market trends of mobile biometric technology with its concerns and issues.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.04a
• /
• pp.480-482
• /
• 2017

최근 무선 통신 기술과 센서 디바이스들의 발달로 센서 기반 IoT 환경이 다양한 분야에 활용되고 있다. 하지만, 센서 네트워크 환경을 구성하는 센서 노드는 대부분 소형 하드웨어로 구성되어 있어 메모리, 처리능력, 에너지 등에서 많은 제약사항을 가지고 있다. 또한, 이기종 센서간의 통신 절차도 필요하다. 따라서, 본 논문에서는 DisTance-Bounding 프로토콜과 해시 함수를 이용하여 센서 노드간 인증 및 키 교환을 경량화 기법을 제안한다. 제안하는 시스템은 숲이나 군사지역 등 사람이 접근하기 어려운 곳에 활용되는 센서 노드들의 배터리 수명을 향상시켜 효율적이고 지속적인 데이터 수집이 가능할 것으로 기대된다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2015.07a
• /
• pp.73-74
• /
• 2015

본 논문에서는 SSL/TLS에서 발생할 수 있는 cipher suite rollback 공격 탐지를 위해 선택된 알고리즘을 리스트로 검증하는 방법을 제안한다. 제안 기법은 SSL/TLS의 핸드셰이크 단계에서 이루어진다. 클라이언트 기기가 암호화 알고리즘의 순위를 리스트로 만들고 핸드셰이크가 끝난 후에 선택된 알고리즘의 순위를 비교해서 해당 기기에 대한 공격을 의심하도록 한다. 그러므로 우리의 제안 기법은 cipher suite rollback 공격 탐지를 향상시키고 안전한 메시지 통신을 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.471-473
• /
• 2015

앞으로 IoT가 활성화 됨에 따라 IoT 디바이스(TV, 냉장고, 차트 등)에서 결제가 가능한 시스템이 보편화 될 것이다. IoT에 핀테크 결제 시스템이 융합되어 결제 시스템이 간소화 되면서 인증 시스템 또한 간소화 되고 있다. 편리성을 추구하는 핀테크 결제 시스템은 보안에 더욱 취약해질 것으로 예상된다. 현재의 핀테크 결제 시스템을 대상으로 패스워드 인증방법의 취약점과 지문 인증방법의 취약점을 도출하여 공격 시나리오를 제안한다. 본 논문에서는 지문 패턴 인증을 통하여 편리성을 유지하면서 보안을 강화하는 대응방안을 제안한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.285-287
• /
• 2017

Currently, the world of data communication is not simply communication between server and user in a wired way, but using wireless environment, various devices communicate with each other in a wider and diverse environment to generate a large amount of data. In this environment, IoT is now located deep in our lives, and IoT technologies are used in many tasks, but the data used in IoT is exposed without sufficient protection from malicious behavior. Most of these devices do not have enough computing power to cope with malicious attacks. In this paper, we aim to make all devices that have sufficient computing power and safety from simple sensors to be able to have security according to the situation. The proposed technology is based on the importance of the device and computing power, and it is possible to select the encryption technology selectively and to improve security.