• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1243-1257
• /
• 2019

With the emergence of the IoT environment, various smart devices provide consumers with the convenience and various services. However, as security threats such as invasion of privacy have been reported, the importance of security issues in the IoT environment has emerged, and in particular, the security problem of key management has been discussed, and the PUF has been discussed as a countermeasure. In relation to the key management problem, a protocol using MIPUF has been proposed for the security problem of the group key management system. The system can be applied to lightweight IoT environments and the safety of the PUF ensures the safety of the entire system. However, in some processes, it shows vulnerabilities in terms of safety and efficiency of operation. This paper improves the existing protocol by adding authentication for members, ensuring data independence, reducing unnecessary operations, and increasing the efficiency of database searches. Safety analysis is performed for a specific attack and efficiency analysis results are presented by comparing the computational quantities. Through this, this paper shows that the reliability of data can be improved and our proposed method is lighter than existing protocol.

• Journal of Digital Convergence
• /
• v.18 no.9
• /
• pp.57-62
• /
• 2020

Smart home based on Internet of things (IoT) is rapidly emerging as an exciting research and industry field. However, security and privacy have been critical issues due to the open feature of wireless communication channel. As a step towards this direction, Shuai et al. proposed an anonymous authentication scheme for smart home environment using Elliptic curve cryptosystem. They provided formal proof and heuristic analysis and argued that their scheme is secure against various attacks including de-synchronization attack, mobile device loss attack and so on, and provides user anonymity and untraceability. However, this paper shows that Shuai et al.'s scheme does not provide user anonymity nor untraceability, which are very important features for the contemporary IoT network environment.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.54 no.6
• /
• pp.100-105
• /
• 2017

This work presents an ECG biometric recognition system for the purpose of biometric authentication. ECG biometric approaches are divided into two major categories, fiducial-based and non-fiducial-based methods. This paper proposes a new non-fiducial framework using discrete cosine transform and a Random Forest classifier. When using DCT, most of the signal information tends to be concentrated in a few low-frequency components. In order to apply feature vector of Random Forest, DCT feature vectors of ECG heartbeats are constructed by using the first 40 DCT coefficients. RF is based on the computation of a large number of decision trees. It is relatively fast, robust and inherently suitable for multi-class problems. Furthermore, it trade-off threshold between admission and rejection of ID inside RF classifier. As a result, proposed method offers 99.9% recognition rates when tested on MIT-BIH NSRDB.

• Annual Conference of KIPS
• /
• 2017.04a
• /
• pp.483-485
• /
• 2017

최근 무선 통신 기술과 센서 디바이스들의 발달로 인터넷을 기반으로 모든 사물을 연결하여 사람과 사물, 사물과 사물 간의 정보를 상호 소통 가능한 센서 기반 IoT 환경이 다양한 분야에 활용되고 있다. 이러한 사물인터넷 환경은 지능형 서비스를 위해 다양하고 방대한 양의 디바이스 정보를 수집하며, 사용자 정보를 기반으로 서비스를 제공받고 디바이스를 제어해야 하며, 이기종 간의 디바이스를 활용함으로 올바른 표준을 기반으로 통신이 이루어져야 한다. 하지만, 사물인터넷 환경에서의 기존 연구나 표준 정의를 살펴보면, 현재 IoT 서비스에서는 이미 취약점이 들어난 커버로스 및 센서 노드의 수를 고려하지 않은 PKI 기반 보안 기술이 활용되고 있다. 따라서, 본 논문에서는 안전한 디바이스 인증을 위한 무인증서 기반 상호 인증 기법을 제안한다.

• Annual Conference of KIPS
• /
• 2016.04a
• /
• pp.253-255
• /
• 2016

정보통신의 발달로 인하여 사물간의 필요한 모든 정보를 상호작용하는 IoT(Internet of Thing)환경이 발전하고 있다. 홈 IoT환경에서는 스마트폰 어플리케이션을 통하여 집안 내부를 살펴보고 외부 침입자가 들어오면 이를 감지, 신고할 수 있는 IP Camera의 수요가 증가되고 있다. 그러나 IP Camera의 해킹 사례가 증가 하고 있고 취약한 인증, 잠재적인 공격 가능성 등 보안문제가 발견되었다. 이에 본 논문에서는 대중적으로 많이 사용되고 있는 IP Camera와 Smart Phone과의 안전한 사용자 인증 프로토콜을 제안하였다.

• Annual Conference of KIPS
• /
• 2020.05a
• /
• pp.173-176
• /
• 2020

사물인터넷의 사용이 급격히 증가함에 따라 관련 보안 기술의 개발이 매우 중요하게 되었다. 사물인터넷이 지니는 근본적인 자원 제한 요소 환경을 극복하기 위해, 최근 Chatterjee 기타 등은 정량화된 질의 응답 기반의 PUF를 활용한 인증 프로토콜을 최근 IEEE Transactions on Dependable and Secure Computing 저널에 제안하였다. 그러나 장치 간 세션 키를 주고받는 과정에서 공개된 채널에서 값을 한번 획득한 공격자는 누구나 세션 키를 만들 수 있는 치명적인 취약점이 존재한다. 본 논문에서는 이러한 취약점을 설명하고 정당한 장치만 세션 키를 만들 수 있는 방법을 제시한다.

• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.213-218
• /
• 2015

In parallel with evolving information communication technology, M2M(Machine-to-Machine) industry has implemented multi-functional and high-performance systems, and made great strides with IoT(Internet of Things) and IoE(Internet of Everything). Authentication, confidentiality, anonymity, non-repudiation, data reliability, connectionless and traceability are prerequisites for communication security. Yet, the wireless transmission section in M2M communication is exposed to intruders' attacks. Any security issues attributable to M2M wireless communication protocols may lead to serious concerns including system faults, information leakage and privacy challenges. Therefore, mutual authentication and security are key components of protocol design. Recently, secure communication protocols have been regarded as highly important and explored as such. The present paper draws on hash function, random numbers, secret keys and session keys to design a secure communication protocol. Also, this paper tests the proposed protocol with a formal verification tool, Casper/FDR, to demonstrate its security against a range of intruders' attacks. In brief, the proposed protocol meets the security requirements, addressing the challenges without any problems.

• Journal of Internet of Things and Convergence
• /
• v.1 no.1
• /
• pp.39-44
• /
• 2015

Organization is increasing the authorizing process to use public certificate and bio information. Certificate, has evolved to be able to parallel distributes the bio authentication and portable bio-authentication device. Authentication using an individual's PC and smart devices continue to generalize, while convenience for authentication is increased by comparison Study on cooperation with the security at the network level's a weak situation. If ask authentication method through the cooperation of the public certificate and bio information work with current network access control, there is a possibility to develop a more powerful security policy. by cooperation weaknesses against vulnerable personal authentication techniques on security token in a reliable and secure personal authentication techniques, such as bio-recognition, Bio Information for identification and to prevent exposing a methodology suggest to validate whether or not to carry out in this paper. In addition, organize the scenario that can work with the 802.1x network authentication method, and presented a proposal aimed at realization.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.109-116
• /
• 2018

This paper describes an area-efficient design of SHA-256 hash function that is widely used in various security protocols including digital signature, authentication code, key generation. The SHA-256 hash processor includes a padder block for padding and parsing input message, so that it can operate without software for preprocessing. Round function was designed with a 16-bit data-path that processed 64 round computations in 128 clock cycles, resulting in an optimized area per throughput (APT) performance as well as small area implementation. The SHA-256 hash processor was verified by FPGA implementation using Virtex5 device, and it was estimated that the throughput was 337 Mbps at maximum clock frequency of 116 MHz. The synthesis for ASIC implementation using a $0.18-{\mu}m$ CMOS cell library shows that it has 13,251 gate equivalents (GEs) and it can operate up to 200 MHz clock frequency.

• International Journal of Computer Science & Network Security
• /
• v.21 no.8
• /
• pp.229-237
• /
• 2021

Cloud of things (CoTs) is a newer idea which combines cloud computing (CC) with the Internet of Things (IoT). IoT capable of comprehensively producing data, and cloud computing can be presented pathways that allow for the progression towards specific destinations. Integrating these technologies leads to the formation of a separate element referred to as the Cloud of Things (CoTs). It helps implement ideas that make businesses more efficient. This technology is useful for monitoring a device or a machine and managing or connecting them. Since there are a substantial amount of machines that can run the IoT, there is now more data available from the IoT that would have to be stored on a local basis for a provisional period, and this is impossible. CoTs is used to help manage and analyze data to additionally create usable information by permitting and applying the development of advanced technology. However, combining these elements has a few drawbacks in terms of how secure the process is. This investigation aims to recent study literature from the past 3 years that talk about how secure the technology is in terms of protecting by authentication, reliability, availability, confidentiality, and access control. Additionally, this investigation includes a discussion regarding some kinds of potential attacks when using Cloud of Things. It will also cover what the various authors recommend and conclude with as well as how the situation can be approached to prevent an attack.