• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.47 no.2
• /
• pp.113-120
• /
• 2010

RFID system is the contact-less recognition technology and use for distribution system, environment, transport, security and so on. However, it may create many security relevant problems such as privacy because constraints of RFID communication environment. So several methods of resolving these problems have been proposed. Recently, Shin and Park proposed an efficient RFID authentication protocol with protecting user's privacy using hash function and exclusive-OR.. But Ahn and Bu et al. poia problem that a attacker can to masquerade as malicious reader because their protocol can't providing mutual authentication.nted out weakness of Shin and Park's protocol and proposed more secure and efficient protocol. Unfortunately, Ahn and But's protocol has In this paper, We propose an improved RFID authentication protocol providing mutual authentication. The proposed protocol has advantages that providing mutual authentication between a tag and a reader, secure against replay attack and spoofing attack. Also, it guarantees anonymity of RFID tag and secure against location tracking attack by collusion of malicious readers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1551-1560
• /
• 2016

With the advancement of wearable devices and wireless body are networks, smart healthcare systems based on such technologies have been emerging to effectively monitor patient health and disease progression. In order to implement viable smart healthcare systems, the security and privacy of patient's personal health information must be considered. Yang et al. proposed a privacy-preserving authentication scheme using key-insulation technique for remote health monitoring system, however, key-insulation technique is not properly adapted to their scheme which in turn causes a security pitfall contrary to their assertions. Besides, Yang et al.'s scheme does not guarantee user anonymity against healthcare service provider. Therefore, in this paper, we discuss the security concerns for Yang et al.'s scheme and present an improved anonymous authentication scheme.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.2
• /
• pp.322-332
• /
• 2017

Wireless Body Area Networks is an environment that provides an appropriate service remotely by collecting user's biometric information. With the growing importance of sensor, WBAN also attracts extensive attention. Since WBAN is representatively used in the medical field, it can be directly related to the patient's life. Hence security is very important in WBAN. Mutual authentication between the client and the application provider is essential. And efficiency is also important because a used device is limited to computation cost. In this reason, ID-based anonymous authentication scheme in WBAN has been intensively studied. We show that the recent research result of Wu et al. which is about the ID-based anonymous authentication scheme is vulnerable to impersonation attack. And we propose a new ID-based anonymous authentication scheme that is secure against the attacks discovered in the existing schemes. Compared to the existing schemes, the computation cost of our scheme is improved by 30.6% and 7.3%.

• Journal of KIISE
• /
• v.42 no.5
• /
• pp.681-689
• /
• 2015

Personal information includes information about a living human individual. It is the information identifiable through name, resident registration number, and image, etc. Personal information which is collected by institutions can be wrongfully used, because it contains confidential information of an information object. In order to prevent this, a method is used to remove personal identification elements before distributing and sharing the data. However, even when the identifier such as the name and the resident registration number is removed or changed, personal information can be exposed in the case of a linking attack. This paper proposes a new anonymization technique to enhance data utility. To achieve this, attributes that are utilized in service tend to anonymize at a low level. In addition, the anonymization technique of the proposal can provide two or more anonymized data tables from one original data table without concern about a linking attack. We also verify our proposal by using the cooperative game theory.

• Journal of Digital Convergence
• /
• v.11 no.12
• /
• pp.393-399
• /
• 2013

Recently, the quantity and type of data that is being processed in cloud environment are varied. A method for easy access in different network in a heterogeneous environment of big data stored in the device is required. This paper propose security management method for smoothly access to big data in other network environment conjunction with attribute information between big data and user. The proposed method has a high level of safety even if user-generated random bit signal is modulated. The proposed method is sufficient to deliver any number of bits the user to share information used to secure recognition. Also, the security awareness information bit sequence generated by a third party to avoid unnecessary exposure value by passing a hash chain of the user anonymity is to be guaranteed to receive.

• Journal of The Korean Association of Information Education
• /
• v.9 no.1
• /
• pp.127-137
• /
• 2005

The interest in cyber counseling services has been increased recently by needs and merits of cyber counseling service found through various related studies. A cyber counseling service system has not only merits but also demerits such as anonymous one-off access and difficulties of forming relations. In this study, a cyber counseling service system using class homepage was developed and implemented in order to investigate counseling methods that can enhance merits and supplement demerits of cyber counseling services. As a result, it was found that the implementation of a cyber counseling service system using class homepage can fill counseling needs of students, teachers and parents by providing various counseling methods and inducing active interaction using the site-on function. Interesting menu on class homepage was effective to lead students and parents to visit the cyber counseling room, and they prefered the secret board and counseling cases to e-mail counseling. Prior acquisition of information about students and the environment allowing teachers to continuously observe students improved counseling effects and solved problems of existing counseling services.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.8
• /
• pp.1155-1160
• /
• 2013

The rapid growth of smart phones has made location-based services (LBSs) widely available. However, the use of LBS can raise privacy issues, as LBS can allow adversaries to violate the location privacy of users. There has been a considerable amount of research on preserving user location privacy. Most of these studies try to preserve location privacy by achieving what is known as location K-anonymity. In this paper, we propose a hierarchical clustering-based spatial cloaking algorithm for LBSs. The proposed algorithm constructs a tree using a modified version of agglomerative hierarchical clustering. The experimental results show, in terms of the ASR size, that the proposed algorithm is better than Hilbert Cloak and comparable to RC-AR (R-tree Cloak implementation of Reciprocal with an Asymmetric R-tree split). In terms of the ASR generation time, the proposed algorithm is much better in its performance than RC-AR and similar in performance to Hilbert Cloak.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.1
• /
• pp.153-160
• /
• 2016

In this paper, we propose a system that tracks the position of the passengers and sailors using a Bluetooth-based Beacon in the ship. The position of the tracking passengers, sometimes fatal emergencies of the rescue team, such as the sinking of the ship is utilized in order to efficiently and quickly rescue the passengers, and the collected data can be utilized additionally by grasping the flow of human traffic patterns. The system proposed in this paper, install MAC data acquisition called AP (Access Point) for each cabin, and in the installed AP retrieves Tag of the information provided to the passenger and collected. A Tag has only its own MAC Address to the privacy, no user information is not collected. All data communication by sending and receiving MAC Address was only to ensure anonymity.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.12
• /
• pp.6071-6080
• /
• 2012

Regarding the official authentication method which is a strong encrypt method for financial transactions, there has recently been a concern for the problem of storage. As a solution for such problems, this study provides the anonymous authentication method based on the smart card used for such a purpose by utilizing the pseudo ID replacing the user's personal data. Such an anonymous authentication method makes it possible to prevent any inside leakage, intermediary attack, limited re-transmission attack, service-denying attack, directional safety attack and secret inspector attack in regard to the user's personal data. As a result, there would be no concern for the leakage of any personal data. In comparative analysis, after executing the comparison and analysis process through the experiment for the authentication process by using the previously-used smart card, the new one has shown about 10% a high level of efficiency for the encrypt and decrypt process together with excellent features in terms of flexibility in regard to the user's anonymity and tracking ability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.197-212
• /
• 2020

With the advent of virtual currency and electronic wallets creating a way to make financial gains based on anonymity, malicious code dissemination using malicious mail has continued to increase. In order to minimize the damage, the human factors, security awareness and the ability to respond, which are technical factors, should be improved evenly, which can be improved through malicious mail training. This study presented a model considering the performance of malicious mail training, such as practice. It was classified as a training for enhancing awareness of security for employees and detection and response to improve their ability to respond to malicious mail. A training system suitable for the purpose, the core functions of malware training, implementation and camouflage skills, and bypass techniques were described. Based on the above model, the training data conducted over three years were collected and the effectiveness of the training was studied through analysis of the results according to the number of training sessions, training themes and camouflage techniques.