• Journal of Advanced Navigation Technology
• /
• v.14 no.4
• /
• pp.512-520
• /
• 2010

As the applications based on Mobile and Ubiquitous becoming more extensive, the communication security issues of those applications are appearing to be the most important concern. Therefore, every part of the system should be thoroughly designed and mutually coordinated in order to support overall security of the system. In this paper. we propose new technique which uses the voice features in order to generate Mobile One Time Passwords(OTPs). Voice is considered to be one of the powerful personal authentication factors of biometrics and it can be used for generating variable passwords for one time use. Also we performed a simulation of homomorphic variability of voice feature points using dendrogram and distribution of voice feature points for proposed password generation method.

• Journal of Advanced Navigation Technology
• /
• v.13 no.4
• /
• pp.532-543
• /
• 2009

As the applications within Internet and Ubiquitous becoming more extensive, the security issues of those applications are appearing to be the most important concern. Therefore, every part of the system should be thoroughly designed and mutually coordinated in order to support overall security of the system. In this paper, we propose new technique which uses the fingerprint features in order to generate Mobile One Time Passwords(OTPs). Fingerprint is considered to be one of the powerful personal authentication factors and it can be used for generating variable passwords for one time use. Also we performed a simulation of homomorphic graph variable of fingerprint feature point using dendrogram and distribution of fingerprint feature points for proposed password generation method.

• Journal of Advanced Navigation Technology
• /
• v.15 no.1
• /
• pp.39-53
• /
• 2011

As the applications within Mobile devices becoming more extensive, the mobile communication security issues of these applications and researches are appearing to be the most important concern. In this paper, we propose new integration OTP framework technique which uses the fingerprint and voice features of biometrics in order to generate Mobile One Time Passwords (OTPs) Token. The fingerprint and voice are considered to be one of the powerful personal authentication factors of biometrics and it can be used for generating variable passwords based on mobile environments for one time use. However, we performed a simulation of homomorphic variability of fingerprint and voice feature points using dendrogram and distribution of fingerprint and voice feature points for proposed password generation method, and verified validation of availability.

• Journal of information and communication convergence engineering
• /
• v.15 no.2
• /
• pp.91-96
• /
• 2017

PIN-entry interfaces have high risks to leak secret values if the malicious attackers perform shoulder-surfing attacks with advanced monitoring and observation devices. To make the PIN-entry secure, many studies have considered invisible radio channels as a secure medium to deliver private information. However, the methods are also vulnerable if the malicious adversaries find a hint of secret values from user's $na{\ddot{i}}ve$ gestures. In this paper, we revisit the state-of-art radio channel based bimodal PIN-entry method and analyze the information leakage from the previous method by exploiting the sight tracking attacks. The proposed sight tracking attack technique significantly reduces the original password complexities by 93.8% after post-processing. To keep the security level strong, we introduce the advanced bimodal PIN-entry technique. The new technique delivers the secret indicator information through a secure radio channel and the smartphone screen only displays the multiple indicator options without corresponding numbers. Afterwards, the users select the target value by following the circular layout. The method completely hides the password and is secure against the advanced shoulder-surfing attacks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.301-302
• /
• 2016

최근 바이오메트릭 센서를 내장한 스마트폰 및 모바일 기기의 보급으로 바이오메트릭 인증에 대한 사람들의 관심이 증대되고 있다. 지문 인식은 사람마다 고유한 지문 정보를 이용하여 사용자를 인증하는 것으로 다른 바이오메트릭 인증 방법에 비하여 상대적으로 비용이 저렴하고 인식률이 높아 많은 응용에 적용된다. 하지만 사람의 지문은 실리콘 또는 젤라틴과 같은 물질을 이용해 쉽게 위조가 가능한 단점이 있다. 따라서, 지문인식용 센서는 온도, 빛 등의 2차적인 인증 수단을 함께 측정할 수 있어야 하는데, 이 경우 비용이 많이 들게 된다. 본 연구에서는 인증길이(지문인식을 위해서 스캔한 시간)와 지문인식에 사용된 손가락을 2차적인 인증 수단으로 사용하여 위조 지문 공격에 대응할 수 있는 지문 인증 기법을 제안한다. 제안한 기법은 2차 인증을 위한 키패드 기반의 패스워드 입력 부담을 줄일 수 있고 경제적이다.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.35-41
• /
• 2016

Internet of Things (IoT) services are widely used in appliances of daily life and industries. IoT services also provide various conveniences to users and are expected to affect value added of all industries and national competitiveness. However, a variety of security threats are increased in IoT environments and lowers reliability of IoT devices and services that make some obstacles for commercialization. The attacks arising in IoT environments are making industrial and normal life accidents unlike existing information leak and monetary damages, and can expand damage scale of leakage of personal information and privacy more than existing them. To solve these problems, we design a session key based access control scheme for secure communications in IoT environments. The proposed scheme reinforces message security by generating session key between device and access control network system. We analyzed the stability of the proposed access scheme in terms of data forgery and corruption, unauthorized access, information disclosure, privacy violations, and denial of service attacks. And we also evaluated the proposed scheme in terms of permission settings, privacy indemnity, data confidentiality and integrity, authentication, and access control.

• The Magazine of the IEIE
• /
• v.29 no.11
• /
• pp.1333-1342
• /
• 2002

최근 들어 컴퓨터 통신의 확산과 함께 인터넷의 사용이 전 세계적으로 급증함에 따라 인터넷의 용도는 지금까지의 학술 및 연구를 대상으로한 정보 공유의 목적에서 인터넷을 마케팅의 대상으로 보고 이를 상업적으로 이용하려는 시도가 증가하고 있다. 이미 선진 외국의 경우에는 Mon-dex, Visa cash, Proton 등의 다양한 전자화폐 상품이 개발되어 사용되고 있으나 국제 호환성의 측면에서는 아직 미미한 형편이며 국제간 통용이 가능한 개방형 전자화폐 시스템 개발은 매우 필요하다. 소액지불 시스템의 국제 표준규격으로 인정받고 있는 CEPS(Common Electronic Purse Specification) 기반의 개방형 전자화폐 teem 시스템은 EMV(Europay, Master, Visa) 규격을 준용하고, PKI 기반의 보안기능을 채택하여 지불거래시 반드시 확보되어야 할 거래 데이타의 비밀성, 무결성, 부인방지 기능과 PIN(Personal Identification Number)를 이용한 사용자 인증을 제공하며 구매거래시 IC카드와 가맹점의 구매 단말기(POS)와의 오프라인 동적데이타 인증 (Dynamic Data Authentication) 방식의 상호인증을 제공한다. 개방형 전자화폐 teem 시스템의 구성 모듈은 발급, 충전, 구매, 정산, 인증시스템으로 구성되어 있으며, 웹기반의 사용자 인터페이스를 제공하고 DES, 3-DES, SHA-1, RSA, SEED등 다양한 암호 모듈과 다양한 어플리케이션의 탐재가 가능한 Java Card를 기반으로 하고 있으며, VOP(Visa Open Platform) 2.0,1, Java Card API 2.1 지원하는 시스템이다.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.1
• /
• pp.143-151
• /
• 2015

Biometric technology has been proposed as a new means to replace conventional PIN or password because it is hard to be lost and has the low possibility of illegal use. However, unlike a PIN, password, and personal information there is no way to modify the exposure if it is exposed and used illegally. Therefore, the existing single modality with single biometrics is critical when it expose. However in this paper, we use a multi-modality and multi-biometrics to authenticate between users and TTP or between users and financial institutions. Thereby, we propose a more reliable method and compared this paper with existed methods about security and performance in this paper.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.04a
• /
• pp.734-737
• /
• 2012

인체 무선망이란 USN(Ubiquitous Sensor Network)을 통해 환자의 생체 정보를 실시간으로 수집하는 환경이다. 이를 기반으로 원격지에서 생체 정보를 전달 받는 시스템이 u-RPMS(USN Remote Patient Monitoring System)이다. u-RPMS에서 실시간으로 환자의 정보들이 발생하는데 이때 실시간으로 발생한 정보들은 공유가 불가피하다. 환자의 생체 정보는 생명과 연결되기 때문에 공유할 때 안전이 중요하다. 하지만 u-RPMS에서는 무선 통신으로 동작하기 때문에 보안에 취약하며, 이를 보안하기 위해서 서버와 DB(Data Base) 사이에 인증 서버를 통해서 해결 할 것을 제시한다. 본 연구에서는 인체 무선망을 기반으로 해서 모듈화 된 오픈 소스 원격진료 플랫폼인 OpenEMed의 개인 확인 서비스(PIDS, Personal Identification Service)를 이용해 네트워크를 기반으로 한 Kerberos 인증을 제안한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.841-852
• /
• 2021

Biometric recognition refers to a technology that identifies or verifies an individual after registering each individual's physical, physiological, and behavioral characteristics with an automated device. However, the biometric data used here corresponds to personal information since it can identify an individual. Therefore, when it is compromised or misused, it negatively affects the privacy of the data subject. In this paper, we review the current status of domestic laws related to biometric information and the status of infringements related to this. And then, some biometric application models are derived and vulnerabilities and countermeasures for each model are discussed. Finally, for the developer and service provider of the biometric system, protection guidance is presented.