• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.17 no.6
• /
• pp.127-135
• /
• 2017

Recently, the most brand new vehicles contain a lot of ECU for comfortable and safety driving environments. For efficient communication network among ECUs, almost car manufactures use CAN protocol which enables to decrease the number of communication lines dramatically and ensures higher data transmission reliability. However, CAN dose not ensure authentication of CAN data frame. So it is vulnerable to replay-attack on CAN data frame. This paper proposes the practical message authentication technique for In-vehicle CAN. To transmit data and MAC together, it is very useful to use the short length of MAC after considering limited space of CAN data frame. However to ensure safety of MAC, additional technique is required. We suggested a message authentication technique that can be usefully applied to build a safety network inside the vehicle because it considers limited data payload of CAN.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.1C
• /
• pp.25-34
• /
• 2004

In mobile agent environments, cascaded delegations among places occur frequently due to the mobility of agents. Cascaded delegation in mobile agent environments can be defined as the process whereby the delegated place delegates the rights of the delegating place further. The representative study for delegation in mobile agent environments is Berkovits et al.'s study. Their study only defines the messages that is sent between the place executing the agent and the place where the agent migrates. Because their study considers only the delegation between two places which participate in migration of an agent, it is inadequate in the situation that the cascaded delegation is necessary. In other words, the relationships among the messages sent from and to places is necessary. However, their study does not exist the relationships. In this paper, we propose a delegation scheme that provides agents with secure cascaded delegation. The proposed scheme achieves the goal by nesting each delegation token within the signed part of the next immediate delegation token. We prove that the proposed scheme is secure against the attack of replaying a message and of substituting a delegation token.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.4B
• /
• pp.435-441
• /
• 2009

The one-time password system solves the problem concerning password reuse caused by the repeated utilization of an identical password. The password reuse problem occurs due to the cyclic repetition at the time of password creation, and authentication failure can occur due to time deviation or non-synchronization of the number of authentication. In this study, the password is created asynchronously and exchanged with the user, who then signs using a digital signature in exchange for the password and a valid verification is requested along with the certificate to ensure non-repudiation. Besides this, a verification system for one-time password is proposed and designed to improve security by utilizing the validity verification that is divided into certificate verification and password verification. Comparative analysis shows that the mechanism proposed in this study is better than the existing methods in terms of replay attack, non-repudiation and synchronization failure.

• The Journal of Society for e-Business Studies
• /
• v.25 no.2
• /
• pp.99-108
• /
• 2020

Unlike a general IT environment, an industrial control system is an environment where stability and continuity are more important than security. In the event of a security accident in the industrial control system, physical motion can be controlled, so physical damage can occur and physical damage can even result in personal injury. Cyber attacks on industrial control systems are not simply cyber damage, but terrorism. However, the security of industrial control systems has not been strengthened yet, and many vulnerabilities are actually occurring. This paper shows that the PLC can be remotely controlled by analyzing the connection process and packets for the PLC protocol used in the industrial control system and bypassing the security mechanism existing in the protocol. Through this, we intend to raise the security awareness of the industrial control system.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.6
• /
• pp.167-172
• /
• 2013

In a paper recently published in the International Journal of Parallel, Emergent and Distributed Systems, Biswas et al. proposed a VANET message authentication scheme which uses an identity-based proxy signature mechanism as an underlying primitive. The authors claimed that their scheme supports various security features including the security of proxy-key, the security against message forgery and the security against replay attack, with non-repudiation and resistance to proxy-key compromise. Here, we show how an active attacker, who has no knowledge of an original message sender's private key, can compute the proxy-signature key of the corresponding message sender, meaning that the scheme is completely insecure. We also suggest an enhanced version of the protocol capable of solving such serious security holes.

• The KIPS Transactions:PartC
• /
• v.10C no.1
• /
• pp.17-26
• /
• 2003

Mobile agent system comes into the spotlight since it contributes largely to mobile computing on distributed network environment. However, this system has a number of significant security Problems. In this Paper, we analyze suity attacks to mobile agent system Presented by NIST[3]. In order to protect this system from them, we suggest a security protocol for mobile agent system by employing R based key distribution and digital multi-signature scheme. To solve these problems described in NIST, securities for mobile agent and agent platform shouid be accomplished. Comparing with other protocols, our protocol performs both of these securities, while other protocols mentioned only one of them. Proposed Protocol satisfies simplicity of key management, providing security service such as confidentiality, integrity, authentication and preventing reputation, liveness guarantee, protection of excution-result data and preventing replay attack. Furthermore, it is designed to detect message modification immediately by verifying each step of agent execution at a corresponding server.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.4C
• /
• pp.451-457
• /
• 2006

A peer-to-peer(P2P) network is inherently vulnerable to malicious attacks from participating peers because of its open, flat, and autonomous nature. This paper addresses the problem of effectively defending from active attacks of malicious peers at bootstrapping phase and at online phase, respectively. We propose a secure membership handling protocol to protect the assignment of ID related things to a newly joining peer with the aid of a trusted entity in the network. The trusted entities are only consulted when new peers are joining and are otherwise uninvolved in the actions of the P2P networks. For the attacks in online phase, we present a novel message structure applied to each message transmitted on the P2P overlay. It facilitates the detection of message alteration, replay attack and a message with wrong information. Taken together, the proposed techniques deter malicious peers from cheating and encourage good peers to obey the protocol of the network. The techniques assume a basic P2P overlay network model, which is generic enough to encompass a large class of well-known P2P networks, either unstructured or not.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.3B
• /
• pp.462-473
• /
• 2010

The RFID system has the security problem of location tracking and user privacy. In order to solve this problem, the cryptographic access method using hash function is difficult to in real applications. Because there is a limit of computing and storage capacity of Tag, but the safety is proved. The lightweight authentication methods like HB and LMAP guarantee the high efficiency, but the safety is not enough to use. In this paper, we use the AES for RFID Authentication, and solve the problem of using fixed key with key change step by step. The symmetric keys of the tag and server are changed by the random number generated by tag, reader and server successively. This could prevent the key exposure. As a result, the output of the tag and reader always changes. These key changes could make it possible to prevent eavesdropping, replay attack, location tracking and spoofing.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.5
• /
• pp.71-78
• /
• 2009

In RFID system, the communicated data can be easily eavesdropped and tampered with by an attacker because the communication between the reader and the tag is performed in an insecure channel. Therefore, authentication is an important role in RFID applications for providing security and privacy. In 2006, Lee, Asano and Kim proposed an RFID mutual authentication protocol (the LAK protocol) which utilizes a hash function and synchronized secret information. However, Cao and Shen showed that the LAK protocol is vulnerable to replay attack, and therefore an adversary can impersonate the tag. This paper proposes a new simple two-round RFID mutual authentication (TRMA) protocol based on secure one-way hash function. As a result, the proposed TRMA protocol not only can prevent various attacks and but also provides communication efficiency since they mutually authenticate by performing two-round between RFID tag and RFID reader.

• Current Optics and Photonics
• /
• v.3 no.2
• /
• pp.119-127
• /
• 2019

A new secret-key-sharing cryptosystem using optical phase-shifting digital holography is proposed. The proposed secret-key-sharing algorithm is based on the Diffie-Hellman key-exchange protocol, which is modified to an optical cipher system implemented by a two-step quadrature phase-shifting digital holographic encryption method using orthogonal polarization. Two unknown users' private keys are encrypted by two-step phase-shifting digital holography and are changed into three digital-hologram ciphers, which are stored by computer and are opened to a public communication network for secret-key-sharing. Two-step phase-shifting digital holograms are acquired by applying a phase step of 0 or ${\pi}/2$ in the reference beam's path. The encrypted digital hologram in the optical setup is a Fourier-transform hologram, and is recorded on CCDs with 256 quantized gray-level intensities. The digital hologram shows an analog-type noise-like randomized cipher with a two-dimensional array, which has a stronger security level than conventional electronic cryptography, due to the complexity of optical encryption, and protects against the possibility of a replay attack. Decryption with three encrypted digital holograms generates the same shared secret key for each user. Schematically, the proposed optical configuration has the advantage of producing a kind of double-key encryption, which can enhance security strength compared to the conventional Diffie-Hellman key-exchange protocol. Another advantage of the proposed secret-key-sharing cryptosystem is that it is free to change each user's private key in generating the public keys at any time. The proposed method is very effective cryptography when applied to a secret-key-exchange cryptosystem with high security strength.