• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.288-289
• /
• 2016

최근 사물인터넷(Internet of Things)의 발달로 인해 사물과 사물간의 통신을 이용해 사용자가 어느 곳에서나 집 또는 사무실 등의 장소의 정보를 얻을 수 있게 되었다. 하지만 IoT기기들을 스마트빌딩에 활용하는데 있어서 내부에서 공격이 발생했을 경우에 효과적으로 방어할 수 있는 방어체계가 갖추어져 있지 않아 위험하다는 점이 존재한다. 따라서 본 논문에서는 IoT 네트워크를 구축한 스마트빌딩에서 내부 사용자 접근에 대한 누적 정보를 바탕으로 스마트빌딩 내부에서 발생할 수 있는 불법적인 내부자 공격에 대하여 스마트빌딩을 안전하게 운영할 수 있는 내부자 패턴 모니터링 시스템을 제안한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.624-627
• /
• 2015

IoT 환경에서는 자원 제약적인 디바이스가 보안이 취약한 무선 네트워크에 연결될 가능성이 존재한다. 초저전력 디바이스를 지원하는 무선 네트워크 표준 DASH7 Mode 2는 보안 분야 표준화가 진행 중이며 다양한 취약점에 대한 해결 방안을 모색 중이다. 따라서 본 논문에서는 DASH7 환경에서 IoT 표준 프로토콜인 CoAP를 이용하여 안전한 메시지 전송을 위한 프로토콜을 제안하였다. 또한 데이터 위변조, 재전송 및 가장 공격에 대한 안전성에 대하여 분석하였다.

• Journal of Information Processing Systems
• /
• v.14 no.6
• /
• pp.1431-1437
• /
• 2018

Securing objects in the Internet of Things (IoT) is essential. Authentication model is one candidate to secure an object, but it is only limited to handle a specific type of attack such as Sybil attack. The authentication model cannot handle other types of attack such as trust-based attacks. This paper proposed two-phase security protection for objects in IoT. The proposed method combined authentication and statistical models. The results showed that the proposed method could handle other attacks in addition to Sybil attacks, such as bad-mouthing attack, good-mouthing attack, and ballot stuffing attack.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.12-14
• /
• 2021

For the past couple of years, the medical data has been stored in centralized systems which is not the ideal storage technique since all data can be altered, stolen, or even used for evil purposes and, furthermore, the data cannot be safely shared with other doctors and hospitals in case of patient's transfer, change of state or country, in addition, patient's health status cannot be tracked and the patient's medical history is unknown. Therefore, powerful decentralized technologies and expertise can help provide better health information and help doctors and patients to better understand the situations before and after treatment, and do more research based on immutable and trusted data. One of the proposed solutions is storing and securing data on the blockchain which is less scalable, slow and expensive. Introducing a scalable, robust medical data storage and sharing system based on AI/ML, IoT, IPFS, and blockchain.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.173-176
• /
• 2020

사물인터넷의 사용이 급격히 증가함에 따라 관련 보안 기술의 개발이 매우 중요하게 되었다. 사물인터넷이 지니는 근본적인 자원 제한 요소 환경을 극복하기 위해, 최근 Chatterjee 기타 등은 정량화된 질의 응답 기반의 PUF를 활용한 인증 프로토콜을 최근 IEEE Transactions on Dependable and Secure Computing 저널에 제안하였다. 그러나 장치 간 세션 키를 주고받는 과정에서 공개된 채널에서 값을 한번 획득한 공격자는 누구나 세션 키를 만들 수 있는 치명적인 취약점이 존재한다. 본 논문에서는 이러한 취약점을 설명하고 정당한 장치만 세션 키를 만들 수 있는 방법을 제시한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.1
• /
• pp.109-116
• /
• 2018

This paper describes an area-efficient design of SHA-256 hash function that is widely used in various security protocols including digital signature, authentication code, key generation. The SHA-256 hash processor includes a padder block for padding and parsing input message, so that it can operate without software for preprocessing. Round function was designed with a 16-bit data-path that processed 64 round computations in 128 clock cycles, resulting in an optimized area per throughput (APT) performance as well as small area implementation. The SHA-256 hash processor was verified by FPGA implementation using Virtex5 device, and it was estimated that the throughput was 337 Mbps at maximum clock frequency of 116 MHz. The synthesis for ASIC implementation using a $0.18-{\mu}m$ CMOS cell library shows that it has 13,251 gate equivalents (GEs) and it can operate up to 200 MHz clock frequency.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.7
• /
• pp.613-621
• /
• 2019

Recently, with the development of the Internet of Things (IoT) and cloud computing technologies, security threats have increased as malicious codes infect IoT devices, and new malware spreads ransomware to cloud servers. In this study, we propose a threat-detection technique that checks obfuscated script patterns to compensate for the shortcomings of conventional signature-based and behavior-based detection methods. Proposed is a malicious code-detection technique that is based on malicious script-pattern analysis that can detect zero-day attacks while maintaining the existing detection rate by registering and checking derived distribution patterns after analyzing the types of malicious scripts distributed through websites. To verify the performance of the proposed technique, a prototype system was developed to collect a total of 390 malicious websites and experiment with 10 major malicious script-distribution patterns derived from analysis. The technique showed an average detection rate of about 86% of all items, while maintaining the existing detection speed based on the detection rule and also detecting zero-day attacks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.22 no.8
• /
• pp.1133-1138
• /
• 2018

Lightweight Encryption Algorithm (LEA) is one of the most promising lightweight block cipher algorithm due to its high efficiency and security level. There are many works on the efficient LEA implementation. However, many works missed the secure application services where the IoT platforms perform secure communications between heterogeneous IoT platforms. In order to establish the secure communication channel between them, the encryption should be performed in the on-the-fly method. In this paper, we present the LEA implementation performing the on-the-fly method over the ARM Cortex-M3 processors. The general purpose registers are fully utilized to retain the required variables for the key scheduling and encryption operations and the rotation operation is optimized away by using the barrel-shifter technique. Since the on-the-fly method does not store the round keys, the RAM requirements are minimized. The implementation is evaluated over the ARM Cortex-M3 processor and it only requires 34 cycles/byte.

• Journal of Convergence for Information Technology
• /
• v.11 no.7
• /
• pp.21-30
• /
• 2021

With the development of IoT technology, various cloud computing-based services such as smart cars, smart healthcare, smart homes, and smart farms are expanding. With the advent of a new environment, various problems continue to occur, such as the possibility of exposure of important information such as personal information or company secrets, financial damage cases due to hacking, and human casualties due to malicious attack techniques. In this paper, we propose a message communication protocol for smart home-based secure communication and user data protection. As a detailed process, secure device registration, message authentication protocol, and renewal protocol were newly designed in the smart home environment. By referring to the security requirements related to the smart home service, the stability of the representative attack technique was verified, and as a result of performing a comparative analysis of the performance, the efficiency of about 50% in the communication aspect and 25% in the signature verification aspect was confirmed.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.785-788
• /
• 2016

최근 IoT 프로토콜 가운데 가장 활발히 논의되는 프로토콜로 CoAP(Constrained Application Protocol)이 있다. CoAP은 4가지 보안모드로 운영된다. 그 중 3가지 모드인 PresharedKey, RawPublicKey, Certificate 모드의 경우 DTLS(Datagram Transport Layer Security)가 적용된 방식이다. 반면 NoSec 모드는 DTLS가 적용되지 않은 기본방식이다. 본 논문에서는 DTLS의 복잡한 Handshake 방식으로 인한 전력소모 및 Performance의 저하를 고려한 새로운 방식을 제안한다. NoSec 환경의 CoAP 프로토콜에 S-Broker(Secure-Broker)를 적용한 security 및 performance 향상 방안이다. 제안한 방식으로 경량화 통신을 구현하여 무결성과 보안 강도를 높였다. 추가적으로 Proxy의 forwarding 기능과 caching 기능을 구현하여 성능의 향상을 도모한다.