• Journal of Digital Convergence
• /
• v.13 no.5
• /
• pp.213-218
• /
• 2015

In parallel with evolving information communication technology, M2M(Machine-to-Machine) industry has implemented multi-functional and high-performance systems, and made great strides with IoT(Internet of Things) and IoE(Internet of Everything). Authentication, confidentiality, anonymity, non-repudiation, data reliability, connectionless and traceability are prerequisites for communication security. Yet, the wireless transmission section in M2M communication is exposed to intruders' attacks. Any security issues attributable to M2M wireless communication protocols may lead to serious concerns including system faults, information leakage and privacy challenges. Therefore, mutual authentication and security are key components of protocol design. Recently, secure communication protocols have been regarded as highly important and explored as such. The present paper draws on hash function, random numbers, secret keys and session keys to design a secure communication protocol. Also, this paper tests the proposed protocol with a formal verification tool, Casper/FDR, to demonstrate its security against a range of intruders' attacks. In brief, the proposed protocol meets the security requirements, addressing the challenges without any problems.

• Journal of Multimedia Information System
• /
• v.8 no.1
• /
• pp.57-60
• /
• 2021

Industry 4.0 is continuous automation by applying the latest smart technologies to traditional manufacturing industries. It means that large-scale M2M (Machine-to-Machine) communication and IoT (Internet of Things) technologies are well integrated to build efficient production systems by analyzing and diagnosing various issues without human intervention. Edge computing is widely used for M2M services that handle real-time interactions between devices at industrial machinery tool sites. Here, secure data transmission is required while interacting. Thus, this paper focused on a method of creating and maintaining secret key and security tag used for message authentication between end-devices and edge-device.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.481-490
• /
• 2016

Bluetooth utilizes a symmetric key that is exchanged at the first pairing to establish a secure channel. There are four authentication modes which enables device authentication, Just work, Passkey Entry, Out of Band, and Numeric Comparison. Up to now, Just work has been considered as the authentication mode that is vulnerable to Man-In-The-Middle (MITM) Attack. In addition, it is possible to intentionally change any authentication mode to Just work mode, in order to succeed in MITM Attack under Just work mode. However, this kind of attacks have just worked under the assumption that users should not notice that authentication mode was changed. In this paper, We analyze the specification of Secure Simple Pairing, LE Legacy Pairing and LE Secure Connection Pairing. When using Passkey Entry mode on each approach, it seems the MITM attack is possible. Also it offers Passkey Entry MITM attack that does not require assumptions about the user's fault, because it isn't change verification process of the authentication mode unlike traditional attacks. We implement the proposed MITM attacks. Also we presents a scenario in which an attack can be exploited and a countermeasure.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.140-142
• /
• 2021

Mobile communication technology after 5th generation requires high speed, hyper-connection, and low latency communication. In order to meet technical requirements for secure hyper-connectivity, low-spec IoT devices that are considered the end of IoT services must also be able to provide the same level of security as high-spec servers. For the purpose of performing these security functions, it is required for cryptographic keys to have the necessary degree of stability in cryptographic algorithms. Cryptographic keys are usually generated from cryptographic random number generators. At this time, good noise sources are needed to generate random numbers, and hardware random number generators such as TRNG are used because it is difficult for the low-spec device environment to obtain sufficient noise sources. In this paper we used the chip which is based on quantum characteristics where the decay of radioactive isotopes is unpredictable, and we presented a variety of methods (TRNG) obtaining an entropy source in the form of binary-bit series. In addition, we conducted the NIST SP 800-90B test for the entropy of output values generated by each TRNG to compare the amount of entropy with each method.

• Journal of the Society of Disaster Information
• /
• v.17 no.1
• /
• pp.176-183
• /
• 2021

Purpose: The introduction of smart factories that reflect the 4th industrial revolution technologies such as AI, IoT, and VR, has been actively promoted in Korea. However, in order to solve various problems arising from existing file-based operating systems, this research will focus on identifying and verifying non-file system-based data protection technology. Method: The research will measure security storage that cannot be identified or controlled by the operating system. How to activate secure storage based on the input of digital key values. Establish a control unit that provides input and output information based on BIOS activation. Observe non-file-type structure so that mapping behavior using second meta-data can be performed according to the activation of the secure storage. Result: First, the creation of non-file system-based secure storage's data input/output were found to match the hash function value of the sample data with the hash function value of the normal storage and data. Second, the data protection performance experiments in secure storage were compared to the hash function value of the original file with the hash function value of the secure storage after ransomware activity to verify data protection performance against malicious ransomware. Conclusion: Smart factory technology is a nationally promoted technology that is being introduced to the public and this research implemented and experimented on a new concept of data protection technology to protect crucial data within the information system. In order to protect sensitive data, implementation of non-file-type secure storage technology that is non-dependent on file system is highly recommended. This research has proven the security and safety of such technology and verified its purpose.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.4
• /
• pp.1436-1457
• /
• 2018

Secure routing services in Wireless Sensor Networks (WSNs) are essential, especially in mission critical fields such as the military and in medical applications. Additionally, they play a vital role in the current and future Internet of Things (IoT) services. Lightness and efficiency of a routing protocol are not the only requirements that guarantee success; security assurance also needs to be enforced. This paper proposes a Secure-Fuzzy Energy Aware Routing Protocol (S-FEAR) for WSNs. S-FEAR applies a security model to an existing energy efficient FEAR protocol. As part of this research, the S-FEAR protocol has been analyzed in terms of the communication and processing costs associated with building and applying this model, regardless of the security techniques used. Moreover, the Qualnet network simulator was used to implement both FEAR and S-FEAR after carefully selecting the following security techniques to achieve both authentication and data integrity: the Cipher Block Chaining-Message Authentication Code (CBC-MAC) and the Elliptic Curve Digital Signature Algorithm (ECDSA). The performance of both protocols was assessed in terms of complexity and energy consumption. The results reveal that achieving authentication and data integrity successfully excluded all attackers from the network topology regardless of the percentage of attackers. Consequently, the constructed topology is secure and thus, safe data transmission over the network is ensured. Simulation results show that using CBC-MAC for example, costs 0.00064% of network energy while ECDSA costs about 0.0091%. On the other hand, attacks cost the network about 4.7 times the cost of applying these techniques.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3365-3383
• /
• 2021

The rapid growth of data has successfully promoted the development of modern information and communication technologies, which are used to process data generated by public urban departments and citizens in modern cities. In specific application areas where the ciphertext of messages generated by different users' needs to be transmitted, the concept of broadcast encryption is important. It can not only improve the transmission efficiency but also reduce the cost. However, the existing schemes cannot entirely ensure the privacy of receivers and dynamically adjust the user authorization. To mitigate these deficiencies, we propose an efficient, secure identity-based broadcast encryption scheme that achieves direct revocation and receiver anonymity, along with the analysis of smart grid solutions. Moreover, we constructed a security model to ensure wireless data transmission under cloud computing and internet of things integrated devices. The achieved results reveal that the proposed scheme is semantically secure in the random oracle model. The performance of the proposed scheme is evaluated through theoretical analysis and numerical experiments.

• Journal of Information Processing Systems
• /
• v.16 no.6
• /
• pp.1459-1478
• /
• 2020

In the last few years, quantum communication technology and services have been developing in various advanced applications to secure the sharing of information from one device to another. It is a classical commercial medium, where several Internet of Things (IoT) devices are connected to information communication technology (ICT) and can communicate the information through quantum systems. Digital communications for future networks face various challenges, including data traffic, low latency, deployment of high-broadband, security, and privacy. Quantum communication, quantum sensors, quantum computing are the solutions to address these issues, as mentioned above. The secure transaction of data is the foremost essential needs for smart advanced applications in the future. In this paper, we proposed a quantum communication model system for future ICT and methodological flow. We show how to use blockchain in quantum computing and quantum cryptography to provide security and privacy in recent information sharing. We also discuss the latest global research trends for quantum communication technology in several countries, including the United States, Canada, the United Kingdom, Korea, and others. Finally, we discuss some open research challenges for quantum communication technology in various areas, including quantum internet and quantum computing.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.14 no.3
• /
• pp.69-75
• /
• 2018

Recently, various convergence technologies are attracting attention due to the block chain innovation technology in the M2M environment. Although the block-chain-based technology is known to be secure in its own right, there are various problems such as security and weight reduction in various M2M environments connected with this. In this paper, we propose a new lightweight method for the hash tree generation of block chains to solve the lightweight problem. It is designed considering extensibility without affecting the existing block chain. Performance analysis shows that the computation performance increases with decreasing the existing hash length.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2014.11a
• /
• pp.473-475
• /
• 2014

정보통신기술(ICT)의 발전으로 사람 간의 통신에서 모든 사물들과 상호 통신으로 확장된 사물인터넷 환경이 이슈화되고 있다. 또한, 사물인터넷 환경은 기존의 데이터량보다 사용되는 데이터량이 크기 때문에 클라우드 컴퓨팅 기술을 기반으로 데이터를 처리 및 관리한다. 그러나 클라우드 기반 사물인터넷은 다양한 영역에서 여러 통신기술이 복합적으로 구성되므로 사용자의 정보가 노출될 위험이 높다. 따라서 클라우드 기반 사물인터넷 환경의 보안 위협을 분석하고 보안요구사항을 도출하여 안전성을 향상시키고자 한다.