• Journal of Information Processing Systems
• /
• v.8 no.3
• /
• pp.495-520
• /
• 2012

A secure Electronic Payment System (EPS) is essential for the booming online shopping market. A successful EPS supports the transfer of electronic money and sensitive information with security, accuracy, and integrity between the seller and buyer over the Internet. SET, CyberCash, Paypal, and iKP are the most popular Credit Card-Based EPSs (CCBEPSs). Some CCBEPSs only use SSL to provide a secure communication channel. Hence, they only prevent "Man in the Middle" fraud but do not protect the sensitive cardholder information such as the credit card number from being passed onto the merchant, who may be unscrupulous. Other CCBEPSs use complex mechanisms such as cryptography, certificate authorities, etc. to fulfill the security schemes. However, factors such as ease of use for the cardholder and the implementation costs for each party are frequently overlooked. In this paper, we propose a Web service based new payment system, based on ANSI X9.59-2006 with extra features added on top of this standard. X9.59 is an Account Based Digital Signature (ABDS) and consumer-oriented payment system. It utilizes the existing financial network and financial messages to complete the payment process. However, there are a number of limitations in this standard. This research provides a solution to solve the limitations of X9.59 by adding a merchant authentication feature during the payment cycle without any addenda records to be added in the existing financial messages. We have conducted performance testing on the proposed system via a comparison with SET and X9.59 using simulation to analyze their levels of performance and security.

• The KIPS Transactions:PartC
• /
• v.11C no.5
• /
• pp.605-612
• /
• 2004

In MIPv6, unauthenticated binding updates expose the involved MN and CN to various security attacks. Thus, protecting the binding update process becomes of paramount importance in the MIPv6, and several secure binding update protocols have been proposed. In this paper, we pro-pose a novel protocol for the secure binding updates in MIPv6, which can resolve the drawbacks of the Deng-Zhou-Bao's protocol ［2］, by adopt-ing Aura's CGA scheme with two hashes ［9］. Aura's scheme enables our protocol to achieve stronger security than other CGA-based protocols without a trusted CA, resulting in less cost of verifying the HA's public key than the Deng-Zhou-Bao's protocol. Through the comparison of our protocol with other protocols such as the Deng-Zhou-Bao's protocol, CAM-DH and SUCV, we show that our protocol can provide better performance and manageability in addition to stronger security than other approaches.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.5
• /
• pp.297-301
• /
• 2013

Key agreement protocols allow multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. Since Joux first published the pairing-based one round tripartite key agreement protocol, many authenticated protocols have been proposed. Unfortunately, many of them have been broken while others have been shown to be deficient in some desirable security attributes. In 2004, Cheng et al. presented two protocols aimed at strengthening Shim's certificate-based and Zhang et al.'s tripartite identity-based protocols. This paper reports that 1) In Cheng et al.'s identity-based protocol, an adversary can extract long-term private keys of all the parties involved; and 2) Cheng et al.'s certification-based protocol is weak against key integrity attacks. This paper suggests possible remedies for the security flaws in both protocols and then presents a modified Cheng et al.'s identity-based, one-round tripartite protocol that is more secure than the original protocol.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2006.05a
• /
• pp.979-982
• /
• 2006

암호 API 및 PKI 클래스를 토대로 하는 PKI 시스템의 개발은 암호 알고리즘을 활용한 보안 서비스의 중요한 위치를 차지하고 있으며, 현재 네트워크 기반의 각종 서비스에서 강력한 보안 기능을 제공하는 부분으로, 각종 보안 서비스의 제공을 위해서 가장 먼저 구축되어야 할 부분이다. 본 논문에서는 자바 암호 API 및 PKI 관련 클래스를 바탕으로 사용자 인증(User Authentication), 인가(Authorization), 부인-방지(Non-Requdation), 전자서명(Electronic Signature) 등의 보안 서비스를 제공할 수 있는 X.509 전자인증서를 발행하는 PKI 시스템을 연구하였으며, 향후 각종 보안 서비스의 제공에 있어서 중요한 위치를 차지할 수 있을 것이다. 또한, 자바 기반의 PKI 시스템은 이식성이 매우 높으며, 개별 서비스에 대한 모듈 형식으로 구성되어 있어, 그 활용의 범위가 고정되지 않고 다양한 시스템 및 서비스에 적용할 수 있는 장점을 가지고 있다.

• Proceedings of the KIEE Conference
• /
• 2008.10b
• /
• pp.466-467
• /
• 2008

There are many new technologies for EMU to secure the facilities' safety/validity and maintenance/economical efficiency and technologic competitiveness. For example, now the EMU is using the blending brake technology with electric brake and pneumatic brake and carrying the various performances such as jerk limitation, variable load and blending brake to stop the motor car safely and efficiently. The blending brake takes important parts in braking the cars and It is used in many fields of urban transit. There were many limitations to carry the performances and certificate whether the performances are acceptable in the system or not, because at that time they didn't take the whole prelieminarly inspection. Now we start applying such new methods, taking the whole inspection prior to the installation by analyzing systems requirements and introducing various system engineering design tools. In this paper, we suggest how to reduce the errors by prelieminarly inspection for the brake facilities using the tools and inspect the needs to analyze the brake facilities' performances.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.12
• /
• pp.5878-5884
• /
• 2011

We present steganographic service model and algorism that fit feature of streaming audio book service in order to hide information of copyright and certificate of it. Secret information is encrypted with random numger by secret key that client and server share, so that increase confidentiality. We made secret data distributed randomly and evenly, and improved throughput by simplifying additional computations considering streaming environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2007.10a
• /
• pp.729-732
• /
• 2007

In this paper, we described about the home device authentication framework, certificate issuing process and home device authentication method. since the home device authentication scheme of the public key infrastructure would be more needed as the number of home device can participate in the home network increased, we described about the home device authentication system of the public key infrastructure. Moreover, we described about the construction method of CA adminstration interface for convenient CA administration.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1461-1464
• /
• 2005

In contrast with conventional networks, mobile ad hoc networks usually do not provide online access to trusted authorities or to centralized servers, and they exhibit frequent partitioning due to link and node failures and node mobility. For these reasons, traditional security solutions that require online trusted authorities or certificate repositories, but those are not well-suited for securing ad hoc networks. Moreover, a fundamental issue of securing mobile ad hoc networks is to ensure mobile nodes can authenticate each other. Because of its strength and efficiency, public key and digital signature is an ideal mechanism to construct the authentication service. Although this is already mature in the internet application, providing public key based authentication is still very challenging in mobile ad hoc networks. In this paper I propose a secure public key authentication service based on clustering model and trust model to protect nodes from getting false public keys of the others efficiently when there are malicious nodes in the network.

• Journal of the Korea Safety Management & Science
• /
• v.6 no.3
• /
• pp.161-174
• /
• 2004

The existing PKI authentication structure uses the OCSP method. The primary task of OCSP is to verify the status of a transaction after verifying the validity of the certificate; but, because of continuing policy changes and updates within the PKI authentication method, the status of certificates and the structures are not consistent. Therefore, the SCVP method can be selected as the broadest method for completing authentication tasks accurately because the SCVP method includes validation of policy changes. An appropriate method for building an mobile environment within the capabilities of low-memory and reduced processing CPU needs to be assessed and developed. This thesis proposes a verification method that is independent of platform and applicable to any 05 in building and expanding the mobile environment.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11c
• /
• pp.1917-1920
• /
• 2003

오늘날 대부분의 인증 시스템들은 PKI 환경으로 변화하는 추세이며, 인증서의 역할은 날로 중요해지고 있다. 만일 이런 인증서가 위조 된다면 심각한 정보 사고가 발생할 것이다. 따라서 인증서는 위조되면 안될 것이다. 그러나 인증서 위조 가능성은 존재한다. 왜냐하면 디지털 서명 방식을 사용하고 있기 때문이다. 인증서 위조 방법은 두 가지가 있다. 첫 번째가 인증기관의 비밀키를 알아내는 방법이고, 두 번째는 디지털 서명에 사용되는 해쉬 알고리즘의 충돌(Collision) 문제를 이용하여 위조하는 방법이다. 어느 것으로든 인증서가 위조되면 어느 누구도 기술적으로 위조라는 사실을 증명할 수 없다. 위조 인증서는 디지털 검증 방식에 의해 모두 유효하게 판정되기 때문이다. 첫 번째 방법은 디지털 서명에 있어서 원천적인 문제이다. 따라서 본 논문은 두 번째 방법인 해쉬 알고리즘의 충돌 문제를 이용한 위조를 해결하는 방법에 대해 연구한다. 또한 인증 경로를 최적화하는 방법에 대해서도 연구한다.