• The Journal of the Korea Contents Association
• /
• v.9 no.9
• /
• pp.9-17
• /
• 2009

RFID (Radio Frequency Identification) is a next generation technology that will replace barcode. RFID can identify an object by reading ID inside a RFID tag using radio frequency. However, because a RFID tag replies its unique ID to the request of any reader through wireless communication, it is vulnerable to attacks on security or privacy through wiretapping or an illegal reader's request. The RFID authentication protocol has been studied actively in order to solve security and privacy problems, and is used also in tag search. Recently, as the number of tags is increasing in RFTD systems and the cost of data collection is also rising, the importance of effective tag search is increasing. This study proposed an efficient search method that solved through ta9 group the problem of large volume of database computation in Miyako Ohkubo's hash chain mechanism, which meets requirements for security and privacy protection. When we searched first the group of tags with access rate of 5 or higher in a database with 100,000 records, search time decreased by around 30%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.6
• /
• pp.89-103
• /
• 2001

Through the increment of requirement for group oriented communication services, the multicast infrastructure based on a wire and wireless network has become a widely discussed researching topic. However the research of the security properties safety, efficiency and scaleability in a multicast structure, has not been enough. In this study, we propose a scalable secure multicast key management structure based on PKI(Public Key Infrastructure), IPSec, domain subgroup and structural two mode scheme to provide a integrated multicast service. Also we discuss and propose the digital nominative group signature a refreshing method for satisfying the security and trusty on the network. At the base of this work we certify to the usability of new proposed scheme from comparing it with conventional schemes in the part of safety, efficiency and scaleability.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.8
• /
• pp.22-33
• /
• 2009

Mobile Ad Hoc Networks (MANETs) are self-organized networks that do not rely in their operation on wired infrastructure. As in any networking technology, security is an essential element in MANET as well, for proliferation of this type of networks. But supporting secure communication in MANETs proved to be a significant challenge, mainly due to the fact that the set of nodes in the network can change frequently and rapidly and due to the lack of access to the wired infrastructure. In particular, the trust model and the authentication protocols, which were developed for wired and infrastructure-based networks, cannot be used in MANETs. In [1], we addressed the problem of efficient authentication of distributed mobile users in geographically large networks and proposed a new authentication scheme for this case of MANETs. The proposed scheme exploits randomized groups to efficiently share authentication information among nodes that together implement the function of a distributive Certification Authority(CA). In this paper, we analyze numerically the performance of authentication method using randomized groups and compare with the simulation result.

• The Journal of Information Systems
• /
• v.23 no.4
• /
• pp.49-74
• /
• 2014

The introduction of smartphone caused the most revolutionary change in the domestic telecommunications market after the digital revolution. However, due to the saturation of the local market, it is expected to post negative growth in 2016 and the sales of national communication carriers is in stasis. Thus, the smartphone industry is starting to shift its marketing efforts to secure the silver generation who still has room for increase in the rate of smartphone usage. As the silver generation has physical limitations and differences in needs, the marketing strategy based on the smartphone utilization is not appropriate. This study suggests the new silver generation, who has high income level and similar characteristics to the younger generation, as the new customer segment for smartphone. We analyze the effects of the major variables of UTAUT on smartphone use, as well as examine how these relationships differ between the new silver and the net generation. We verified the hypotheses using a survey with 309 smartphone users. The research findings supported the hypotheses regarding the effects of performance expectancy, effort expectancy and facilitating conditions on smartphone use, but did not support the hypothesis on the effect of social influence. The result of the group comparisons showed that both generation have similar characteristics on innovativeness and cognitive absorption, but the moderating effect of age on performance expectancy, effort expectancy and use is stronger in conjunction with the new silver generation. The study results are expected to be used in establishing a marketing strategy for the new silver generation.

• Journal of Internet Computing and Services
• /
• v.11 no.4
• /
• pp.143-158
• /
• 2010

The illegal leakage of enterprise digital confidential information will threaten the enterprise with bankruptcy. Today since most small-and-medium companies have no capability to fight against illegally compromising their critically confidential documents in spite of knowing the leakage of them, strongly safe distribution system of the digital confidential documents should be designed so in secure as to prevent any malicious intent of embezzlement from accessing the critical information. Current DRM-based protection system is not always perfect to protect the digital secrets, even seems to leave the secrets open. Therefore our study has analyzed the illegal leakage paths that hackers attack against and the vulnerability of the current protection systems. As result, we study the group communication based system architecture satisfying the security conditions to make even legitimate working employee keep out of the confidential documents, without performance degradation. The main idea of this architecture is to stay every secrets in encrypted form; to isolate the encrypted documents from the crypto-key; to associate every entity with one activity and to authenticate every entity with DSA-based public key system; multiple authentication method make hackers too busy to get a privilege to access the secrets with too many puzzle pieces. This paper deal with the basic architectural structure for the above issues.

• Journal of Digital Convergence
• /
• v.15 no.12
• /
• pp.71-77
• /
• 2017

In order for the consumers of education and university to be mutually communicating well, satisfaction surveys with a correct system are essential. This study points out the causes for insincere responses found in the process of education satisfaction surveys while discussing possible methods to elicit sincere responses from the students. As a result of analyzing S University, it was observed that enforced online evaluation methods did have a high response rate but also monotonously insincere responses showed to have a high ration among them. A second study was carried out in order to improve the research method after confirming the reliability of the research. Study results sowed that through a representative sample survey, monotonous response patterns decreased and the data distribution satisfied normal distribution. Moreover, a focus group interview was carried out in order to understand the root causes and possible solutions to the problem. Lastly, this study revealed the need of diversified attempts and research in order to secure reliability in education satisfaction surveys while proposing methods of improvement.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.9
• /
• pp.707-714
• /
• 2013

IoT, which can be regarded as an enhanced version of M2M communication technology, was proposed to realize intelligent thing to thing communications by utilizing Internet connectivity. Things in IoT are generally heterogeneous and resource constrained. Also such things are connected with each other over LLN(low power and lossy Network). Confidentiality, mutual authentication and message origin authentication are required to make a secure service in IoT. Security protocols used in traditional IP Networks cannot be directly adopted to resource constrained devices in IoT. Under the respect, a IETF standard group proposes to use lightweight version of DTLS protocol for supporting security services in IoT environments. However, the protocol can not cover up all of very constrained devices. To solve the problem, we propose a scheme which tends to support mutual authentication and session key agreement between devices that contain only a single crypto primitive module such as hash function or cipher function because of resource constrained property. The proposed scheme enhances performance by pre-computing a session key and is able to defend various attacks.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.5
• /
• pp.870-878
• /
• 2008

The level of security of most sensor nodes that comprise the sensor networks is low, but because of the low computing power and small storage capacity, it is even very difficult to apply a security algorithm efficiently to the sensor nodes. Therefore, preventing the join of an illegal node to a sensor network is impossible, and the transmitting information is easily exposed and overheard when the transmitting algorithm of the sensor node is hewn. In this paper, we propose a group key management scheme for the sensor network using polar coordinates, so that the sensor nodes can deliver information securely inside a cluster and any illegal node is prevented from joining to the cluster where a sensor network is composed of many clusters. In the proposed scheme, all of the sensor nodes in a cluster set up the authentication keys based on the pivot value provided by the CH. The intensive simulations show that the proposed scheme outperforms the pair-wise scheme in terms of the secure key management and the prevention of the illegal nodes joining to the network.

• Journal of Digital Convergence
• /
• v.19 no.10
• /
• pp.287-293
• /
• 2021

Recently, public certificates issued by nationally-recognized certification bodies have been abolished, and internet companies have issued their own common certificates as certification authority. The Electronic Signature Act was amended in a way to assign responsibility to Internet companies. As the use of a joint certificate issued by Internet companies as a certification authority is allowed, it is expected that the fraud damage caused by the theft of public key certificates will increase. We propose an authentication model that can be used in a security gateway that combines PKI with a blockchain with integrity and security. and to evaluate its practicality, we evaluated the security of the authentication model using Sugeno's hierarchical fuzzy integral, an evaluation method that excludes human subjectivity and importance degree using Delphi method by expert group. The blockchain-based joint certificate is expected to be used as a base technology for services that prevent reckless issuance and misuse of public certificates, and secure security and convenience.

• Journal of the Korea Convergence Society
• /
• v.10 no.10
• /
• pp.21-26
• /
• 2019

At present, it is indispensable to utilize data as an information society. Therefore, the database is used to manage large amounts of data. In real life, most of the data in a database is the personal information of a group of members. Because personal information is sensitive data, the role of the database administrator who manages personal information is important. However, there is a growing number of attacks on databases to use this personal information in a malicious way. SQL Injection is one of the most known and old hacking techniques. SQL Injection attacks are known as an easy technique, but countermeasures are easy, but a lot of efforts are made to avoid SQL attacks on web pages that require a lot of logins, but some sites are still vulnerable to SQL attacks. Therefore, this study suggests effective defense measures through analysis of SQL hacking technology cases and contributes to preventing web hacking and providing a secure information communication environment.