• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.39B no.6
• /
• pp.333-340
• /
• 2014

Despite the security weakness of reusing passwords, many Internet users are likely to use a single ID and password on various sites to avoid the inconvenience of remembering multiple credentials. This paper proposes a scheme for securely storing, retrieving, and updating randomly chosen (ID, password) pairs by using smart cards as secure and portable storages. The scheme makes a user free from remembering her (ID, password) pairs for Internet accesses. By splitting and scattering the (ID, password) pairs of a user across the user's smart card memory and a remote server's storage, it can protect the logon credentials even from the theft or loss of the smart card. Also, a user, if deemed necessary, can issue and let the server to delete all information belonging to the user. Hence even an attacker who cracked the smart card memory would not be able to obtain any (ID, password) pair of the victim thereafter. The scheme requires a user to input a site information and pass-phrase to her smart card to obtain the logon credentials, but it should be an acceptable overhead considering the benefits of not remembering the freely chosen (ID, password) pairs at all.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.7 s.349
• /
• pp.1-13
• /
• 2006

In this paper, we introduce a novel key management scheme that is based on the key pre-distribution but provides the key re-distribution method, in order to manage keys for message encryption and authentication of lower-layer sensor nodes on hierarchical mobile sensor networks. The characteristics of our key management are as follows: First, the role of key management is distributed to aggregator nodes as well as a sink node, to overcome the weakness of centralized management. Second, a sink node generates keys using regression model, thus it stores only the information for calculating the keys using the key information received from nodes, but does not store the relationship between a node and a key, and the keys themselves. As the disadvantage of existing key pre-distributions, they do not support the key re-distribution after the deployment of nodes, and it is hard to extend the key information in the case that sensor nodes in the network enlarge. Thirdly, our mechanism provides the resilience to node capture(${\lambda}$-security), also provided by the existing key pre-distributions, and fourth offers the key freshness through key re-distribution, key distribution to mobile nodes, and scalability to make up for the weak points in the existing key pre-distributions. Fifth, our mechanism does not fix the relationship between a node and a key, thus supports the anonymity and untraceability of mobile nodes. Lastly, we compare ours with existing mechanisms, and verify our performance through the overhead analysis of communication, computation, and memory.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.12
• /
• pp.2293-2300
• /
• 2008

In ad-hoc sensor network, AODV routing information is disclosed to other nodes because AODV protocol doesn't have any security mechanisms. The problem of AODV is that an attacker can falsify the routing information in RREQ packet. If an attacker broadcasts the falsified packet, other nodes will update routing table based on the falsified one so that the path passing through the attacker itself can be considered as a shortest path. In this paper, we design the routing-information-spoofing attack such as falsifying source sequence number and hop count fields in RREQ packet. And we suggest an efficient scheme for detecting the attackers and isolating those nodes from the network without extra security modules. The proposed scheme doesn't employ cryptographic algorithm and authentication to reduce network overhead. We used NS-2 simulation to evaluate the network performance. And we analyzed the simulation results on three cases such as an existing normal AODV, AODV under the attack and proposed AODV. Simulation results using NS2 show that the AODV using proposed scheme can protect the routing-information-spoofing attack and the total n umber of received packets for destination node is almost same as the existing norm at AODV.

• The KIPS Transactions:PartC
• /
• v.17C no.1
• /
• pp.1-14
• /
• 2010

IEEE 802.15.4[1] has been standardized for the physical layer and MAC layer of LR-PANs(Low Rate-Wireless Personal Area Networks) as a technology for operations with low power on sensor networks. The standardization is applied to the variety of applications in the shortrange wireless communication with limited output and performance, for example wireless sensor or virtual wire, but it includes vulnerabilities for various attacks because of the lack of security researches. In this paper, we analyze the vulnerabilities against the denial of sleep attacks on the MAC layer of IEEE 802.15.4, and propose a detection mechanism against it. In results, we analyzed the possibilities of denial of sleep attacks by the modification of superframe, the modification of CW(Contention Window), the process of channel scan or PAN association, and so on. Moreover, we comprehended that some of these attacks can mount even though the standardized security services such as encryption or authentication are performed. In addition to, we model for denial of sleep attacks by Beacon/Association Request messages, and propose a detection mechanism against them. This detection mechanism utilizes the management table consisting of the interval and node ID of request messages, and signal strength. In simulation results, we can show the effect of attacks, the detection possibility and performance superiorities of proposed mechanism.

• Journal of Advanced Navigation Technology
• /
• v.15 no.6
• /
• pp.1059-1067
• /
• 2011

Next-Generation ITS environment requires high-speed data packet transmission, security, authentication, and hand-over supportable for driving vehicle on road by installing RSEs and OBUs. Therefore, wireless communication technology for next-generation ITS services are advancing to 200km/h maximum speed supportable, 1km communication radius, minimum 10Mbps hish-speed datarate for multimedia data(such as text, images, movie clips and so on) supportable, high reliability. In this paper, we implemented WAVE communication system which based on IEEE 802.11p PHY/MAC and evaluated that the system meets next-generation ITS environments.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.3
• /
• pp.549-555
• /
• 2007

A digital signature scheme provides integrity of the document, authentication and non-repudiation of a signer. Usually the key for digital signature is stored in hard disk or removal disk storage. The drawback of this approach is that the signer can let the agent to sign instead of the signer by providing the key information. It can be abused in applications such as electronic election. In this paper, we propose the undeniable biometric digital multi-signature scheme suitable for applications where the signer should not make an agent sign instead of himself/herself. The undeniable multi-signature scheme requires many signers and only the designated user can confirm the authenticity of multi-signature. The proposed scheme satisfies undeniable property and it is secure against active attacks such as modification and denial of the multi-signature by signers. As the key is generated through the signer's fingerprint image, it's also secure against signing by an agent.

• The Journal of the Korea Contents Association
• /
• v.19 no.12
• /
• pp.313-320
• /
• 2019

One of the causes of many damage cases that occur today by hacking attack is social engineering attack. The attacker is usually a malicious traitor or an ignorant insider. As a solution, we are strengthening security training for all employees in the organization. Nevertheless, there are frequent situations in which computers are shared. In this case, the person in charge of the computer has difficulty in tracking and responding when a specific representative accessed and what a specific representative did. In this paper, we propose the method that the person in charge of the computer tracks in real time through the smartphone when a representative access the computer, when a representative access offline using hacked or shared authentication. Also, we propose a method to prevent the leakage of important information by encrypting and backing up important files of the PC through the smartphone in case of abnormal access.

• Journal of Convergence Society for SMB
• /
• v.1 no.1
• /
• pp.67-73
• /
• 2011

Handover in high speed mobile communication service, in particulary mobile WiMAX is supported efficiency mobility to 120km/h speed. But, in order to accommodate number of user increment in a cell, wireless network is increment to microcell and picocell by allocate bandwidth and by decrease cell size. handover is occurrent and increment connection failure ratio In this result. IEEE 802.16 standard is support seamless connection through handover optimization scheme. But because authentication process is abbreviate, network weakness is exposure. In this paper, we propose handover scheme for support realtime service as VoIP, Picure communication, Streaming Data Service in order to support partially encryption method. In experiment, proposed scheme is proof which process time is increment 20% more than previous scheme.

• Journal of Internet of Things and Convergence
• /
• v.6 no.2
• /
• pp.25-29
• /
• 2020

The elliptic curve crypto-algorithm is widely used in authentication for IoT environment, since it has small key size and low communication overhead compare to the RSA public key algorithm. If the scalar multiplication, a core operation of the elliptic curve crypto-algorithm, is not implemented securely, attackers can find the secret key to use simple power analysis or differential power analysis. In this paper, an elliptic curve scalar multiplication algorithm using a randomized scalar and an elliptic curve point blinding is suggested. It is resistant to power analysis but does not significantly reduce efficiency. Given a random r and an elliptic curve random point R, the elliptic scalar multiplication kP = u(P+R)-vR is calculated by using the regular variant Shamir's double ladder algorithm, where l+20-bit u≡rn+k(modn) and v≡rn-k(modn) using 2^lP=∓cP for the case of the order n=2^l±c.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.14 no.3
• /
• pp.279-284
• /
• 2004

Fingerprints have been widely used in the biometric authentication because of its performance, uniqueness and universality. Recently, the speed of identification becomes a very important point in the fingerprint-based security applications. Also, the reliability still remains the main issue in the fingerprint identification. In this paper, we propose the fast and reliable fingerprint matching algorithm based on the process of the 'self-nonself' discrimination in the biological immune system. The proposed algorithm is organized by two-matching stage. The 1st matching stage does the matching process by the use of the 'self-space' and MHC detector string set that are generated from the minutiae and the values of the directional field. Then the 2nd matching stage is made based on the local-structure of the minutiae. The proposed two matching stage reduces matching time while the reliability of the matching algorithm is maintained.