• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.97-102
• /
• 2023

IoT is being used in a lot of industry domain such as smart home, smart ocean, smart energy, and smart farm, as well as legacy information services. For a server, an IoT device using the same protocol is a trusted object. Therefore, a malicious attacker can use an unauthorized IoT device to access IoT-based information services and access unauthorized important information, and then modify or extract it to the outside. In this study, to improve these problems, we propose an IoT device authentication system used in IoT-based information service. The IoT device authentication system proposed in this study applies identifier-based authentication such as MAC address. If the IoT device authentication function proposed in this study is used, only the authenticated IoT device can access the server. Since this study applies a method of terminating the session of an unauthorized IoT device, additional research on the access deny method, which is a more secure authentication method, is needed.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.71-79
• /
• 2022

The smart grid system has emerged to maximize energy efficiency through real-time information exchange between power providers and consumers by combining information technology and power supply systems. The authentication schemes using blockchain in a smart grid system have been proposed, which utilize an edge server's architecture to collect and store electric power-related information and process data between a central cloud server and smart grid-IoT devices. Although authentication schemes are being proposed to enhance security in the smart grid environment, many vulnerabilities are still reported. This paper presents a new mutual authentication scheme to guarantee users' privacy and anonymity in a smart grid based on edge computing using blockchain. In the proposed scheme, we use the smart contract for the key management's efficiency, such as updating and discarding key materials. Finally, we prove that the proposed scheme not only securely establishes a session key between the smart grid-IoT device of the user and the edge server but also guarantees anonymity.

• Journal of Korea Multimedia Society
• /
• v.21 no.3
• /
• pp.358-368
• /
• 2018

The mobile characteristics of the smart phone are well suited to on-the-site oriented services and are being utilized in a variety of ways. However, since most applications operate on a central server basis, Internet access is inevitable, and there are various problems such as an increase in server maintenance cost and security deterioration. Although researches have been proposed to utilize the smart phone itself as a server to improve it, these methods are based on downsizing the PC-based web server or modifying the smart phone kernel. These methods have the problems that a end user has to use the rooting, and they are not able to effectively utilize various communication means of a smart phone. In this paper, we propose a design and implementation of an application level smart phone web server. The server receives the document request from the remote via the Internet and in the local area using the WPAN. At this time, the web document is stored as an internal file structure of the smart phone application. We proposed the phttp protocol which uses server's phone number as ID for document request. Through the implementation, we analyzed the capacity and latency of stored data and its effectiveness is evaluated.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.2
• /
• pp.343-350
• /
• 2010

In the existing design of web server architecture, data encryption technique is used to keep the reliability, stability, and safety of web service. But the use of data encryption technique wastes the work of cpu while decreasing throughput of web server and increasing average response time so that it shows negative effect on the capacity of web application server. Also, the latest web applications require security and safety for the safe internet communication. Therefore, this paper suggests the improved web server which uses thread pool and Non-blocking I/O adding new web service modules to the existing web server for the safe web service, provides reliability and safety to show the safe web service capacity. And we compare and evaluate the safety and capacity through experiment on the existing traditional Tomcat based web server and the proposed system to evaluate the safety and capacity of the proposed web server system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.119-131
• /
• 2009

The world's widely used key exchange protocols are open cryptographic communication protocols, such as TLS/SSL, whereas in the financial field in Korea, key exchange protocols developed by industrial classification group have been used that are based on PKI(Public Key Infrastructure) which is suitable for the financial environments of Korea. However, the key exchange protocols are not only vulnerable to client impersonation attacks and known-key attacks, but also do not provide forward secrecy. Especially, an attacker with the private keys of the financial security server can easily get an old session-key that can decrypt the encrypted messages between the clients and the server. The exposure of the server's private keys by internal management problems, etc, results in a huge problem, such as exposure of a lot of private information and financial information of clients. In this paper, we analyze the weaknesses of the cryptographic communication protocols in use in Korea. We then propose two key exchange protocols which reduce the replacement cost of protocols and are also secure against client impersonation attacks and session-key and private key reveal attacks. The forward secrecy of the second protocol is reduced to the HDH(Hash Diffie-Hellman) problem.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.287-294
• /
• 2003

Authentication and authorization are essential functions for the security of distributed network environment. Authorization is determining and to decide whether a user or process is permitted to perform a particular operation. In this paper, we design an authorization mechanism to make a system more effective with Kerberos for authentication mechanism. In the authorization mechanism, Kerberos server operates proxy privilege server. Proxy privilege server manages and permits right of users, servers and services with using proposed algorithm. Also, privilege attribute certificate issued by proxy privilege server is used in delegation. We designed secure kerberos with proposed functions for effective authorization at the same time authentication of Kerberos mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1141-1151
• /
• 2018

In an APT attack, the communication stage between infected hosts and C&C(Command and Control) server is the key stage for intrusion into the attack target. Attackers can control multiple infected hosts by the C&C Server and direct intrusion and exploitation. If the C&C Server is exposed at this stage, the attack will fail. Therefore, in recent years, the Domain Generation Algorithm (DGA) has replaced DNS in C&C Server with a short time interval for making detection difficult. In particular, it is very difficult to verify and detect all the newly registered DNS more than 5 million times a day. To solve these problems, this paper proposes a model to judge DGA-DNS detection by the morphological similarity analysis of normal DNS and DGA-DNS, and to determine the sign of APT attack through it, then we verify its validity.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.8
• /
• pp.1428-1434
• /
• 2006

In this paper, we propose the scheme solving privacy infringement in RFID systems with improving the scalability of back-end server. With RFID/USN becoming important subject, many approaches have been proposed and applied. However, limits of RFID, low computation power and storage, make the protection of privacy difficult. The Hash Chain scheme has been known as one guaranteeing forward security, confidentiality and indistinguishability. In spite of that, it is a problem that requires much of computation to identify tags in Back-End server. In this paper, we introduce an efficient key search method, the Hellman Method, to reduce computing complexity in Back-End server. Hellman Method algorism progresses pre-computation and (re)search. In this paper, after applying Hellman Method to Hash chain theory, We compared Preservation and key reference to analyze and apply to parallel With guaranteeing requistes of security for existing privacy protecting Comparing key reference reduced computation time of server to reduce computation complex from O(m) to $O(\frac{m{^2/3}}{w})$ than the existing form.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.3
• /
• pp.529-536
• /
• 2015

As personal information protection act was recently enforced, a mechanism which saves encrypted personal information has been used to Information Security systems. To use the mechanism, a millions of personal information which are already saved on the system first have to be encrypted. At the moment, it may cause a resource scarcity on server, and also take a lot of time. Thus, this paper suggests a way to encrypt millions of personal information by using multi-server with low specifications and measures its performance on test environment. And, I was compared with the performance of high- specification server. As a compared result, the mechanism with three devices by parallel and distributed processing improved its performance by 128%, and the mechanism with five devices by the same processing improved its performance by 158%.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.42 no.2
• /
• pp.349-357
• /
• 2017

Many Web sites adopt SMS(Short Message Service)-based user authentication when a user loses her password or approves an online payment. In SMS-based authentication, the authentication server sends a text in plaintext to a user's phone, and it allows an attacker who eavesdrops or intercepts the text to impersonate a valid user(victim). We propose a challenge-response scheme to prove to the authentication server that a user is in a certain place at the moment with her smartphone beside her. The proposed scheme generates a response using a challenge by the server, user's current location, and a secret on the user's smartphone all together. Consequently, the scheme is much more secure than SMS-based authentication that simply asks a user to send the same text arrived on her phone back to the server. In addition to entering the response, which substitutes the SMS text, the scheme also requests a user to input a passphrase to get the authentication process started. We believe, however, the additional typing should be tolerable to most users considering the enhanced security level of the scheme.