• Journal of the Korea Society of Computer and Information
• /
• v.17 no.7
• /
• pp.107-115
• /
• 2012

Recently, Li and Hwang scheme proposed a biometrics-based remote user authentication scheme using smart card. It is asserted that this scheme has very excellent benefits by the operation cost efficiency based on the smart card, one-way function and biometrics using random numbers. But this scheme cannot provide the properly authentication, especially, it is analyzed as the vulnerable security scheme for Denial-of-Service(DoS) attacks by impersonate attacks. The attacker controls the insecure channel, they can easily fabricate messages to pass the user's or server's authentication, and the malicious attacker can impersonate the user to cheat the server and can impersonate the server to cheat the user without knowing any secret information. This paper proposes the strong improved scheme which can respond to multiple attacks by supplementing the function of integrity check from the server which applied variable authenticator and OSPA without exposing the user's password information. It is supplemented pregnable of disguise attack and mutual authentication of Li and Hwang scheme.

• Convergence Security Journal
• /
• v.13 no.3
• /
• pp.17-23
• /
• 2013

Clustering is required to configure clustering interdependent structural technology. Clustering handles variable workloads or impede continuity of service to continue operating in the event of a failure. Long as high-availability clustering feature focuses on server operating systems. Active-standby state of two systems when the active server fails, all services are running on the standby server, it takes the service. This function switching or switchover is called failover. Long as high-availability clustering feature focuses on server operating systems. The cluster node that is running on multiple systems and services have to duplicate each other so you can keep track of. In the event of a node failure within a few seconds the second node, the node shall perform the duties broken. Structure for high-availability clustering efficiency should be measured. System performance of infrastructure systems performance, latency, response time, CPU load factor(CPU utilization), CPU processes on the system (system process) channels are represented.

• Journal of Digital Convergence
• /
• v.17 no.12
• /
• pp.235-241
• /
• 2019

The structure of the IoT can be divided into devices, gateways, and servers. First, the gateway collects data from the device, and the gateway sends data to the server through HTTP protocol, Websocket protocol, and MQTT protocol. The processing server then processes, analyzes, and transforms the data, and the database makes it easy to store and use this data. These IoT services are basically centralized structures with servers, so attacks on the entire platform are concentrated only on the central server, which makes hacking more successful than distributed structures. One way to solve this problem is to develop IoT that combines blockchain. Therefore, the proposed research suggests that the blockchain is a distributed structure, in which blocks containing small data are connected in a chain form, so that each node agrees and verifies the data with each other, thereby increasing reliability and lowering the probability of data forgery.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.25-37
• /
• 2004

A certificate is expected to use for its entire validity period. However, a false information record of user and compromise of private key may cause a certificate to become invalid prior to the expiration of the validity period. The CA needs to revoke the certificate. The CA periodically updates a signed data structure called a certificate revocation list(CRL) at directory server. but as CA updates a new CRL at directory server. the user can use a revoked certificate. Not only does this paper analyzes a structure of CRL and a characteristic of certificate status conviction, OCSP method but also it proposes a new certificate status verification method adding an observer information in handshake process between user and server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.31-38
• /
• 2009

To provide the privacy of a keyword, a public key encryption with keyword search(PEKS) firstly was propsed by Boneh et al. The PEKS scheme enables that an email sender sends an encrypted email with receiver's public key to an email server and a server can obtain the relation between the given encrypted email and an encrypted query generated by a receiver. In this email system, we easily consider the situation that a user sends the one identical encrypted email to multi-receiver like as group e-mail. Hwang and Lee proposed a searchable public key encryption considering multi-receivers. To reduce the size of transmission data and the server's computation is important issue in multi-receiver setting. In this paper, we propose an efficient searchable public key encryption for multi-receiver (mPEKS) which is more efficient and reduces the server's pairing computation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.771-783
• /
• 2012

This paper proposes a scheme to collect video data of the vehicle black box in order to strengthen the public safety. The existing schemes, such as surveillance system with the fixed CCTV and car black box, have privacy issues, network traffic overhead and the storage space problems because all video data are sent to the central server. In this paper, the central server only collects the video data related to the accident or the criminal offense using the GPS information and time in order to investigation of the accident or the criminal offense. The proposed scheme addresses the privacy issues and reduces network traffic overhead and the storage space of the central server since the central server collects the video data only related to the accident and the criminal offense. The implementation and experiment shows that our service is feasible. The proposed service can be used as a component of remote surveillance system to prevent the criminal offense and to investigate the criminal offense.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.89-108
• /
• 2010

Recently many mutual authentication protocol for light-weight hash-based for RFID have been proposed. Most of them have assumed that communications between a backend server and reader are secure, and not considered threats for backend server and RFID reader impersonation. In the real world, however, attacks against database or reader are more effective rather than attacks against RFID tag, at least from attacker's perspective. In this paper, we assume that all communications are not secure to attackers except the physical attack, and considering realistic threats for designing a mutual authentication protocol based on hash function. And It supports a mutual authentication and can protect against the replay attack, impersonation attack, location tracking attack, and denial of service attack in the related work. We besides provide a secure and efficient RFID mutual authentication protocol which resists impersonation attacks on all of the entities and alow a backend server to search tag-related information efficiently. We conclude with analyzing the safety and efficiency among latest works.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.12
• /
• pp.1670-1675
• /
• 2020

In this study, to provide the basis for establishing effective network based countermeasures against DRDoS(Distributed Reflection Denial of Service) attacks, we propose a new 'DRDoS attack multi-level detection method' that identifies the network based characteristics of DRDoS and applies probability and statistical techniques. The proposed method removes the limit to which normal traffic can be indiscriminately blocked by unlimited competition in network bandwidth by amplification of reflectors, which is characteristic of DRDoS. This means that by comparing 'Server to Server' and 'Outbound Session Incremental' for it, accurate DRDoS identification and detection is possible and only statistical and probabilistic thresholds are applied to traffic. Thus, network-based information security systems can take advantage of this to completely eliminate DRDoS attack frames. Therefore, it is expected that this study will contribute greatly to identifying and responding to DRDoS attacks.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.43-52
• /
• 2023

Many businesses and organizations use smartcard-based user authentication for remote access. In the meantime, through various studies, dynamic ID-based remote user authentication protocols for distributed multi-server environments have been proposed to protect the connection between users and servers. Among them, Qiu et al. proposed an efficient smart card-based remote user authentication system that provides mutual authentication and key agreement, user anonymity, and resistance to various types of attacks. Later, Andola et al. found various vulnerabilities in the authentication scheme proposed by Qiu et al., and overcame the flaws in their authentication scheme, and whenever the user wants to log in to the server, the user ID is dynamically changed before logging in. An improved authentication protocol is proposed. In this paper, by analyzing the operation process and vulnerabilities of the protocol proposed by Andola et al., it was revealed that the protocol proposed by Andola et al. was vulnerable to offline smart card attack, dos attack, lack of perfect forward secrecy, and session key attack.

• Convergence Security Journal
• /
• v.8 no.3
• /
• pp.41-49
• /
• 2008

Other server based-application and the need of more complex interaction is required with functional strengthening and variational uses of mobile device. And mobile environments make a problem of continuous of web-service by making a problem of instance cutting between web-server and mobile device which acts as a client because of mobility. Therefore, this paper embodies a framework which keeps security and connectivity between HTTP based web-service and mobile device, and is for connection to web-service of mobile device which uses WAP in a standard protocol based mobile environment of mobile web-service for continuous web-service. This paper is analyzed in the same standard condition to compared functional delay which is based on HTTP and WAP access, and data transmission volume. Also it investigates improvement of execution overhead which is brought by interaction process.