• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.329-341
• /
• 2017

A multi-server architecture has been proposed to increase the efficiency of resources due to the rapid growth of computer networks and service providing servers. The smartcard-based authentication protocol in the multi-server environments has been continuously developed through various studies. Recently, Chun-Ta Li et al proposed an authentication protocol that solves Xiong Li el al's authentication protocol vulnerability to user impersonation attack and session key disclosure attack. However, Chun-Ta Li et al's authentication protocol has a problem with user impersonation in the vulnerability analysis and has an unsuitable authentication process. Therefore, this paper proposes a smartcard-based authentication protocol in the multi-server environments that solves the denial of service attack and replay attack vulnerabilities of the authentication protocol proposed by Xiong Li et al.

• The KIPS Transactions:PartC
• /
• v.12C no.2 s.98
• /
• pp.169-174
• /
• 2005

Electronic signature system is required to be used in the promotion of the e-Commerce. Because the application system for electronic signature system has inconvenience and vulnerability of security, users are reluctant to use it. Therefore, the electronic signature system should give a guarantee of convenience and security. In this paper, we propose server-based application model, which uses identity information and makes users access transparently to solve electronic signature problems. We also design and verify electronic signature system that reduces threats to security, which cause server attack by distributing the part of signature key to both server and client. The application model with lightweight server system based on the electronic signature system is expected to be used in the promotion of the e-Commerce and help to make its business more efficient and competitive.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.25-32
• /
• 2019

In this paper, we propose a method to apply the attack surface expansion through decoy traps to a protected server network. The network consists of a large number of decoys and protected servers. In the network, each protected server dynamically mutates its IP address and port numbers based on Hidden Tunnel Networking that is a network-based moving target defense scheme. The moving target defense is a new approach to cyber security and continuously changes system's attack surface to prevent attacks. And, the attack surface expansion is an approach that uses decoys and decoy groups to protect attacks. The proposed method modifies the NAT table of the protected server with a custom chain and a RETURN target in order to make attackers waste all their time and effort in the decoy traps. We theoretically analyze the attacker success rate for the protected server network before and after applying the proposed method. The proposed method is expected to significantly reduce the probability that a protected server will be identified and compromised by attackers.

• The Journal of Information Systems
• /
• v.10 no.1
• /
• pp.127-146
• /
• 2001

The area of business applications in the internet are extended enormously in result of fast development of computing and communication technologies, increase of internet use, and use of intranet/extranet in enterprise information system. Widely spread the use of the internet, there are various applications for Business to Business (B to B) or Business to Customer(B to C) model that are based on the intranet or extranet. This paper designed and implemented the Web-based Electronic Bidding System for Business to Business (B to B) model. The technical issues of electronic bidding system in the internet are involved in the connection between web client and server, electronic data interchange for the contract document, and security solution during the bidding and contracting processes. The web-based electronic bidding system in this paper is implemented using Java applet and servlet as a connection interface for web client and server, XML/EDI-based documents for a bid and a contract, and bidding server and notary server for enhancing the security using PKI(Public Key Infrastructure)-based public key cryptography, digital signature and Certification Authority(CA).

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.7 no.4
• /
• pp.23-30
• /
• 2011

Recently, Tsai proposed a remote user authentication scheme suited for multi-server environments, in which users can be authenticated using a single password shared with the registration center. Our analysis shows that Tsai et al's scheme does not achieve its fundamental goal of password security. We demonstrate this by mounting an undetectable on-line password guessing attack on Tsai et al.'s scheme.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.6A
• /
• pp.75-83
• /
• 2008

In this paper, we design a user authentication method between domains when mobile node moves in AAA server based MIPv6 environment. Several papers proposed the user authentication method executing at AAA server in home domain via AAA server in visiting domain. In this paper we proposed the user authentication method using privilege certificates between domains.

• Journal of Korea Multimedia Society
• /
• v.25 no.6
• /
• pp.793-806
• /
• 2022

As the IMO introduced MASS (Maritime Autonomous Surface Ships), ISO(International Organization for Standardization) announced ISO 19847 of a maritime data sharing standard for collecting and remotely managing data of ship systems. Previous literature evaluated the risk using HAZOP for ISO 19847 and proved that risk assessment is useful through experiments. However, redundancy of ISO 19847 ship data server which is one of the risk reduction method suggested in previous literature, was designed but couldn't tested due to the limitations of the conditions. So, in this study, to prove the usefulness of the ship data server redundancy of ISO 19847 which was not tested in previous literature. It based on the design of previous literature, and the network of ship data servers was modeled using the SES/DEVS format and simulated using the DEVS# open source library.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.1035-1038
• /
• 2005

This paper describes the designs and the implementations of two H/W IPSec Systems, look-aside and inline, on TOE (Transport Offloading Engine). These systems aim for guaranteeing the security of datagram networks while preserving the bandwidth of gigabit networks. The TOE offloads a host CPU from network burdens, so that it makes the gigabit wire speed possible, and then deeper level security architecture of the IPSec guarantees the security of gigabit service network dominated by datagram packets. The focus of this paper is to minimize the TOE's performance degradation caused by the computation-oriented IPSec. The look-aside IPSec system provides a significant improvement in the CPU offload of the IPSec cryptography loads. However, the inline system completely offloads the host CPU from whole IPSec loads, providing significant additional cost saving compared to the look-aside system. In this paper, the implementations of TOE cards including commercial IPSec processors are presented. As the result of performance evaluation with the protocol analyzer, we can get the fact that the inline IPSec system is 8 times faster than the S/W system and 2 times faster than the look-aside system.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.2
• /
• pp.924-944
• /
• 2017

Telecare Medical Information System (TMIS) helps the patients to gain the health monitoring information at home and access medical services over the mobile Internet. In 2015, Das et al proposed a secure and robust user AKA scheme for hierarchical multi-medical server environment in TMIS, referred to as DAKA protocol, and claimed that their protocol is against all possible attacks. In this paper, we first analyze and show DAKA protocol is vulnerable to internal attacks, impersonation attacks and stolen smart card attack. Furthermore, DAKA protocol also cannot provide confidentiality. We then propose a lightweight pseudonym AKA protocol for multi-medical server architecture in TMIS (short for PAKA). Our PAKA protocol not only keeps good security features declared by DAKA protocol, but also truly provides patient's anonymity by using pseudonym to protect sensitive information from illegal interception. Besides, our PAKA protocol can realize authentication and key agreement with energy-saving, extremely low computation cost, communication cost and fewer storage resources in smart card, medical servers and physical servers. What's more, the PAKA protocol is proved secure against known possible attacks by using Burrows-Abadi-Needham (BAN) logic. As a result, these features make PAKA protocol is very suitable for computation-limited mobile device.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.8
• /
• pp.632-640
• /
• 2013

In this paper, we proposed a system in a wireless LAN environment in case of security threats, the mobile terminal and the remote server-based WLAN security. The security of the wireless LAN environment in the recent technology in a variety of ways have been proposed and many products are being launched such as WIPS and DLP. However, these products are expensive and difficult to manage so very difficult to use in small businesses. Therefore, in this paper, we propose a security system, wireless LAN-based terminal and a remote server using whitelist according to development BYOD market and smartphone hardware. The proposed system that AP and personal device information to be stored on the server by an administrator and Application installed on a personal device alone, it has the advantage that can be Applicationlied to a variety of wireless network environment.