• Proceedings of the Korea Contents Association Conference
• /
• 2019.05a
• /
• pp.7-8
• /
• 2019

This paper presents a hybrid blockchain-based Identity Management Framework for devices in Microgrid. It incorporates the use of a Public and Private Blockchain platform to store and authenticate Microgrid device identities. It also emphasizes the shared responsibility of the manufacturers to provide the first layer of authentication for the devices they produce. Identities of each device are stored in the private and public Blockchain and authenticated using physically unclonable functions (PUF) and cryptographic functions.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.185-186
• /
• 2023

본 시스템은 도로교통법에 위반하는 개인 이동형 장치의 사용을 억제하기 위한 기술적 방안으로서 서비스 가입 절차에서의 자격 조건 인증을 강화하고 사용 가능한 편법을 제거하는 장치를 마련하여 시민들에게 안전한 도로를 제공하는데 의의를 둔다.

• Journal of KIISE:Computer Systems and Theory
• /
• v.31 no.1_2
• /
• pp.27-40
• /
• 2004

The OSGi service platform has several characteristics as in the followings. First, the service is deployed in the form of self-installable component called service bundle. Second, the service is dynamic according to its life-cycle and has interactions with other services. Third, the system resources of a home gateway are restricted. Due to these characteristics of a home gateway, there are a lot of rooms for malicious services can be Installed, and further, the nature of service can be changed. It is possible for those service bundles to influence badly on service gateways and users. However, there is no service bundle authentication mechanism considering those characteristics for the home gateway In this paper, we propose a service bundle authentication mechanism considering those characteristics for the home gateway environment. We design the mechanism for sharing a key which transports a service bundle safely in bootstrapping step that recognize and initialize equipments. And we propose the service bundle authentication mechanism based on MAC that use a shared secret created in bootstrapping step. Also we verify the safety of key sharing mechanism and service bundle authentication mechanism using a BAN Logic. This service bundle authentication mechanism Is more efficient than PKI-based service bundle authentication mechanism or RSH protocol in the service platform which has restricted resources such as storage spaces and operations.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.22 no.5
• /
• pp.325-333
• /
• 2021

With the rapidly changing era of the fourth industrial revolution, the utilization of IT technology is increasing. In addition, the demand for security authentication is increasing as shared services or IoT technologies are being developed as new business models. Security authentication is becoming increasingly important for all intelligent devices such as self-driving cars. However, most location-based security authentication technologies are being developed mainly with technologies that utilize server proximity or satellite location tracking, which limits the scope of their physical use. Location-based security authentication technology has recently been developed as a complementary replacement technology. In this study, we introduce location-based security authentication technology using cell broadcasting technology, which has a wider range of applications and is more convenient and business-friendly than existing location-based security authentication technologies. We also introduced application cases and business models related to this. In addition to the current status of technology development, we analyzed current changes in business models being employed. Based on our analysis results, this study draws the implication that technology diversification is necessary to improve the performance of innovative technologies. It is meaningful that it has found and studied advanced technologies other than existing location authentication methods and systems.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.6
• /
• pp.312-332
• /
• 2008

Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.417-429
• /
• 2019

WPA2-PSK uses a 4-way handshake protocol based on a shared secret to establish a secure session between a client and an AP. It has various security problems such as eavesdropping attacks and the secure session establishment process is inefficient because it requires multiple interactions between client and AP. The WPA3 standard has recently been proposed to solve the security problem of WPA2, but it is a small improvement using the same 4-way handshake methodology. OAuth 2.0 token authentication is widely used on the web, which can be used to keep an authenticated state of a client for a long time by using tokens issued to an authenticated client. In this paper, we apply the dual-token based randomized token authentication technology to the Wi-Fi security protocol to achieve an efficient Wi-Fi security protocol by dividing initial authentication and secure session establishment. Once a client is authenticated and equipped with dual tokens issued by AP, it can establish secure session using them quickly with one message exchange over a non-secure channel.

• Journal of KIISE:Information Networking
• /
• v.32 no.6
• /
• pp.659-667
• /
• 2005

A Mobile Ad Hoc Network(MANET) is a multi hop wireless network with no prepared base stations or centralized administrations, where flocks of peer systems gather and compose a network. Each node operates as a normal end system in public networks. In addition to it, a MANET node is required to work as a router to forward traffic from a source or intermediate node to others. Each node operates as a normal end system in public networks, and further a MANET node work as a router to forward traffic from a source or intermediate node to the next node via routing path. Applications of MANET are extensively wide, such as battle field or any unwired place; however, these are exposed to critical problems related to network management, node's capability, and security because of frequent and dynamic changes in network topology, absence of centralized controls, restricted usage on network resources, and vulnerability oi mobile nodes which results from the special MANET's character, shared wireless media. These problems induce MANET to be weak from security attacks from eavesdropping to DoS. To guarantee secure authentication is the main part of security service In MANET because networks without secure authentication are exposed to exterior attacks. In this paper, a multistage authentication strategy based on CGSR is proposed to guarantee that only genuine and veritable nodes participate in communications. The proposed authentication model is composed of key manager, cluster head and common nodes. The cluster head is elected from secure nodes, and key manager is elected from cluster heads. The cluster head will verify other common nodes within its cluster range in MANET. Especially, ID of each node is used on communication, which allows digital signature and blocks non repudiation. For performance evaluation, attacks against node authentication are analyzed. Based on security parameters, strategies to resolve these attacks are drawn up.

• The KIPS Transactions:PartC
• /
• v.10C no.3
• /
• pp.273-280
• /
• 2003

When an existing user authorization systems in Grid access many user to local system and subject DN (Distinguished Name) in a user-proxy authenticate and ID in local system is one-to-one mapping, they have difficulties in ID management, memory resource management and resource management. At this, a variety of subject DN is shared of one local ID in an existing Grid. But this faces many difficulties in applying all requirements for many Grid users. Thus, we suppose user authorization system based on a certificate not them based on ID in this paper. That is, we add user's access level to extension field in a certificate, and make a supposed authorization system decide access limitation level on resources instead of an existing ID mapping methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.105-112
• /
• 2003

In this raper, we propose two simple and efficient key agreement protocols, called SEKA-H and SEKA-E, which use a pre-shared password between two parties for mutual authentication and agreeing a common session key. The SEKA-H protocol uses a hash function to verify an agreed session key. The SEKA-E Protocol, a variant of SEKA-H, uses an exponentiation operation in the verification phase. They are secure against the man-in-the-middle attack the password guessing attack and the Denning-Sacco attack and provide the perfect forward secrecy. The SEKA-H protocol is very simple in structure and provides good efficiency compared with other well-known protocols. The SEKA-E protocol is also comparable with the previous protocols.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1219-1230
• /
• 2012

Recently, lots of users are using wireless LAN providing authentication and confidentiality with security mechanism such as WEP, WPA. But, weakness of each security mechanism was discovered and attack methods that user's information was exposed or modified to the third parties with it and abused by them were suggested. In this paper, we analyzed architecture of security mechanisms in wireless LAN and performed PSK cracking attack and cookie session hijacking attack with the known vulnerability. And, an improved 4-way handshake mechanism which can counter PSK cracking attack and a cookie replay detection mechanism which can prevent cookie session hijacking attack were proposed. Proposed mechanisms are expected to apply to establish more secure wireless LAN environment by countering existing vulnerability.