• Proceedings of the Korea Contents Association Conference
• /
• 2004.05a
• /
• pp.283-288
• /
• 2004

Authentication and digital signature make secured existing contract in remote spot. But, It required method of storing and managing secret, such as private key password. For this method, we make efforts solution of security with smart cart, such as java card. This paper implement SEED algorithm based on Java Card

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.267-270
• /
• 2014

As Smart Device research processes, the needs of information security in light devices is increasing. For example, Zigbee provide Information Security by applying $AES-CCM^*$ defined IEEE 802.15.4 standard. However, according to information security law in Korea, only devices with KCMVP certification can be used in government organization and facilities. Therefore, this paper provide a solution to apply ARIA-CCM and ARIA-GCM for KCMVP in reserved field of IEEE 802.15.4 standard. For analyzing performance, we provide the speed test result of ARIA-CCM and ARIA-GCM comparing with $AES-CCM^*$.

• Journal of the Korea Institute of Military Science and Technology
• /
• v.14 no.1
• /
• pp.74-83
• /
• 2011

In this paper, we propose an architecture design of military operation system utilizing cellular networks. The main contribution of this paper is to provide a cost-effective military operation solution for ground forces, which is based on IT(information technology). By employing the cellular phones of officers' and non-commissioned officers' as the tools of operational communication, the proposed system can be constructed in the minimum duration and be built on the four components: command and control system, gateway, security system, and terminal(cell phone). This system is most effective for the warfare of limited area, but the effectiveness does not decrease under the total war covering the whole land of Korea. For the environmental change of near future, expanded architecture is also provided to utilize the functionalities of smart phones.

• Journal of Information Processing Systems
• /
• v.16 no.2
• /
• pp.301-317
• /
• 2020

An enterprise patch-management system (PMS) typically supplies a single point of failure (SPOF) of centralization structure. However, a Blockchain system offers features of decentralization, transaction integrity, user certification, and a smart chaincode. This study proposes a Hyperledger Fabric Blockchain-based distributed patch-management system and verifies its technological feasibility through prototyping, so that all participating users can be protected from various threats. In particular, by adopting a private chain for patch file set management, it is designed as a Blockchain system that can enhance security, log management, latest status supervision and monitoring functions. In addition, it uses a Hyperledger Fabric that owns a practical Byzantine fault tolerant consensus algorithm, and implements the functions of upload patch file set, download patch file set, and audit patch file history, which are major features of PMS, as a smart contract (chaincode), and verified this operation. The distributed ledger structure of Blockchain-based PMS can be a solution for distributor and client authentication and forgery problems, SPOF problem, and distribution record reliability problem. It not only presents an alternative to dealing with central management server loads and failures, but it also provides a higher level of security and availability.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.10
• /
• pp.4191-4203
• /
• 2015

WebView is a vital component in smartphone platforms like Android, Windows and iOS that enables smartphone applications (apps) to embed a simple yet powerful web browser inside them. WebView not only provides the same functionalities as web browser, it, more importantly, enables a rich interaction between apps and webpages loaded inside the WebView. However, the design and the features of WebView lays path to tamper the sandbox protection mechanism implemented by browsers. As a consequence, malicious attacks can be launched either against the apps or by the apps through the exploitation of WebView APIs. This paper presents a critical attack called Supplementary Event-Listener Injection (SEI) attack which adds auxiliary event listeners, for executing malicious activities, on the HTML elements in the webpage loaded by the WebView via JavaScript Injection. This paper also proposes an automated static analysis system for analyzing WebView embedded apps to classify the kind of vulnerability possessed by them and a solution for the mitigation of the attack.

• IEIE Transactions on Smart Processing and Computing
• /
• v.1 no.2
• /
• pp.95-105
• /
• 2012

The widespread implementation of RFID in ubiquitous computing is constrained considerably by privacy and security unreliability of the wireless communication channel. This failure to satisfy the basic, security needs of the technology has a direct impact of the limited computational capability of the tags, which are essential for the implementation of RFID. Because the universal application of RFID means the use of low cost tags, their security is limited to lightweight cryptographic primitives. Therefore, EPCGen2, which is a class of low cost tags, has the enabling properties to support their communication protocols. This means that satisfying the security needs of EPCGen2 could ensure low cost security because EPCGen2 is a class of low cost, passive tags. In that way, a solution to the hindrance of low cost tags lies in the security of EPCGen2. To this effect, many lightweight authentication protocols have been proposed to improve the privacy and security of communication protocols suitable for low cost tags. Although many EPCgen2 compliant protocols have been proposed to ensure the security of low cost tags, the optimum security has not been guaranteed because many protocols are prone to well-known attacks or fall short of acceptable computational load. This paper proposes a remedy protocol to the flyweight RFID authentication protocol proposed by Burmester and Munilla against a desynchronization attack. Based on shared pseudorandom number generator, this protocol provides mutual authentication, anonymity, session unlinkability and forward security in addition to security against a desynchronization attack. The desirable features of this protocol are efficiency and security.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.1
• /
• pp.128-134
• /
• 2016

IoT devices including smart devices are connected with internet, thus they have security threats everytime. Particularly, IoT devices are composed of low performance MCU and small-capacity memory because they are miniaturized, so they are likely to be exposed to various security threats like DoS attacks. In addition, in case of IoT devices installed for a remote place, it's not easy for users to control continuously them and to install immediately security patch for them. For most of IoT devices connected directly with internet under user's intention, devices exposed to outside by setting IoT gateway, and devices exposed to outside by the DMZ function or Port Forwarding function of router, specific protocol for IoT services was used and the devices show a response when services about related protocol are required from outside. From internet search engine for IoT devices, IP addresses are inspected on the basis of protocol mainly used for IoT devices and then IP addresses showing a response are maintained as database, so that users can utilize related information. Specially, IoT devices using HTTP and HTTPS protocol, which are used at usual web server, are easily searched at usual search engines like Google as well as search engine for the sole IoT devices. Ill-intentioned attackers get the IP addresses of vulnerable devices from search engine and try to attack the devices. The purpose of this study is to find the problems arisen when HTTP, HTTPS, CoAP, SOAP, and RestFUL protocols used for IoT devices are detected by search engine and are maintained as database, and to seek the solution for the problems. In particular, when the user ID and password of IoT devices set by manufacturing factory are still same or the already known vulnerabilities of IoT devices are not patched, the dangerousness of the IoT devices and its related solution were found in this study.

• Journal of Korean Society of Water and Wastewater
• /
• v.28 no.1
• /
• pp.103-110
• /
• 2014

In this study, the evaluation criteria of performance and applicability is developed to rank the combinatorial technologies for SWG (Smart Water Grid) system using AHP (Analytic Hierarchy Process) method. Security, safety, solution, suitability and sustainability which are goals of SWG technology, are used as upper level hierarchy elements. And three detailed elements for each upper level hierarchy are adopted as the lower level hierarchy. The weighted value which represents the importance of each element, could be determined through questionnaires accomplished by groups of specialists who are engaged in relevant waster industry and research area. To assess the accuracy of the evaluation criteria developed in this study, a simulation on four decision alternatives for smart water grid was carried out as an evaluation. Consequently which showed 90 % of accuracy.

• Journal of Information Processing Systems
• /
• v.19 no.2
• /
• pp.240-257
• /
• 2023

The industrial Internet of Things (IIoT) is characterized by intelligent connection, real-time data processing, collaborative monitoring, and automatic information processing. The heterogeneous IIoT devices require a high data rate, high reliability, high coverage, and low delay, thus posing a significant challenge to information security. High-performance edge and cloud servers are a good backup solution for IIoT devices with limited capabilities. However, privacy leakage and network attack cases may occur in heterogeneous IIoT environments. Cloud-based multi-party computing is a reliable privacy-protecting technology that encourages multiparty participation in joint computing without privacy disclosure. However, the default cloud selection method does not meet the heterogeneous IIoT requirements. The server can be dishonest, significantly increasing the probability of multi-party computation failure or inefficiency. This paper proposes a blockchain and smart contract-based optimized cloud node selection framework. Different participants choose the best server that meets their performance demands, considering the communication delay. Smart contracts provide a progressive request mechanism to increase participation. The simulation results show that our framework improves overall multi-party computing efficiency by up to 44.73%.

• International Journal of Computer Science & Network Security
• /
• v.23 no.10
• /
• pp.147-156
• /
• 2023

Electronic voting machines (EVMs) are replacing research ballots due to the errors involved in the manual counting process and the lengthy time required to count the votes. Even though these digital recording electronic systems are advancements, they are vulnerable to tampering and electoral fraud. The suspected vulnerabilities in EVMs are the possibility of tampering with the EVM's memory chip or replacing it with a fake one, their simplicity, which allows them to be tampered with without requiring much skill, and the possibility of double voting. The vote data is shared among all network devices, and peer-to-peer verification is performed to ensure the vote data's authenticity. To successfully tamper with the system, all of the data stored in the nodes must be changed. This improves the proposed system's efficiency and dependability. Elections and voting are fundamental components of a democratic system. Various attempts have been made to make modern elections more flexible by utilizing digital technologies. The fundamental characteristics of free and fair elections are intractability, immutability, transparency, and the privacy of the actors involved. This corresponds to a few of the many characteristics of blockchain-like decentralized ownership, such as chain immutability, anonymity, and distributed ledger. This working research attempts to conduct a comparative analysis of various blockchain technologies in development and propose a 'Blockchain-based Electronic Voting System' solution by weighing these technologies based on the need for the proposed solution. The primary goal of this research is to present a robust blockchain-based election mechanism that is not only reliable but also adaptable to current needs.