• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.213-230
• /
• 2020

As smart TVs have recently emerged as the center of the IoT ecosystem, their importance is increasing. If a vulnerability occurs within a smart TV, there is a possibility that it will cause financial damage, not just in terms of privacy invasion and personal information leakage due to sniffing and theft. Therefore, in this paper, to enhance the completeness of smart TV vulnerability analysis, STRIDE threat classification are used to systematically identify threats. In addition, through the manufacture of the Attack Tree and the actual vulnerability analysis, the effectiveness of the checklist was verified and security requirements were derived for the safe smart TV use environment.

• The Journal of the Korea Contents Association
• /
• v.9 no.3
• /
• pp.28-38
• /
• 2009

Login process uses both ID and password information to authenticate someone and to permit its access privilege on system. However, an attacker can get those ID and password information by using existing packet sniffing or key logger programs. It cause privacy problem as those information can be used as a hacking and network attack on web server and web e-mail system. Therefore, a more secure and advanced authentication mechanism should be required to enhance the authentication process on existing system. In this paper, we propose a multi-factor authentication process by using software form of secure card system combined with existing ID/Password based login system. Proposed mechanism uses a random number generated from the his/her own handset with biometric information. Therefore, we can provide a one-time password function on web login system to authenticate the user using multi-factor form. Proposed scheme provide enhanced authentication function and security because it is a 'multi-factor authentication mechanism' combined with handset and biometric information on web login system.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.14 no.4
• /
• pp.1032-1040
• /
• 2010

This paper describes implementation of electonic seal (E-Seal) of a container based on ISO 18185 standard and development of monitoring systems checking E-Seal device and cargo states in the container for secure transportation from departure to destination. For lack of definition on confidentiality support in ISO 18185-4 standard, it is vulnerable to security attack such as sniffing. To cope with this, we developed encryption/decryption functions implementing RC5 and AES-128 standards and compared their performance. Experimental results showed that RC5 outperformed AES-128 in terms of time delay. In addition, RC5 had an advantage under the condition of large sized messages as well as CPUs with low performance. However, the portion of encryption/decryption processing time was less than 1 percent of response time including communication delay between E-Seal tags and readers. Hence, the performance difference between RC5 and AES-128 standards was trivial, which revealed that both specifications were allowable in developed systems.

• Convergence Security Journal
• /
• v.21 no.2
• /
• pp.29-35
• /
• 2021

UART (Universal asynchronous receiver/transmitter) is a hardware device that converts data into serial format and transmits it, and is widely used for system diagnosis and debugging in most embedded systems. Hackers can access system memory or firmware by using the functions of UART, and can take over the system by acquiring administrator rights of the system. In this paper, we studied secure UART to protect against hacker attacks through UART. In the proposed scheme, only authorized users using the promised UART communication protocol are allowed to access UART and unauthorized access is not allowed. In addition, data is encrypted and transmitted to prevent protocol analysis through sniffing. The proposed UART technique was implemented in an embedded Linux system and performance evaluation was performed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.49-58
• /
• 2018

A certificate is a means to certify users by conducting the identification of the users, the prevention of forgery and alteration, and non-repudiation. Most people use an accredited certificate when they perform a task using online banking, and it is often used for the purpose of proving one's identity in issuing various certificates and making electronic payments in addition to online banking. At this time, the issued certificate exists in a file form on the disk, and it is possible to use the certificate issued in an existing device in a new device only if one copies it from the existing device. However, most certificate duplication methods are a method of duplication, entering an 8-16 digit verification code. This is inconvenient because one should enter the verification code and has a weakness that it is vulnerable to security issues. To solve this weakness, this study proposes a method for enhancing security certificate duplication in a multi-channel using TCP and BLE. The proposed method: 1) shares data can be mutually authenticated, using BLE Advertising data; and 2) encrypts the certificate with a symmetric key algorithm and delivers it after the certification of the device through an ECC-based electronic signature algorithm. As a result of the implementation of the proposed method in a mobile environment, it could defend against sniffing attacks, the area of security vulnerabilities in the existing methods and it was proven that it could increase security strength about $10^{41}$ times in an attempt of decoding through the method of substitution of brute force attack existing method.

• The Journal of the Korea Contents Association
• /
• v.13 no.1
• /
• pp.30-39
• /
• 2013

In recent years, with the development of devices to collect multimedia data such as small CMOS camera sensor and micro phone, studies on wireless multimedia sensor network technologies and their applications that extend the existing wireless sensor network technologies have been actively done. In such applications, various basic schemes such as the processing, storage, and transmission of multimedia data are required. Especially, a security for real world environments is essential. In this paper, in order to defend the sniffing attack in various hacking techniques, we propose a multipath routing scheme for physically avoiding the data transmission path from the risk factors. Our proposed scheme establishes the DEFCON of the sensor nodes that are geographically close to risk factors and the priorities according to the importance of the data. Our proposed scheme performs risk factor detour multipath routing through a safe path considering the DEFCON and data priority. Our experimental results show that although our proposed scheme takes the transmission delay time by about 5% over the existing scheme, it reduces the eavesdropping rate that can attack and intercept data by the risk factor by about 18%.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.10
• /
• pp.661-667
• /
• 2018

Recently, the smart home market is growing due to the development of wireless communication technology and sensor devices, and various devices are being utilized. Such an IoT environment collects various vast amount of device information for intelligent services, receives services based on user information, controls various devices, and provides communication between different types of devices. However, with this growth, various security threats are occurring in the smart home environment. In fact, Proofpoint and HP warned about the cases of damage in a smart home environment and the severity of security vulnerabilities, and cases of infringement in various environments were announced. Therefore, in this paper, we have studied secure mutual authentication method between smart nodes used in smart home to solve security problems that may occur in smart home environment. In the case of the proposed thesis, security evaluations are performed using random numbers and frequently updated session keys and secret keys for well-known vulnerabilities that can occur in IoT environments and sensor devices such as sniffing, spoofing, device mutual authentication, And safety. In addition, it is confirmed that it is superior in security and key management through comparison with existing smart home security protocol.