• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.38B no.5
• /
• pp.394-400
• /
• 2013

WoT (Web of Things) was proposed to realize intelligent thing to thing communications using WEB standard technology. It is difficult to adapt security protocols suited for existing Internet communications into WoT directly because WoT includes LLN(Low-power, Lossy Network) and resource constrained sensor devices. Recently, IETF standard group propose to use DTLS protocol for supporting security services in WoT environments. However, DTLS protocol is not an efficient solution for supporting end to end security in WoT since it introduces complex handshaking procedures and high communication overheads. We, therefore, divide WoT environment into two areas- one is DTLS enabled area and the other is an area using lightweight security scheme in order to improve them. Then we propose a mutual authentication scheme and a session key distribution scheme for the second area. The proposed system utilizes a smart device as a mobile gateway and WoT proxy. In the proposed authentication scheme, we modify the ISO 9798 standard to reduce both communication overhead and computing time of cryptographic primitives. In addition, our scheme is able to defend against replay attacks, spoofing attacks, select plaintext/ciphertext attacks, and DoS attacks, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1405-1417
• /
• 2017

Researches that apply the acceleration signal due to user's gait measured at the wearable device to the authentication technology are being introduced recently. The gait acceleration signal based authentication technologies introduced so far have assumed that an attacker can obtain a user's gait acceleration signal only by attaching accelerometer directly to user's body. And the practical attack method for gait acceleration signal based authentication technology is mimic attack and it uses a person whose physical condition is similar to the victim or identifies the gait characteristics through the video of the gait of the victim. However, mimic attack is not effective and attack success rate is also very low, so it is not considered a serious threat. In this paper, we propose Video Gait attack as a new attack method for gait acceleration signal based authentication technology. It is possible to know the position of the wearable device from the user's gait video signal and generate a signal that is very similar to the accelerometer's signal using dynamic equation. We compare the user's gait acceleration signal and the signal that is calculated from video of user's gait and dynamic equation with experiment data collected from eight subjects.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1393-1401
• /
• 2013

What is RFID Microchip tag attached to an object, the reader recognizes technology collectively, through communication with the server to authenticate the object. A variety of RFID tags, 13.56Mhz bandwidth RFID card, ISO/IEC 14443 standards based on NXP's Mifare tag occupies 72.5% of the world market. Of the Mifare tags, low cost tag Mifare Classic tag provided in accordance with the limited hardware-based security operations, protocol leaked by a variety of attacks and key recovery vulnerability exists. Therefore, in this paper, Cryptography Scheme and Secure Protocol for Safety Secure Scheme Construction in 13.56Mhz RFID have been designed. The proposed security scheme that KS generated by various fixed values and non-fixed value, S-Box operated, values crossed between LFSR and S-Box is fully satisfied spoofing, replay attacks, such as vulnerability of existing security and general RFID secure requirement. Also, It is designed by considering the limited hardware computational capabilities and existing security schemes, so it could be suit to Mifare Classic now.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1007-1017
• /
• 2019

Currently, most biometrics system authenticates users by using single biometric information. This method has many problems such as noise problem, sensitivity to data, spoofing, a limitation of recognition rate. One method to solve this problems is to use multi biometric information. The multi biometric authentication system performs information fusion for each biometric information to generate new information, and then uses the new information to authenticate the user. Among information fusion methods, a score-level fusion method is widely used. However, there is a problem that a normalization operation is required, and even if data is same, the recognition rate varies depending on the normalization method. A rank-level fusion method that does not require normalization is proposed. However, a existing rank-level fusion methods have lower recognition rate than score-level fusion methods. To solve this problem, we propose a rank-level fusion method with higher recognition rate than a score-level fusion method using correlation coefficient. The experiment compares recognition rate of a existing rank-level fusion methods with the recognition rate of proposed method using iris information(CASIA V3) and face information(FERET V1). We also compare with score-level fusion methods. As a result, the recognition rate improve from about 0.3% to 3.3%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.585-600
• /
• 2012

Security issues in online games are increasing as the online game industry grows. Real money trading (RMT) by online game users has become a security issue in several countries including Korea because RMT is related to criminal activities such as money laundering or tax evasion. RMT-related activities are done by professional work forces, namely gold-farmers, and many of them employ the automated program, bot, to gain cyber asset in a quick and efficient way. Online game companies try to prevent the activities of gold-farmers using game bots detection algorithm and block their accounts or IP addresses. However, game bot detection algorithm can detect a part of gold-farmer's network and IP address blocking also can be detoured easily by using the virtual private server or IP spoofing. In this paper, we propose a method to detect gold-farmer groups by analyzing their connection patterns to the online game servers, particularly information on their routing and source locations. We verified that the proposed method can reveal gold-farmers' group effectively by analyzing real data from the famous MMORPG.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.1
• /
• pp.63-72
• /
• 2010

RFID is one of useful identification technology in ubiquitous environments which can be a replacement of bar code. RFID is basically consisted of tag, reader, which is for perception of the tag, and back-end-database for saving the information of tags. Although the usage of mobile readers in cellular phone or PDA increases, related studies are not enough to be secure for practical environments. There are many factors for using mobile leaders, instead of static leaders. In mobile reader environments, before constructing the secure protocol, we must consider these problems: 1) easy to lose the mobile reader 2) hard to keep the connection with back-end-database because of communication obstacle, the limitation of communication range, and so on. To find the solution against those problems, Han et al. suggest RFID mutual authentication protocol without back-end-database environment. However Han et al.'s protocol is able to be traced tag location by using eavesdropping, spoofing, and replay attack. Passive tag based on low cost is required lots of communication unsuitably. Hence, we analyze some vulnerabilities of Han et al.'s protocol and suggest RFID mutual authentication protocol without online back-end-database in aspect of efficiency and security.