• Journal of Internet Computing and Services
• /
• v.13 no.3
• /
• pp.127-137
• /
• 2012

With the spread of the new technologies like a smart phone, a smart pad, N-Screen service for financial transaction quickly became commonplace through the Internet. Although it has been developed related technologies and policies since the N-Screen has been provided in Korea, infrastructure for financial services is still lacking. It also has many potential problems including phishing or malware attacks, privacy information exposure & breaches, etc. This work suggests the financial security framework in the side of information protection through threat vulnerability analysis. Further, we examine the possibility of effective application methods based on political technical design.

• The KIPS Transactions:PartC
• /
• v.9C no.3
• /
• pp.331-336
• /
• 2002

In this paper, we propose a new distribution and renewal scheme for a group key suitable for secure mobile communications based on identification protocol, in which all members of the group can reshare the new group common key except revoked members by using a key distribution center (a trusted center). The security of this scheme is based on the difficulty of the discrete logarithm problem. The proposed scheme can be appropriately managed in case that terminal's capability of storage and computing power is relatively small and more than one caller are revoked. It also renews a group key easily when the center changes this key intervally for security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.12
• /
• pp.3244-3260
• /
• 2013

A three-party password-based authenticated key exchange (PAKE) protocol allows two clients registered with a trusted server to generate a common cryptographic key from their individual passwords shared only with the server. A key requirement for three-party PAKE protocols is to prevent an adversary from mounting a dictionary attack. This requirement must be met even when the adversary is a malicious (registered) client who can set up normal protocol sessions with other clients. This work revisits three existing three-party PAKE protocols, namely, Guo et al.'s (2008) protocol, Huang's (2009) protocol, and Lee and Hwang's (2010) protocol, and demonstrates that these protocols are not secure against offline and/or (undetectable) online dictionary attacks in the presence of a malicious client. The offline dictionary attack we present against Guo et al.'s protocol also applies to other similar protocols including Lee and Hwang's protocol. We conclude with some suggestions on how to design a three-party PAKE protocol that is resistant against dictionary attacks.

• Journal of Internet Computing and Services
• /
• v.8 no.1
• /
• pp.99-113
• /
• 2007

In the rapidly changing e-business environment, organizations need to share information, process business transactions, and enhance collaborations with relevant entities by taking advantage of the various technologies. However, there are always the security issues that need to be handled in order for the e-business operations to be run efficiently. In this research, we suggest the new security authorization model for safety flexible supporting the needs of e-business (e-marketplace) in an organization. This proposed model provides the scalable of access control policy among multi-domains, and preservation of flexible authorization management in distributed system environments. For servers to take the access control policy and enforcement decisions, we also describe the feasible authorization architecture is concerned with how they might seek advice and guideline from formal access control model.

• Journal of Information Processing Systems
• /
• v.13 no.6
• /
• pp.1613-1627
• /
• 2017

The concept of the Internet of Things (IoT) enables physical objects or things to be virtually accessible for both consuming and providing services. Undue access from irresponsible activities becomes an interesting issue to address. Maintenance of data integrity and privacy of objects is important from the perspective of security. Privacy can be achieved through various techniques: password authentication, cryptography, and the use of mathematical models to assess the level of security of other objects. Individual methods like these are less effective in increasing the security aspect. Comprehensive security schemes such as the use of frameworks are considered better, regardless of the framework model used, whether centralized, semi-centralized, or distributed ones. In this paper, we propose a new semi-centralized security framework that aims to improve privacy in IoT using the parameters of trust and reputation. A new algorithm to elect a reputation coordinator, i.e., ConTrust Manager is proposed in this framework. This framework allows each object to determine other objects that are considered trusted before the communication process is implemented. Evaluation of the proposed framework was done through simulation, which shows that the framework can be used as an alternative solution for improving security in the IoT.

• Journal of Korea Multimedia Society
• /
• v.22 no.4
• /
• pp.463-471
• /
• 2019

The growth of mobile technology particularly smartphone applications such as ticketing, access control, and making payments are on the increase. Elliptic Curve Cryptography (ECC)-based systems have also become widely available in the market offering various convenient services by bringing smartphones in proximity to ECC-enabled objects. When a system user attempts to establish a connection, the AIK sends hashes to a server that then verifies the values. ECC can be used with various operating systems in conjunction with other technologies such as biometric verification systems, smart cards, anti-virus programs, and firewalls. The use of Elliptic-curve cryptography ensures efficient verification and signing of security status verification reports which allows the system to take advantage of Trusted Computing Technologies. This paper proposes a device payment method based on ECC and Shuffling based on distributed key exchange. Our study focuses on the secure and efficient implementation of ECC in payment device. This novel approach is well secure against intruders and will prevent the unauthorized extraction of information from communication. It converts plaintext into ASCII value that leads to the point of curve, then after, it performs shuffling to encrypt and decrypt the data to generate secret shared key used by both sender and receiver.

• Electronics and Telecommunications Trends
• /
• v.34 no.5
• /
• pp.58-70
• /
• 2019

In this paper, we present the R&D status of ETRI's Trusted Reality (TR) project and its core technologies. ETRI's TR project focuses on the next-generation paradigm of smart phones, ETRI-TR Smart Glasses, which aims to provide the same features as those of smart phones without the involvement of any handheld device. Furthermore, they are characterized by additional features enabled by trustworthy VR/AR/MR/XR, such as privacy masking/unmasking, distributed structure of thin-client computing/networking among TR-Glasses, TR-LocalEdge, and TR-RemoteEdge, with novel see-through eyes-direct communication between IoT real/virtual objects and human eyes. Based on these core technologies of the ETRI's TR project, the human-held ETRI-TR Smart Glasses is expected to aid in the realization of XR vision with particularly more XR's safe_privacy on social life in the near future.

• Journal of Internet Computing and Services
• /
• v.21 no.6
• /
• pp.51-56
• /
• 2020

Cryptocurrencies, including Bitcoin, has decentralization, distribution and P2P properties unlike traditional currencies relies on trusted central party such as banks. All transactions are stored transparently and distributively, hence all participants can check the details of those transactions. Due to the properties of cryptographic hash function, deletion or modification of the stored transations is computationally not possible. However, cryptocurrencies only provide pseudonymity, not anonymity, which is provided by traditional currencies. Therefore many researches were conducted to provide anonymity to cryptocurrencies such as mix-based methods. In this paper, I will propose more efficient hybrid mix-based method for anonymity than previous mix-based one.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.3
• /
• pp.487-499
• /
• 2022

Machine learning such as deep learning have been widely used in recent years. Recently deep learning is performed in a trusted execution environment such as ARM TrustZone to improve security in edge devices and embedded devices with low computing resource. To mitigate this problem, we propose TPMP that efficiently uses the limited memory of TEE through DNN model partitioning. TPMP achieves high confidentiality of DNN by performing DNN models that could not be run with existing memory scheduling methods in TEE through optimized memory scheduling. TPMP required a similar amount of computational resources to previous methodologies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1077-1086
• /
• 2023

The searchable encryption model allows to selectively search for encrypted data stored on a remote server. In a real-world scenarios, the model must be able to support multiple search keywords, multiple data owners/users. In this paper, these models are referred to as Multi Ranked Searchable Encryption model. However, at the time this paper was written, the proposed models use fully-trusted trapdoor centers, some of which assume that the connection between the user and the trapdoor center is secure, which is unlikely that such assumptions will be kept in real life. In order to improve the practicality and security of these searchable encryption models, this paper proposes a new Multi Ranked Searchable Encryption model which uses random keywords to protect search words requested by the data downloader from an honest-but-curious trapdoor center with an external attacker without the assumptions. The attacker cannot distinguish whether two different search requests contain the same search keywords. In addition, experiments demonstrate that the proposed model achieves reasonable performance, even considering the overhead caused by adding this protection process.