• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.93-104
• /
• 2010

The advent of various mobile devices and mobile services has caused diversification of information stored in a mobile device, e.g., SMS, photos, movies, addresses, e-mails, digital certificates, and so on. Because mobile devices are lost or stolen easily, user authentication is critical to protect the information stored in mobile devices. However, the current user authentication methods using Personal Identification Numbers (PINs) and passwords are vulnerable to Shoulder Surfing Attacks (SSAs), which enables an attacker to obtain user's information. Although there are already several SSA-resistant authentication methods in the literature, most of these methods lack of usability. Moreover, they are not suitable for use in mobile devices. In this paper, we propose a user friendly password input method for mobile devices which is secure against SSA. We also perform user tests and compare the security and usability of the proposed method with those of the existing password input methods.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.652-654
• /
• 2015

최근 여러 선진국을 중심으로 전자신분증 기능을 갖는 eID 카드가 도입되고 있다. eID 카드의 도입을 위해서는 안전한 개인정보보호 대책이 필수적으로 고려되어야 한다. 그러나 현행 eID 인증시스템에서 중간자공격에 대한 위험성이 기존 연구 문헌에서 제기된 바 있다. 본 논문에서는 기존의 eID 인증방식을 개선하여, 중간자공격으로부터 안전한 방식을 제안하고자 한다. 제안한 방식으로 인증 과정에서의 개인정보 노출에서 안전을 보장받을 수 있다.

• The Journal of Society for e-Business Studies
• /
• v.13 no.1
• /
• pp.33-43
• /
• 2008

As the applications within Internet becoming more extensive, the security issues of those applications are appearing to be the most important concern. We have to be sure if all elements of the system are robust and perform well. Even if some small part of the system is vulnerable, it might cause the total system crash-down. Therefore, every part of the system should be thoroughly designed and mutually coordinated in order to support overall security of the system. In this paper, we propose new technique which uses the fingerprint features in order to generate one time passwords(OTPs). Fingerprint is considered to be one of the powerful personal authentication factors and it can be used for generating variable passwords for one time use. Also we performed a simulation for proposed password generation method.

• Information and Communications Magazine
• /
• v.24 no.11
• /
• pp.5-13
• /
• 2007

광대역 무선 접속 표준을 관장하는 IEEE 802.16 워킹 그룹은 IEEE 802.16 표준을 2004년에 발표하였으며 이 IEEE 802.16 표준안에는 현재 WiMAX(Worldwide Interoperability for Microwave Access)라 불리는 고정 및 저속 이동 접속에 대한 광대역 무선 통신 지원 기술이 포함되어 있다. 특히 여러 기술 중 보안 관점에서 IEEE 802.16 표준은 MAC 계층 안에 PKM(Privacy Key Management)라고 불리는 Security Sub-layer를 가지고 있다. PKM은 PKMv1과 PKMv2로 구분되며, 먼저 PKMv1은 기본적인 인증 및 기밀성 기능을 제공하고 IEEE 802.16 표준에 기본적으로 적용되어있다. 하지만, IEEE 802.16 표준 이후 많은 연구들이 PKMv1의 보안성에 대하여 의문을 제기하였고 이에 따라 IEEE 802.16 표준안의 확장 개선안으로서 완전한 이동성을 바탕으로 하는 2005년 발표된 IEEE 802.16e 표준안에서는 향상된 보안 기능을 제공하는 PKMv2를 제공하며 기존 표준안의 부족한 점을 보완하기 위하여 시도하였다. 이러한 PKMv2는 EAP(Extensible Authentication Protocol) 인증, AES(Advanced Encryption Standard) 기반 기밀성 제공 알고리즘, CMAC/HMAC(Cipher/Hashed Message Authentication Code)을 사용한 메시지 인증 기능 제공 등 보다 다양한 보안 기능을 제공하였다. 그러나 IEEE 802.16e 표준안의 보안 기능은 SS(Subscriber Station)과 BS(Base Station)간의 통신구간 보안에 초점을 맞추어서 네트워크 도메인간의 보안 문제나 핸드오버시 보안과 같은 네트워크 구조적 보안 취약성을 여전히 가지고 있다. 하지만 표준안에서 정의하고 있는 SS와 BS 구간 보안 역시 완전한 솔루션을 제시하고 있지는 않다. 본 논문에서는 이러한 취약성을 고찰하고 그에 따른 대응방안을 제시하였다.

• The KIPS Transactions:PartC
• /
• v.12C no.3 s.99
• /
• pp.339-346
• /
• 2005

In recent years, the Grid development focus is transitioning from resources to services, A Grid Service is defined as a Web Service that provides a set of well-defined interfaces and follows specific conventions. SAML as a standard for Web Services which enables exchange of authentication, authorization, and profile information between different entities provides interoperability among different security services in distributed environments. In this paper, we implemented SAML API. By offering interoperability for non XML-based authentication technologies using SAML specification offering a method to integrate the existing Single Sign-On technologies, the API provides convenience for accessing different services in Grid architecture.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.3-10
• /
• 2002

This paper proposes an ID-based entity-aunthentication and authenticated key exchange protocol with ECC via two-pass communications between two parties who airs registered to the trusted third-party KC in advance. The proposed protocol developed by applying ECDSA and Diffie-Hellman key exchange scheme to the ID-based key distribution scheme over ECC proposed by H. Sakazaki, E. Okamoto and M. Mambo(SOM scheme). The security of this protocol is based on the Elliptic Curve Discrete Logarithm Problem(ECDLP) and the Elliptic Curve Diffie-Hellman Problem(ECDHP). It is strong against unknown key share attack and it provides the perfect forward secrecy, which makes up for the weakness in SOM scheme,

• The Journal of Society for e-Business Studies
• /
• v.9 no.1
• /
• pp.285-301
• /
• 2004

Public service provision through internet is one of major parts for e-government implementation. It is essential to link the internal administrative network with internet to provide the services through internet and to support kiosks through internet, which should result in critical issues for security. A relay server, as a front server for the public service processing system and a web server, a control server for kiosks, are placed between the public service processing system and kiosks to solve those security issues. It is the way to solve security issues through protecting direct communication between the public service processing system and a web server and authenticating a relay server and a web server through authentication process. In the implementation of the system this paper provide a design for an architecture model of the public service processing system through internet, which are aiming to develop high level of the quality system effectively, to reduce the risk of initial stage of development, and to reduce the incurring cost due to reworks.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.05a
• /
• pp.1075-1078
• /
• 2005

The Global IT revolution is growing rapidly. Government and business have to be ready to meet the increased demand for effective and secure online services. With the E-Government practicing, day-by-day the public demand is also increasing simultaneously. Now this present moment, one of important research part is secure E-Voting for E-Government service, but for this important factor or Government Issue, it needs information privacy for secure information transaction of citizen’s opinions and secure authentication. This paper has analyzed several approaches E-voting protocols, those are implemented with many digital signature mechanism and maintained many types of cryptographic rules, which are main factor for information privacy. In this paper we have discussed them with a view to voter anonymity and protection from manipulations. The paper then developed an algorithm designed to guarantee anonymity of the voter and to avoid the risk of manipulation of votes. In this paper the proposed algorithm is based upon the strict separation of voter’s registration and submission of votes, which means that certain information has to be stored on a secure storage media.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.5S
• /
• pp.1657-1665
• /
• 2000

Mobile agents based e-commerce system has many advantage than traditional e-commerce-information gathering on goods, price settlement and payment, delivery of the goods purchased, and so on. However, due to the security vulnerability that stems from mobile agent's mobility, mobile agents based e-commerce system has additional security problems. Therefore, in order to do e-commerce securely in th system, first of al the security issues on mobile agents must be addressed. It this paper, we propose a mobile agent transfer protocol that provides confidentiality and integrity of mobile agent in transit and mutual authentication for communicating hosts. We further show the security of the protocol against many possible attacks. Also, we suggest the location management mechanism of mobile agents based on the trust center. This mechanism is capable of finding their locations transparently and detecting mobile agent clones.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.10b
• /
• pp.313-315
• /
• 2003

인터넷과 웹은 전통적인 비즈니스 모델에 혁신적인 변화를 가져왔고 인터넷/인트라넷 기반의 전자적 서비스를 통해 비즈니스 거래를 가능케하는 전자 상거래를 거쳐 보다 확대된 비즈니스 개념과 모델을 제공하는 동적인 e-Business라는 새로운 환경을 만들어냈다. 이 새로운 환경에 보다 동적인 비즈니스 프로세스를 지원하는 XML기반의 웹표준들의 상호작용하는 응용인 웹서비스가 등장하였다. e-Business 응용은 비즈니스 트랙잭션 제공자와 소비자 측면의 단말 사용자의 자동화를 위한 플랫폼이 기반이 되며 이를 통한 새로운 모델로 비즈니스 프로세스 응용 상호간 실시간 웹서비스가 제공되는 핵심 기술이 요구된다. 본 논문에서는 웹 서비스의 특성을 기반한 e-Business 시스템을 구축하기 위한 기본 기술들을 계층화하여 표현한 재사용 가능한 공통 아키텍쳐(common architecture)를 기술하고 개발 프로세스를 제안하고 CAS(Customer Authentication System)에 개발 프로세스를 적용하여 개발하는 사례를 보여준다.