• Journal of Digital Convergence
• /
• v.13 no.10
• /
• pp.343-351
• /
• 2015

With the diverse services of the current M2M environment being expanded to the organizations, the corporations, and the daily lives, the possibility of the occurrence of the vulnerabilities of the security of the related technologies have become an issue. In order to solve such a problem of the vulnerability of the security, this thesis proposes the technique for applying the cryptography algorithm for the protection of the device key of the M2M environment. The proposed technique was based on the elliptic curve cryptography Through the key exchange and the signature exchange in the beginning, the security session was created. And the white box cipher was applied to the encryption that creates the white box table using the security session key. Application results cipher algorithm, Elliptic Curve Cryptography provides a lightweight mutual authentication, a session key for protecting the communication session and a conventional white-box cipher algorithm and was guaranteed the session key used to encrypt protected in different ways. The proposed protocol has secure advantages against Data modulation and exposure, MITM(Man-in-the-middle attack), Data forgery and Manipulation attack.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.41-48
• /
• 2018

Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.

• The Journal of the Korea Contents Association
• /
• v.16 no.10
• /
• pp.467-476
• /
• 2016

With the development of information technology, Small office Home office(SOHO) is picking up. SOHO generally uses Wi-Fi. The wireless LAN environment using 802.11 protocol is easily affected by DoS attacks. To deal with these threats, there is Wireless Intrusion Detection System(WIDS). However, legacy products of WIDS cannot be easily used by SOHO because they are expensive and require management burden. In this paper, Smart WIDS for SOHO is proposed and implemented on Raspberry Pi2. And, it provides the interface for attack detection notice to android smart phone. Smart WIDS detects Masquerading DoS and Resource Depletion DoS based on IEEE 802.11 so that we notice the attempt of cracking Pre-shared Key(PSK), Man-In-The-Middle(MITM), and service failure.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.4
• /
• pp.1839-1848
• /
• 2012

Recently, smartphone communications using Wi-Fi channel are increasing rapidly to provide diverse internet services. The WPA security protocol was used for data protection between user and wireless AP. However, WPA-PSK protocol was known to be weak to the dictionary attack. In this paper, we proposed a secure WPA-PSK protocol to resist the dictionary attack. Since the proposed method was designed to generate a strong encryption key which is combined the Diffie-Hellman key agreement scheme with secrecy property of PSK(Pre-Shared Key), we can protect the Wi-Fi channel from Man-In-The-Middle attack and Rogue AP impersonation attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.20 no.4
• /
• pp.769-776
• /
• 2016

TELNET is vulnerable to network attack because it was designed without considering security. SSL/TLS and SSH are used to solve this problem. However it needs additional secure protocol and has no backward compatibility with existing TELNET in this way. In this paper, we have suggested STELNET(Secured Telnet) which supports security functionalities internally so that has a backward compatibility. STELNET supports a backward compatibility with existing TELNET through option negotiation. On STELNET, A client authenticates server by a certificate or digital signature generated by using ECDSA. After server is authenticated, two hosts generate a session key by ECDH algorithm. And then by using the key, they encrypt data with AES and generate HMAC by using SHA-256. After then they transmit encrypted data and generated HMAC. In conclusion, STELNET which has a backward compatibility with existing TELNET defends MITM(Man-In-The-Middle) attack and supports security functionalities ensuring confidentiality and integrity of transmitted data.

• Convergence Security Journal
• /
• v.7 no.3
• /
• pp.101-107
• /
• 2007

In recent years, electronic financial services, such as internet banking, come into wide use since the personal computer and network technology have made reasonably good progress. The growth of electronic financial service contributes to promoting the business efficiency of financial institution and promoting the convenience of financial customer, while the security on electronic financial service is getting more important because it is not face-to-face financial service. Therefore, the financial sector had decided to introduce the OTP (One Time Password) in order to authenticate the identification of customer and has built the Integrated OTP Authentication Center for a customer being able to use only one OTP token in electronic financial transaction with several financial institution. In this paper, we introduce the business of Integrated OTP Authentication Center and present the security analysis on integrated OPT authentication service, which is the main function of Integrated OTP Authentication Center.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.3C
• /
• pp.133-139
• /
• 2011

Nowadays, it is considered as an important task to protect digital contents from illegal use and reproduction. In many cases, there are secure servers to authenticate the allowed users and the user authentication process is performed by communication between the servers and users. However, if the number of users and contents are increased, the servers should treat a large amount of authentication loads and the authentication cost will be considerably increased. Moreover, this scheme is not adequate for some players in which only a limited function of communication is deployed. In order to solve this problem, this paper proposes an authentication method which can certificate both the digital contents and players, and prevent illegal reproduction without the certification server. The proposed scheme is secure in the replay attack, the man in the middle attack, and data substitution attack.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.8B
• /
• pp.939-946
• /
• 2011

The Internet banking service provides convenience than the traditional offline services. However, it still causes a number of security problems including hacking. In order to strengthen security, the financial institutions have provided such authentication methods as the official authentication certificate, the security token, the security card and OTP. However, the incidents related to hacking have continuously occurred. Especially, various weak points have been suggested for the authentication methods in regard to such types of hacking as the memory hacking or the MITM attack. So I needed was a new authentication method. In this study, the two-channel authentication method which provide two-way authentication on the user's PC and mobile device when executing the electronic financial transactions in the Internet banking environment is suggested. Also, by analyzing it in comparison with other existing methods, it is possible to check that the prospects of safety and credibility are strengthened.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.4
• /
• pp.661-669
• /
• 2008

Nowadays, authentication is essential to identify the legal users in a network communication. Usually, there are few wars to achieve authentication over a publicly accessible network system in order to protect certain private data from the unauthorized users, ranging from simple ID/Password to Biometrics System. One of the most active areas in OTP(One Time Password) research today aims at exploiting OTP to provide authentication in the finance and security industry. OTP is usually discarded once it has been used. this prevents huge loophole of traditional authentication system which employs the same ID and Password every time. However this OTP system also has its weaknesses in surviving some attacks. this paper proposes an advanced OTP protocol using PingPong-128 without loop hole of pre-existing OTP.

• Journal of the Korean Society of Systems Engineering
• /
• v.14 no.2
• /
• pp.73-82
• /
• 2018

In this work, a hardware based cryptographic module for the cyber security of nuclear power plant is developed using a system engineering approach. Nuclear power plants are isolated from the Internet, but as shown in the case of Iran, Man-in-the-middle attacks (MITM) could be a threat to the safety of the nuclear facilities. This FPGA-based module does not have an operating system and it provides protection as a firewall and mitigates the cyber threats. The encryption equipment consists of an encryption module, a decryption module, and interfaces for communication between modules and systems. The Advanced Encryption Standard (AES)-128, which is formally approved as top level by U.S. National Security Agency for cryptographic algorithms, is adopted. The development of the cyber security module is implemented in two main phases: reverse engineering and re-engineering. In the reverse engineering phase, the cyber security plan and system requirements are analyzed, and the AES algorithm is decomposed into functional units. In the re-engineering phase, we model the logical architecture using Vitech CORE9 software and simulate it with the Enhanced Functional Flow Block Diagram (EFFBD), which confirms the performance improvements of the hardware-based cryptographic module as compared to software based cryptography. Following this, the Hardware description language (HDL) code is developed and tested to verify the integrity of the code. Then, the developed code is implemented on the FPGA and connected to the personal computer through Recommended Standard (RS)-232 communication to perform validation of the developed component. For the future work, the developed FPGA based encryption equipment will be verified and validated in its expected operating environment by connecting it to the Advanced power reactor (APR)-1400 simulator.