• Proceedings of the Korea Information Processing Society Conference
• /
• 2002.11b
• /
• pp.857-860
• /
• 2002

오늘날 인터넷 사용자의 급속한 증가와 데이터 중심의 무선 동신 기술의 빠른 성장으로, 중요한 정보를 비밀리에 전달하고자하는 보안성의 요구가 증가하고 있다. 무선인터넷은 데이터 공개성을 갖는 무선 매체를 사용한다는 점과 단말 혹은 사용자가 이동한다는 고유의 특성으로 인하여 제한된 CPU와 메모리 때문에 기존의 유선 PKI(Public Key Infrastructure)체계를 그대로 적용할 수 없는 기존 인터넷 보안 체계에 비해서 훨씬 복잡한 구조가 요구된다. [1] 본 논문에서는 이동하는 단말의 인증을 위한 효율적이고 유용한 식별자 적용기술인 스마트카드를 이용한 무선 인터넷 보안을 제공하기 위해 Mobile PKI 기반의 보안구조를 제안하여 보안을 강화하고자한다.

• Journal of KIISE:Information Networking
• /
• v.36 no.4
• /
• pp.297-308
• /
• 2009

In 2008, ETRI developed a new mobile digital ID wallet, in which anyone can store personal information and PKI credential. When the wallet is used, privacy protection is one of the most important problems and personal information should be protected under various usage scenarios such as exchanging sensitive information in on/off-line environments, joining as a new member in the web site, etc. In this paper, we propose a triangular trust management scheme that can effectively manage trustness and also protect sensitive personal information. This scheme relies on three techniques: PKI, reputation and condition (situation context). We implemented prototype of our scheme, and tested it under various scenarios, which showed that the proposed scheme can effectively be used for diverse cases.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.87-101
• /
• 2017

As people increasingly rely on mobile networks in modern society, mobile communication security is becoming more and more important. In the Long Term Evolution/System Architecture Evolution (LTE/SAE) architecture, the 3rd Generation Partnership (3GPP) team has also developed the improved Evolved Packet System Authentication and Key Agreement (EPS AKA) protocol based on the 3rd Generation Authentication and Key Agreement (3G AKA) protocol in order to provide mutual authentication and secure communication between the user and the network. Unfortunately, the EPS AKA also has several vulnerabilities such as sending the International Mobile Subscriber Identity (IMSI) in plain text (which leads to disclosure of user identity and further causes location and tracing of the user, Mobility Management Entity (MME) attack), man-in-middle attack, etc. Hence, in this paper, we analyze the EPS AKA protocol and point out its deficiencies and then propose an Efficient and Security Enhanced Authentication and Key agreement (ESE-EPS AKA) protocol based on hybrid of Dynamic Pseudonym Mechanism (DPM) and Public Key Infrastructure (PKI) retaining the original framework and the infrastructure of the LTE network. Then, our evaluation proves that the proposed new ESE-EPS AKA protocol is relatively more efficient, secure and satisfies some of the security requirements such as confidentiality, integrity and authentication.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.772-775
• /
• 2008

As the wireless communication technology developed, the Electric Commerce using a mobile was activated. WPKI was developed in order to guarantee the stability of the Electric Commerce but it is difficult to be ensured for the safe PKI service which is the same at the wire communication in the technical because of restriction of the mobile terminal. In this paper, we propose the authentication system for the electronic financial service which is safe and is effective in consideration of the restrictive characteristic of the mobile terminal. Moreover, the encryption algorithm for the safe electronic signature is proposed. In WPKI, this makes the cross certification of each certificate authority possible. Moreover, a stability was enhanced through the signature authentication using KCDSA and SEED algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.15-27
• /
• 2002

The purpose of this paper is to present both the specification of delta-CRL and the polices for delta CRL in order to solve the problem involved in issuing and maintaining the certificate revocation lists for the mobile communication network. If the user request to revoke the certificate issued by certification authority, the certification should be revoked and listed up in the certificate revocation list. In general, the certificate revocation list is issued regularly. Therefore PKI application should download the CRL and prove the validity of CRL. The traffic size of the exchanged traffic should be reduced for the mobile communication environment. The result if this paper can be used for the mobile communication various environments to reduce the size of CRL.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.5B
• /
• pp.840-848
• /
• 2010

This paper proposes a proactive authentication scheme using credentials based on chameleon hashing in MIH environments. There is a proactive authentication structure defined by IEEE 802.21 Security Study Group for the link access in MIH environment. Both schemes based on EAP and on PKI can be applied to such structure, but the former has caused network traffic due to the complicated authentication procedure and the latter has complex structure for managing certificates. The proposed scheme performs the proactive authentication procedure only between a mobile node and a MIH Key Holder by using credentials based on chameleon hashing. Our scheme reduces the network traffic since authentication with the server is unnecessary in MIH environment and PKI structure is not required as well. In addition, the proposed scheme provides secure PFS and PBS features owing to the authenticated Diffie-Hellman key exchange of the chameleon-based credential.

• Journal of the Korea Society of Computer and Information
• /
• v.15 no.12
• /
• pp.163-173
• /
• 2010

PKI(Public Key Infrastructure)-based information certification technology has some limitations to be universally applied to mobile banking services, using smart phones, since PKI is dependent on the specific kind of web browser, Internet Explorer. OTP(One Time Password) is considered to be a substitute or complementary service of PKI, but it still shows low acceptance rate. Therefore, in this research, we analyze why OTP has not been very popular, and provide useful implications of making OTP more extensively and frequently used in the mobile environment. Perceived security of OTP was set as a higher-order construct of integrity, confidentiality, authentication, and non-repudiation. Research findings show that security awareness and perceived security of OTP is positively associated, and the relationship between perceived security and trust on OTP is statistically significant. Also, trust is positively related to intention to use OTP continuously.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2007.05a
• /
• pp.1005-1008
• /
• 2007

모바일 네트워크 환경은 언제 어디서나 네트워크를 사용하는 모바일 서비스를 편리하게 사용할 수 있도록 해준다. 그러나 언제 어디서나 서비스를 제공받을 수 있다는 것은 언제 어디서든지 정보가 누출되거나 왜곡될 위험성 또한 존재하기 마련이다. 특히, 프라이버시 문제가 해결되지 않고서는 우리 일상생활과 융합되어 편리함을 제공해주는 모바일 네트워크 환경이 오히려 모바일 네트워크 감시 체제를 구축하는 심각한 역기능을 초래하게 될 것이다. 모바일 단말기들은 크기와 모양이 다양하고 컴퓨팅 연산 능력이 적은 저성능 휴대 장치들이 많기 때문에, 컴퓨팅 연산이 많이 요구되는 공개키 암호 기술을 저성능 모바일 단말기에 적용하기는 힘든 상황이다. 이에 본 논문에서는 프라이버시 문제를 해결하면서, 컴퓨팅 연산 능력이 적은 저성능 모바일 단말기에 적용할 수 있는 자바 기반의 암호 모듈 및 PKI 기반의 사용자 인증을 제안하고자 한다. 국내 표준 암호 알고리즘(SEED)과 인증서를 기반으로 세션키와 공개키를 조합함으로서 최소한의 암복호화 연산을 통해 인증 및 전자 서명을 제공하며, 이를 대표적인 모바일 단말기인 PDA 환경에서 세션키 분배 및 사용자 인증이 안전하게 이루어짐을 확인할 수 있었다.

• Journal of information and communication convergence engineering
• /
• v.8 no.4
• /
• pp.427-432
• /
• 2010

The fast-emerging of cloud computing technology today has sufficiently benefited its wide range of users from individuals to large organizations. It carries an attractive characteristic by renting myriad virtual storages, computing resources and platform for users to manipulate their data or utilize the processing resources conveniently over Internet without the need to know the exact underlying infrastructure which is resided remotely at cloud servers. However due to the loss of direct control over the systems/applications, users are concerned about the risks of cloud services if it is truly secured. In the literature, there are cases where attackers masquerade as cloud users, illegally access to their accounts, by stealing the static login password or breaking the poor authentication gate. In this paper, we propose a two-factor authentication framework to enforce cloud services' authentication process, which are Public Key Infrastructure (PKI) authentication and mobile out-of-band (OOB) authentication. We discuss the framework's security analysis in later session and conclude that it is robust to phishing and replay attacks, prohibiting fraud users from accessing to the cloud services.

• Journal of KIISE:Information Networking
• /
• v.31 no.5
• /
• pp.429-437
• /
• 2004

The mobileip working group is equipped with the RR(Return Routabilit) taking the simple procedures and small amount of cryptographic operations by considering the processing capability of the mobile node however it dose not provide security features enough. To replace with enhanced methods, mobileip WG is making an effort to find the approved solutions include CGA(Craptographically Generated Address), IPsec(Internet Protocol Security) as well as the existing infrastructure such as AAA(Authentication, Authorization and Account) and PKI(Public Key Infrastructure). In this paper, we propose the authentication and route optimization based on AAA suitable for the requested security service for its successful story in wireless network such as 802.11 and 3GPP(3rd Generation Partnership Project) as well as wired one. We analyze the effectiveness of our scheme according to the traffic and mobility properties. The result shows the cost reduction up to 20 percent comparing with RR.