• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.7C
• /
• pp.755-761
• /
• 2006

Previous RFID technique, it is recognizable without the physical contact between the reader and the tag, causes the serious privacy infringement such as excessive information exposure and user's location information tracking due to the wireless characteristics. Especially the information security problem of read only tag is solved by physical method. In this paper, we propose a low-cost mutual authentication protocol which is adopted to read-only tag and secure to several attacks using XOR and Partial ID. The proposed protocol is secure against reply attacking, eavesdropping, spoofing attacking and location tracking.

• ETRI Journal
• /
• v.39 no.1
• /
• pp.135-144
• /
• 2017

Recently, mobile phones have been recognized as the most convenient type of mobile payment device. However, they have some security problems; therefore, mobile devices cannot be used for unauthorized transactions using anonymous data by unauthenticated users in a cloud environment. This paper suggests a mobile payment system that uses a certificate mode in which a user receives a paperless receipt of a product purchase in a cloud environment. To address mobile payment system security, we propose the transaction certificate mode (TCM), which supports mutual authentication and key management for transaction parties. TCM provides a software token, the transaction certificate token (TCT), which interacts with a cloud self-proxy server (CSPS). The CSPS shares key management with the TCT and provides simple data authentication without complex encryption. The proposed self-creating protocol supports TCM, which can interactively communicate with the transaction parties without accessing a user's personal information. Therefore, the system can support verification for anonymous data and transaction parties and provides user-based mobile payments with a paperless receipt.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.11
• /
• pp.5556-5573
• /
• 2017

As a main component of Internet of Things (IoTs), the wireless sensor networks (WSNs) have been widely applied to various areas, including environment monitoring, health monitoring of human body, farming, commercial manufacture, reconnaissance mission in military, and calamity alert etc. Meanwhile, the privacy concerns also arise when the users are required to get the real-time data from the sensor nodes directly. To solve this problem, several user authentication and key agreement schemes with a smart card and a password have been proposed in the past years. However, these schemes are vulnerable to some attacks such as offline password guessing attack, user impersonation attack by using attacker's own smart card, sensor node impersonation attack and gateway node bypassing attack. In this paper, we propose an improved scheme which can resist a wide variety of attacks in WSNs. Cryptanalysis and performance analysis show that our scheme can solve the weaknesses of previously proposed schemes and enhance security requirements while maintaining low computational cost.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.582-596
• /
• 2019

Considering that the existing Long Term Evolution is not suitable for the fast and frequent handovers of high-speed trains, this paper proposes a relay-assisted handover mechanism to solve the problems of long handover authentication time and vulnerable to security attacks. It can achieve mutual authentication for train-ground wireless communication, and data transmission is consistent with one-time pad at the same time. The security analysis, efficiency analysis and simulation results show that the proposed mechanism not only realizes the forward security and resists many common attacks, but also effectively reduces the computational overhead of train antenna during the secure handover process. When the running speed of a train is lower than 500km/h, the handover delay is generally lower than 50ms and the handover outage probability is less than 1.8%. When the running speed of a train is 350km/h, the throughput is higher than 16.4mbps in the process of handover. Therefore, the secure handover mechanism can improve the handover performance of high-speed trains.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.6
• /
• pp.49-58
• /
• 2005

In this paper, we have proposed a secure dynamic ID allocation protocol using mutual authentication on the RFID tag. Currently, there are many security protocols focused on the low-price RFID tag. The conventional low-price tags have limitation of computing power and rewritability of memory. The proposed secure dynamic ID allocation protocol targets to the high-performance RFID tags which have more powerful performance than conventional low-price tag by allocating dynamic ID to RFID using mutual authentication based on symmetric encryption algorithm. This protocol can be used as a partial solution for ID tracing and forgery.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.12
• /
• pp.4661-4676
• /
• 2014

In Wireless Mesh Networks (WMN), an authentication technique can be compromised due to the distributed network architecture, the broadcast nature of the wireless medium and dynamic network topology. Several vulnerabilities exist in different protocols for WMNs. Hence, in this paper, we propose trust based authentication and key establishment for secure routing in WMN. Initially, a trust model is designed based on Ant Colony Optimization (ACO) to exchange the trust information among the nodes. The routing table is utilized to select the destination nodes, for which the link information is updated and the route verification is performed. Based on the trust model, mutual authentication is applied. When a node moves from one operator to another for accessing the router, inter-authentication will be performed. When a node moves within the operator for accessing the router, then intra-authentication will be performed. During authentication, keys are established using identity based cryptography technique. By simulation results, we show that the proposed technique enhances the packet delivery ratio and resilience with reduced drop and overhead.

• The KIPS Transactions:PartC
• /
• v.15C no.6
• /
• pp.469-480
• /
• 2008

The recently proposed RFID(Radio Frequency Identification) authentication protocol based on a hash function can be divided into two types according to the type of information used for authentication between a reader and a tag: either a value fixed or one updated dynamically in a tag memory. In this paper, we classify the protocols into a static ID-based and a dynamic-ID based protocol and then analyze their respective strengths and weaknesses. Also, we define a new security model including forward/backward traceability, synchronization, forgery attacks. Based on the model, we analyze the previous protocols and propose a new dynamic-ID based RFID mutual authentication protocol. Our protocol provide enhanced RFID user privacy compared to previous protocols and identify a tag efficiently in terms of the operation quantity of a tag and database.

• Journal of Broadcast Engineering
• /
• v.14 no.3
• /
• pp.280-287
• /
• 2009

An IPTV (Internet Protocol Television) technology is the new convergence technology of the telecommunication and broadcasting which provides various bidirectional TV services. To provide these services only to legal subscribers, mutual authentication between set-top box connected with TV set and the smart card owned by a subscriber is needed. In this paper, we propose an attribute-based mutual authentication scheme that only someone who is satisfied with some attributes, such as titles or departments, can access the contents provided by the IPTV service in an organization. We also show that the proposed scheme is secure. Our proposed scheme has a virtue that user can access various services, provided by an organization where he/she belongs to, according to their attributes with only one time registration. As far as we know, this is the first attribute-based authentication scheme which can be applied to any organizations in IPTV environments.

• The KIPS Transactions:PartC
• /
• v.16C no.5
• /
• pp.589-596
• /
• 2009

Until now, some protocols have been presented to provide vehicle's anonymity and unlinkability in VANET by means of issuing multiple anonymous certificates to each vehicle from the trust authority, or shot-time anonymous certificate to a vehicle after mutual authentication between a Roadside Unit (RSU) and the vehicle. However, these protocols have high overheads of the trust authority, RSUs and vehicles for generating anonymous certificate. In this paper, we propose an efficient anonymous authentication protocol, in which RSUs can issue multiple shot-time anonymous certificates to a vehicle to alleviate system overheads for mutual authentication between vehicles and RSUs. Several simulations are conducted to verify the efficiency of the proposed protocol in terms of RSU valid serve ratio and vehicle's computational costs. Moreover, the proposed protocol provides unlinkability and traceability when multiple RSUs are compromised, whereas previous protocols do not provide unlinkability and traceability.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.5C
• /
• pp.410-419
• /
• 2012

This paper proposes a secure and efficient anonymous authentication scheme for health information push service based on indoor location in hospital. The proposed scheme has the following benefits: (1)It is just based on a secure one-way hash function for avoiding complex computations for both health care operations users and health care centers. (2)It does not require sensitive verification table which may cause health care centers to become an attractive target for numerous attacks(e.g., insertion attacks and stolen-verifier attacks), (3)It provides higher security level (e.g., secure mutual authentication and key establishment, confidential communication, user's privacy, simple key management, and session key independence). As result, the proposed scheme is very suitable for various location-based medical information service environments using lightweight-device(e.g., smartphone) because of very low computation overload on the part of both health care operations users and health care centers.