• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.41 no.3
• /
• pp.298-300
• /
• 2016

We propose a RFID distance bounding protocol that RFID tag still responds when reader sends a void challenge in order to reduce the probability of a relay attack. We analyze the success probability of relay attack depending on the full challenge ratio. Our experimental results show that our protocol is secure to relay attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.617-627
• /
• 2013

Wireless communication technology such as NFC and RFID makes the data transfer between devices much easier. Instead of the irksome typing of passwords, users are able to simply authenticate themselves with their smart cards or smartphones. Relay attack, however, threatens the security of token-based, something-you-have authentication recently. It efficiently attacks the authentication system even if the system has secure channels, and moreover it is easy to deploy. Distance bounding or localization of two devices has been proposed to detect relay attacks. We describe the disadvantages and weakness of existing methods and propose a new way to detect relay attacks by recording a background noise.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.531-539
• /
• 2017

CAPTCHA is a verification scheme whether or not a human user has made a service request. Most CAPTCHAs that are based on text, image, or simple game suffer from vulnerability that can be compromised by automated attacks and stream relay attacks. To resist such attacks, CAPTCHA that utilizes human recognition as been suggested but it show poor usability for deploying in the Internet. We propose an Emerging Image Cue CAPTCHA that offers improved usability and resists stream relay attacks, as well. We also examine the usability of the proposed CAPTCHA and investigate the attack resistance by conducting user study and experiments on simulated network environment.

• The KIPS Transactions:PartC
• /
• v.17C no.4
• /
• pp.307-314
• /
• 2010

Recently, it is proved that contactless smart-card based RFID tags, which is used for proximity authentication, are vulnerable to relay attacks with various location-based attacks such as distance fraud, mafia fraud and terrorist fraud attacks. Moreover, distance bounding protocols have been researched to prevent these relay attacks that can measure the message transmitted round-trip time between the reader and the tag. In 2005, Hancke and Kuhn first proposed an RFID distance bounding protocol based on secure hash function. However, the Hancke-Kuhn protocol cannot completely prevent the relay attacks because an adversary has (3/4)$^n$ attack success probability. Thus, this paper proposes a new distance-bounding protocol for light-weight RFID systems that can reduce to (5/8)$^n$ for the adversary's attack success probability. As a result, the proposed protocol not only can provide high-space efficient based on a secure hash function and XOR operation, but also can provide strong security against the relay attacks because the adversary's attack success probability is optimized to (5/8)$^n$.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.8B
• /
• pp.1028-1037
• /
• 2011

Recently, Selim et al proposed public key cryptography based privacy preserving multi-context RFID authentication protocol. However Selim et al's proposed protocol not only doesn't fit into passive tag based RFID system because it uses public key based encryption algorithm to perform authentication between reader and tag, but also is insecure to an impersonation attack because it doesn't provide mutual authentication. In order to eliminate the above described efficiency problem and security vulnerabilities, this paper proposes a new multi-context RFID mutual authentication protocol that can prevent privacy invasion and tag impersonation attack through providing mutual authentication between single passive tag which is located different application space and readers which provide multi-context purposes and can secure against relay attack and denial-of-service attack. As a result, the proposed protocol performs secure mutual authentication based on the collected space and time information from the RFID reader and provides strong security and high computation efficiency because if performs secure one-way hash function and symmetric encryption operations suitable to the environments of passive RFID tags.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.3
• /
• pp.19-26
• /
• 2012

To resist the relay attacks in RFID system, it is commonly used RFID distance bounding protocols using the round trip time measurement for 1 bit challenge and response between a reader and a tag. If the success probability of relay attacks for the 1 bit challenge and response can be reduced in these protocols, it is possible to make an efficient distance bounding protocol. In this paper, we propose an efficient RFID distance bounding protocol based on 2 bit challenge and response which is modified the RFID distance bounding protocol proposed by Hancke and Khun based on 1 bit challenge and response. The success probability of relay attack for the proposed protocol is (7/16)n for the n times of challenge and response, which is much lower than (3/4)n given by Hancke and Khun's protocol.

• Journal of Korea Multimedia Society
• /
• v.20 no.6
• /
• pp.911-917
• /
• 2017

Tor proxy tool is studied which is most frequently used for ransomeware to penetrate into sensitive information. It will be researched for the malicious methods to spread virus by using Tor and considered a countermeasure to prevent them. We present exit relay methodology for Tor security policy, simulate it, and get a probability to detect the ransomeware. And we compare it with TSS technology which is able to protect the attack via virtual server on exit relay.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1165-1170
• /
• 2022

In WSNs, a clustering algorithm groups sensor nodes on a unit called cluster and periodically selects a cluster head (CH) that acts as a communication relay on behalf of nodes in each cluster for the purpose of energy conservation and relay efficiency. Meanwhile, attack techniques also have emerged to intervene in the CH election process through compromised nodes (inside attackers) and have a fatal impact on network operation. However, existing countermeasures such as encryption key-based methods against outside attackers have a limitation to defend against such inside attackers. Therefore, we propose a statistical detection method that detects abnormal CH election behaviors occurs in a WSN cluster. We design two attack methods (Selfish and Greedy attacks) and our proposed defense method in WSNs with two clustering algorithms and conduct experiments to validate our proposed defense method works well against those attacks.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.2
• /
• pp.1388-1397
• /
• 2015

Recently, an application business model was proposed to implement an M-coupon system using the NFC-based mobile devices. In this paper, the security requirements were surveyed for a secure M-coupon system and to analyze the threats on the existing NFC-based M-coupon protocols. After considering the implementation efficiency and security, this paper presents a novel M-coupon protocol based on the Diffie-Hellman key agreement scheme. This protocol can be an alternative to solve the security problems related to the PKI (Public Key Infrastructure) and secret key distribution. Furthermore, this M-coupon protocol is designed to provide user authentication and counteract the relay attack.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.4B
• /
• pp.610-619
• /
• 2010

RFID (radio frequency identification) systems, recently being used in a wide range of areas, are vulnerable to relay attack from malicious attackers. For that reason, Brands, et al. proposed a certification protocol between a certifier and a verifier based on the concept of distance-bounding, and in addition Hancke et al. introduced the concept of RFID. However, the delivery of tag IDs, one of the main RFID features, is not still available, and there are two important demerits: anonymity in the delivery of tag IDs suggested by Kim et al. and inefficiency in finding a tag ID with regard to how to check errors which may occur in the process of data exchange between readers and tags. Therefore, this study proposes a protocol that meets the requirements of tag anonymity and location untraceability, has resistance to errors which may take place in the phase of tag data exchange, and is very efficient in finding tag IDs.