• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.7 no.3
• /
• pp.137-141
• /
• 2014

RFID system is applied to various industry such as process control, distribution management, access control, environment sensing, entity identification, etc. Since RFID system uses wireless communication, it has more weak points for security. In this paper, an authentication protocol is suggested between tags and a reader, which is basic property for security. A suggested protocol use a bivariate polynomial over a finite field and is secure against snooping, replay attack, position tracking and traffic analysis.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.37 no.4C
• /
• pp.290-296
• /
• 2012

In this paper, we propose a practical authentication system based on Wireless Body Area Networks(WBAN) for U-healthcare medical information environments. The proposed authentication system is based on symmetric cryptosystem such as AES and is designed to not only provide security such as data secrecy, data authentication, data integrity, but also prevent replay attack by adopting timestamp technique and perform secure authentication between sensor node, master node, base-station, and medical server.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.4
• /
• pp.1-10
• /
• 2021

The purpose of the study is to contribute to the positive development of blockchain technology by providing data to examine security vulnerabilities and threats to blockchain-based services and review countermeasures. The findings of this study are as follows. Threats to the security of blockchain-based services can be classified into application security threats, smart contract security threats, and network (P2P) security threats. First, application security threats include wallet theft (e-wallet stealing), double spending (double payment attack), and cryptojacking (mining malware infection). Second, smart contract security threats are divided into reentrancy attacks, replay attacks, and balance increasing attacks. Third, network (P2P) security threats are divided into the 51% control attack, Sybil attack, balance attack, eclipse attack (spread false information attack), selfish mining (selfish mining monopoly), block withholding attack, DDoS attack (distributed service denial attack) and DNS/BGP hijacks. Through this study, it is possible to discuss the future plans of the blockchain technology-based ecosystem through understanding the functional characteristics of transparency or some privacy that can be obtained within the blockchain. It also supports effective coping with various security threats.

• Convergence Security Journal
• /
• v.6 no.1
• /
• pp.45-53
• /
• 2006

It has been proposed that several RFID authentication protocols based on hash chain. Status based authentication protocol and challenge-response based authentication protocol are secured against location tracking attacks, spoofing attacks, replay attacks, traffic analysis attacks but are vulnerable to Dos attacks. RFID authentication protocol with strong resistance against traceability and denial of service attack is secured against location tracking attack, spoofing attacks, replay attacks, DoS attacks but are vulnerable to traffic analysis attacks. The present study suggests a more secure and lightweight RFID authentication protocol which is combining the advantages of hash-chain authentication protocol and RFID authentication protocol with strong resistance against traceability and denial of service attack. The results of the secure analysts for a proposed protocol are illustrated that it is secured against location tracking attacks, spoofing attacks, replay attacks, traffic analysis attacks, Dos attacks and is a lightweight operation between server and tag.

• The Journal of Society for e-Business Studies
• /
• v.10 no.4
• /
• pp.53-81
• /
• 2005

Current DRM system has limitation in protection of user's privacy Therefore, many troubles are expected in service providing if it comes into the ubiquitous times of context-aware environment. HKUST Proposed a watermark-based web service DRM system. However, the relevant study does not consider ubiquitous environment and cannot provide service that considered a context. And privacy protection of a user is impossible. On the other hand, Netherlands Phillips laboratory indicated a privacy problem of a DRM system and they proposed an alternative method about this. However, in relevant study, a Sniffing/Replay attack is possible if communicated authentication information are exposed between a user and device. We designed web services adaptable privacy-aware DRM architecture which supplements these disadvantages. Our architecture can secure user authentication mechanism for sniffing/Replay attack and keep anonymity and protect privacy Therefore , we can implement the privacy-aware considered web service DRM system in Context-Aware environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.3
• /
• pp.380-399
• /
• 2010

In this paper, we present a new class of attacks against an anonymous communication protocol, originally presented in ACNS 2008. The protocol itself was proposed as an improved version of ModOnions, which exploits universal re-encryption in order to avoid replay attacks. However, ModOnions allowed the detour attack, introduced by Danezis to re-route ModOnions to attackers in such a way that the entire path is revealed. The ACNS 2008 proposal addressed this by using a more complicated key management scheme. The revised protocol is immune to detour attacks. We show, however, that the ModOnion construction is highly malleable and this property can be exploited in order to redirect ModOnions. Our attacks require detailed probing and are less efficient than the detour attack, but they can nevertheless recover the full onion path while avoiding detection and investigation. Motivated by this, we present modifications to the ModOnion protocol that dramatically reduce the malleability of the encryption primitive. It addresses the class of attacks we present and it makes other attacks difficult to formulate.

• Journal of Aerospace System Engineering
• /
• v.17 no.4
• /
• pp.133-143
• /
• 2023

As drones (also known as UAV) become popular with advanced information and communication technology (ICT), they have been utilized for various fields (agriculture, architecture, and so on). However, malicious attackers with advanced drones may pose a threat to critical national infrastructures. Thus, anti-drone systems have been developed to respond to drone threats. In particular, remote identification data (R-ID)-based UAV detection and identification systems that detect and identify illegal drones with R-ID broadcasted by drones have been developed, and are widely employed worldwide. However, this R-ID-based UAV detection/identification system is vulnerable to security due to wireless broadcast characteristics. In this paper, we analyze the security vulnerabilities of DJI Aeroscope, a representative example of the R-ID-based UAV detection and identification system, and propose a replay-attack-based neutralization method using the analyzed vulnerabilities. To validate the proposed method, it is implemented as a software program, and verified against four types of attacks in real test environments. The results demonstrate that the proposed neutralization method is an effective neutralization method for R-ID-based UAV detection and identification systems.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.2
• /
• pp.41-48
• /
• 2018

Until now, various studies on anti-phishing have been conducted. The most typical anti-phishing method is a method of collecting URL information of a phishing site in advance and then detecting phishing by comparing the URL of the visited site with the previously stored information. However, this blacklist-based anti-phishing method can not detect new phishing sites. For this reason, various anti-phishing authentication protocols have been proposed. but these protocols require a public key and a private key. In this paper, we propose a password-based mutual authentication protocol that is safe for phishing attacks. In the proposed protocol, the mutual authentication between the client and the server is performed through the authentication message including the password information. The proposed protocol is safe to eavesdropping attack because the authentication message uses the hash value of the password, not the original password, And it is safe to replay attack because different messages are used every time of authentication. In addition, since mutual authentication is performed, it is safe for man-in-the-middle attack. Finally, the proposed protocol does not require a key issuance process for authentication.

• Journal of Internet Computing and Services
• /
• v.10 no.6
• /
• pp.229-239
• /
• 2009

To solve user authentication problem, many remote user authentication schemes using password and smart card at the same time have been proposed. Due to the increasing of interest in personal privacy, there were some recent researches to provide user anonymity. In 2004, Das et al. firstly proposed an authentication scheme that guarantees user anonymity using a dynamic ID. In 2005, Chien et al. pointed out that Das et al.'s scheme has a vulnerability for guaranteing user anonymity and proposed an improved scheme. However their authentication scheme was found some weaknesses about insider attack, DoS attack, and restricted replay attack. In this paper, we propose an enhanced scheme which can remove vulnerabilities of Chien et al.'s scheme. The proposed authentication protocol prevented insider attack by using user's Nonce value and removed the restricted replay attack by replacing time stamp with random number. Furthermore, we improved computational efficiency by eliminating the exponentiation operation.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.10
• /
• pp.41-48
• /
• 2019

In 2018, Cui et al proposed a three-factor remote user authentication scheme using biometrics. Cui et al claimed that their authentication scheme is vulnerable to eavesdropping attack, stolen smart card attack, and especially Dos(denial-of-service) attack. Also they claimed that it is safe to password guessing attack, impersonation attack, and anonymity attack. In this paper, however, we analyze Cui et al's authentication scheme and show that it is vulnerable to replay attack, insider attack, stolen smart card attack, and user impersonation attack, etc. In addition, we present the design flaws in Cui et al's authentication scheme as well.