• Journal of the Korea Society of Computer and Information
• /
• v.17 no.9
• /
• pp.91-101
• /
• 2012

Key exchange protocols are essential for building a secure communication channel over an insecure open network. In particular, password-based key exchange protocols are designed to work when user authentication is done via the use of passwords. But, passwords are easy for human beings to remember, but are low entropy and thus are subject to dictionary attacks. Recently, Zhao and Gu proposed a new server-aided protocol for password-based key exchange. Zhao and Gu's protocol was claimed to be provably secure in a formal adversarial model which captures the notion of leakage of ephemeral secret keys. In this paper, we mount a replay attack on Zhao and Gu's protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. Our result implies that Zhao and Gu's proof of security for the protocol is invalid.

• Journal of information and communication convergence engineering
• /
• v.8 no.4
• /
• pp.437-442
• /
• 2010

Ubiquitous mobile computing is becoming easier and more attractive in this ambient technological Internet world. However, some portable devices such as Personal Digital Assistant (PDAs) and smart phones are still encountering inherent constraints of limited storages and computing resources. To alleviate this problem, we develop a cost-effective protocol, iATA to transfer ATA commands and data over TCP/IP network between mobile appliances and stationary servers. It provides mobile users a virtual storage platform which is physically resided at remote home or office. As communications are made through insecure Internet connections, security risks of adopting this service become a concern. There are many reported cases in the history where attackers masquerade as legitimate users, illegally access to network-based applications or systems by breaking through the poor authentication gates. In this paper, we propose a mutual authentication and secure session termination scheme as the first and last defense steps to combat identity thief and fraud threat in particular for iATA services. Random validation factors, large prime numbers, current timestamps, one-way hash functions and one-time session key are deployed accordingly in the scheme. Moreover, we employ the concept of hard factorization problem (HFP) in the termination phase to against fraud termination requests. Theoretical security analysis discussed in later section indicates the scheme supports mutual authentication and is robust against several attacks such as verifiers' impersonation, replay attack, denial-of-services (DoS) attack and so on.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.11
• /
• pp.163-171
• /
• 2011

Because RFID systems use radio frequency, they have many security problems such as eavesdropping, location tracking, spoofing attack and replay attack. So, many mutual authentication protocols and cryptography methods for RFID systems have been proposed in order to solve security problems, but previous proposed protocols using AES(Advanced Encryption Standard) have fixed key problem and security problems. In this paper, we analyze security of proposed protocols and propose our protocol using OTP(One-Time Pad) and AES to solve security problems and to reduce hardware overhead and operation. Our protocol encrypts data transferred between RFID reader and tag, and accomplishes mutual authentication by one time random number to generate in RFID reader. In addition, this paper presents that our protocol has higher security and efficiency in computation volume and process than researched protocols and S.Oh's Protocol. Therefore, our protocol is secure against various attacks and suitable for lightweight RFID tag system.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.42 no.3 s.303
• /
• pp.73-82
• /
• 2005

Recently, The wide range of the Internet applications and the related technology developments enabled the ease use of the digital multimedia contents (fixed images, movies, digital audios). However, due to the replay ability which the contents may be easily duplicated and not only the duplicates are capable of providing the same original quality. There are mainly the encipher techniques and the watermarking techniques which are studied and used as solutions for the above problem in order to protect the license holders' rights. To the protection of the IP(Intellectual Property) rights of the owner, digital watermarking is the technique that authenticates the legal copyrighter. This paper proposed the watermarking algorithms to watermark the 256 gray logo image and the color image by applying the wavelet transformation to the color stand-still images. The proposed algorithms conducted the watermark insertion at the LH frequency region among the wavelet transformation regions (LL, LH, HL, HH). The interleaving algorithms which applied in data communication was applied to the watermark. the amount of watermark increased which consequently caused the PSNR to decrease but this might provide the perseverance against the external attacks such as extraction, filtering, and crop.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.46 no.5
• /
• pp.71-78
• /
• 2009

In RFID system, the communicated data can be easily eavesdropped and tampered with by an attacker because the communication between the reader and the tag is performed in an insecure channel. Therefore, authentication is an important role in RFID applications for providing security and privacy. In 2006, Lee, Asano and Kim proposed an RFID mutual authentication protocol (the LAK protocol) which utilizes a hash function and synchronized secret information. However, Cao and Shen showed that the LAK protocol is vulnerable to replay attack, and therefore an adversary can impersonate the tag. This paper proposes a new simple two-round RFID mutual authentication (TRMA) protocol based on secure one-way hash function. As a result, the proposed TRMA protocol not only can prevent various attacks and but also provides communication efficiency since they mutually authenticate by performing two-round between RFID tag and RFID reader.

• Journal of Industrial Convergence
• /
• v.18 no.5
• /
• pp.23-29
• /
• 2020

The Internet of things (IoT) is the extension of Internet connectivity into various devices and everyday objects. Embedded with electronics, Internet connectivity and other forms of hardware. The IoT poses significant risk to the entire digital ecosystem. This is because so many of these devices are designed without a built-in security system to keep them from being hijacked by hackers. This paper proposed a mutual authentication protocol for IoT Devices using symmetric-key algorithm. The proposed protocol use symmetric key cryptographic algorithm to securely encrypt data on radio channel. In addition, the secret key used for encryption is random number of devices that improves security by using variable secret keys. The proposed protocol blocked attacker and enabled legal deives to communicate because only authenticated devices transmit data by a mutual authentication protocol. Finally, our scheme is safe for attacks such as eavesdropping attack, location tracking, replay attack, spoofing attack and denial of service attack and we confirmed the safety by attack scenario.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.81-91
• /
• 2009

Recently, Chein et al proposed the ultralightweight strong authentication and strong integrity (SASI)protocol, where the tag requrires only simple bitwise operations. Since the tag does not support random number generator to generate a challenge nonce, an attacker can replay old messages and impersonate reader. However, all of the previous ultralightweight authentication schemes are vlunerable to various attacks: de-synk, eavesdropping, impersonating, tracking, DoS, disclosure etc. we analyze the problems of previous proposed ultrlightweight protocols, to overcome these security problems by using PRNG on the tag. Therefore, in this paper we propose a new lightweight RFID mutual authentication protocol that provides random number generator and bitwise operations, a security and an efficiency of the proposed schme analyze.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1057-1068
• /
• 2012

According to advance on vehicle technology, many kinds of ECU(Electronic Control Unit) are equipped inside the vehicle. In-vehicle communication among ECUs is performed through CAN(Controller Area Networks). CAN have high reliability. However, it has many vulnerabilities because there is not any security mechanism for CAN. Recently, many papers proposed attacks of in-vehicle communication by using these vulnerabilities. In this paper, we propose an wireless attack model using a mobile radio communication network. We propose a secure authentication mechanism for in-vehicle network communication that assure confidentiality and integrity of data packets and also protect in-vehicle communication from the replay attack.

• Journal of Convergence for Information Technology
• /
• v.12 no.2
• /
• pp.23-29
• /
• 2022

Recently, due to the increase in the use of Internet of Things (IoT) devices, the amount of data transmitted and processed to cloud computing servers has increased rapidly. As a result, network problems (delay, server overload and security threats) are emerging. In particular, edge computing with lower computational capabilities than cloud computing requires a lightweight authentication algorithm that can easily authenticate numerous IoT devices.In this paper, we proposed a key-agreement protocol of a lightweight algorithm that guarantees anonymity and forward and backward secrecy between IoT and edge devices. and the proposed algorithm is stable in MITM and replay attacks for edge device and IoT. As a result of comparing and analyzing the proposed key-agreement protocol with previous studies, it was shown that a lightweight protocol that can be efficiently used in IoT and edge devices.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.919-929
• /
• 2013

Recently, a variety of IT technologies are applied to the vehicle. However, some vehicle-IT technologies without security considerations may cause security problems. Specially, some researches about a smart key system applied to automobiles for authentication show that the system is insecure from replay attacks and modification attacks using a wireless signal of the smart key. Thus, in this paper, we propose an authentication method for the driver by using driving patterns. Nowadays, we can obtain driving patterns using the In-vehicle network data. In our authentication model, we make driving ppatterns of car owner using standard normal distribution and apply these patterns to driver authentication. To validate our model, we perform an k-fold cross validation test using In-vehicle network data and obtain the result(true positive rate 0.7/false positive rate is 0.35). Considering to our result, it turns out that our model is more secure than existing 'what you have' authentication models such as the smart key if the authentication result is sent to the car owner through mobile networks.