• Electronics and Telecommunications Trends
• /
• v.33 no.1
• /
• pp.57-67
• /
• 2018

Modern users are intensifying their use of online services every day. In addition, hackers are attempting to execute advanced attacks to steal personal information protected using existing authentication technologies. However, existing authentication methods require an explicit authentication procedure for the user, and do not conduct identity verification in the middle of the authentication session. In this paper, we introduce an implicit continuous authentication technology to overcome the limitations of existing authentication technology. Implicit continuous authentication is a technique for continuously authenticating users without explicit intervention by utilizing their behavioral and environmental information. This can improve the level of security by verifying the user's identity during the authentication session without the burden of an explicit authentication procedure. In addition, we briefly introduce the definition, key features, applicable algorithms, and recent research trends for various authentication technologies that can be used as an implicit continuous authentication technology.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.7
• /
• pp.3720-3746
• /
• 2017

At present, numerous hospitals and medical institutes have implemented Telecare Medicine Information Systems (TMIS) with authentication protocols to enable secure, efficient electronic transactions for e-medicine. Numerous studies have investigated the use of authentication protocols to construct efficient, robust health care services, and recently, Liu et al. presented an authenticated key agreement mechanism for TMIS. They argued that their mechanism can prevent various types of attacks and preserve a secure environment. However, we discovered that Liu et al.'s mechanism presents some vulnerabilities. First, their mechanism uses an improper identification process for user biometrics; second, the mechanism is not guaranteed to protect against server spoofing attacks; third, there is no session key verification process in the authentication process. As such, we describe how the above-mentioned attacks operate and suggest an upgraded security mechanism for TMIS. We analyze the security and performance of our method to show that it improves security relative to comparable schemes and also operates in an efficient manner.

• Journal of Communications and Networks
• /
• v.18 no.2
• /
• pp.190-200
• /
• 2016

In this paper, we consider some aspects of binding properties that bind an anonymous user with messages. According to whether all the messages or some part of the messages are bound with an anonymous user, the protocol is said to satisfy the full binding property or the partial binding property, respectively. We propose methods to combine binding properties and anonymity-based authenticated key agreement protocols. Our protocol with the full binding property guarantees that while no participant's identity is revealed, a participant completes a key agreement protocol confirming that all the received messages came from the other participant. Our main idea is to use an anonymous signature scheme with a signer-controlled yet partially enforced linkability. Our protocols can be modified to provide additional properties, such as revocable anonymity. We formally prove that the constructed protocols are secure.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10c
• /
• pp.331-333
• /
• 2004

본 논문에서는 SIP(Session initiation Protocol) 기반의 VoIP(Voice over Internet Protocol) 시스템에 효율적인 call-control을 위해 필요한 헤더와 파라미터를 추가한 Extension SIP를 제안하였다. 또한 이 제시된 Extension SIP에 따르는 SIP Proxy Server와 User Agent(User Agent Client, User Agent Server)를 리눅스 시스템에서 C언어를 통해 구현하였고, 이 구현된 Extension SIP 시스템을 통해 기존의 SIP 시스템과 cail-control을 위한 packet traffic을 비교.분석 함으로써 제안한 Extension SIP의 효율성 을 증명하였다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04d
• /
• pp.542-544
• /
• 2003

인터넷이 생활의 일부분으로 변모한 지금 사용자들은 음성 및 영상 또는 텍스트 메시지와 같은 다양한 실시간 멀티미디어 세션의 전송을 위한 다양한 프로토콜을 필요로 하고 있다. 이에 SIP(Session Initiation Protocol)는 User Agent라는 인터넷 종단점을 발견하고 상호간에 세션의 특징을 그대로 사용할 수 있게 함으로써 다양한 사용자들의 욕구에 부응할 수 있는 차세대 통신 프로토콜로 각광받고 있다. 이에 본 논문에서는 SIP User Agent를 구현하는 방안과 설계 및 구현하는 과정을 보이고자 한다.

• Journal of Biomedical Engineering Research
• /
• v.28 no.1
• /
• pp.36-45
• /
• 2007

Today Human Personal Trainers are becoming very famous in this health conscious world. They teach user to achieve fitness goals in managed way. Due to their high fee and tight schedule they are unavailable to mass number of people. Another solution to this problem is to develop digital personal trainer portable instrument that may replace human personal trainers. We developed a portable digital exercise trainer device - BIOFIT that manages, monitors and records the user's physical status and workout during exercise session. It guides the user to exercise efficiently for specific fitness goal. It keeps the full exercise program i.e. exercises start date and time, duration, mode, control parameter, intensity in its memory which helps the user in managing his exercise. Exercise program can be downloaded from the internet. During exercise it continuously monitors the user's physiological parameters: heart rate, number of steps walked, and energy consumed. If these parameters do not range within prescribed target zone, the BIOFIT will alarm the user as a feedback to control exercise. The BIOFIT displays these parameters on graphic LCD. During exercise it continuously records the heart rate and number of steps walked every 10 seconds along with exercise date and time. This stored information can be used as treatment for the user by an exercise expert. Real-time ECG monitoring can be viewed wirelessly (RF Communication) on a remote PC.

• Convergence Security Journal
• /
• v.23 no.4
• /
• pp.43-52
• /
• 2023

Many businesses and organizations use smartcard-based user authentication for remote access. In the meantime, through various studies, dynamic ID-based remote user authentication protocols for distributed multi-server environments have been proposed to protect the connection between users and servers. Among them, Qiu et al. proposed an efficient smart card-based remote user authentication system that provides mutual authentication and key agreement, user anonymity, and resistance to various types of attacks. Later, Andola et al. found various vulnerabilities in the authentication scheme proposed by Qiu et al., and overcame the flaws in their authentication scheme, and whenever the user wants to log in to the server, the user ID is dynamically changed before logging in. An improved authentication protocol is proposed. In this paper, by analyzing the operation process and vulnerabilities of the protocol proposed by Andola et al., it was revealed that the protocol proposed by Andola et al. was vulnerable to offline smart card attack, dos attack, lack of perfect forward secrecy, and session key attack.

• The Journal of the Korea Contents Association
• /
• v.11 no.2
• /
• pp.142-151
• /
• 2011

All medical information over sensor networks need to transmit and process securely in the u-Health services. The reliability of transmission between u-Health medical sensor devices and gateway is very important issue. When the user moves to other place with u-Health devices, its signal strength is going down and is far from the coverage of gateway. In this case, Malicious user can be carried out an intrusion under the situation. And also rogue gateway can be tried to steal medical information. Therefore, it needs mutual authentication between sensor devices and gateway. In this paper, we design a mutual authentication protocol which divided sessions from an authenticated session are updated periodically. And in order to reduce the traffic overhead for session authentication, we also introduce dynamic session management according to sampling rate of medical sensor type. In order to verify this, we implemented the programs for the test-bed, and got an overall success from three types of experiment.

• The KIPS Transactions:PartC
• /
• v.13C no.7 s.110
• /
• pp.843-850
• /
• 2006

This is devoted to first, to propose a hash chain algorithm that generates more secure key than conventional encryption method. Secondly, we proposes encryption method that is more secure than conventional system using a encryption method that encrypts each block with each key generated by a hash chain algorithm. Thirdly, After identifying the user via wired and wireless network using a user authentication method. We propose a divided session key method so that Although a client key is disclosed, Attackers cannot catch a complete key and method to safely transfer the key using a divided key method. We make an experiment using various size of digital contents files for performance analysis after performing the design and implementation of system. Proposed system can distribute key securely than conventional system and encrypt data to prevent attacker from decrypting complete data although key may be disclosed. The encryption and decryption time that client system takes to replay video data fie is analogous to the conventional method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.6-8
• /
• 2022

Web log analysis is one of the essential procedures for service improvement. ScienceON is a representative information service that provides various S&T literature and information, and we analyze its logs for continuous improvement. This study aims to analyze ScienceON web logs recorded in May 2020 and May 2021, dividing them into humans and web crawlers and performing an in-depth analysis. First, only web logs corresponding to S (search), V (detail view), and D (download) types are extracted and normalized to 658,407 and 8,727,042 records for each period. Second, using the Python 'user_agents' library, the logs are classified into humans and web crawlers, and third, the session size was set to 60 seconds, and each session is analyzed. We found that web crawlers, unlike humans, show relatively long for the average behavior pattern per session, and the behavior patterns are mainly for V patterns. As the future, the service will be improved to quickly detect and respond to web crawlers and respond to the behavioral patterns of human users.