• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.3
• /
• pp.30-37
• /
• 2005

Ad hoc network is a collection of mobile nodes without using any infrastructure, it , is using in the various fields. Because ad hoc network is vulnerable to attacks such as routing disruption and resource consumption, it is in need of routing protocol security. In this paper, we propose two secure route-discovery protocols. One is a protocol using hash function. This protocol is weak in active attack but has some merits such as small data of transmission packet and small computation at each hop. The other is a protocol using hash function and public key cryptography. This protocol is strong in active attack.

• Journal of KIISE:Computing Practices and Letters
• /
• v.16 no.6
• /
• pp.693-697
• /
• 2010

In current e-commerce system, it happens that client's confidential information such as credit card numbers, pin numbers, or digital certificate may pass through a web proxy server or an altered proxy server without client's awareness. Even though the confidential information is encrypted and sent through SSL(Secure Sockets Layer) or TLS(Transport Layer Security) protocol, it can be exposed to the risk of sniffing by the digital certificate forgery at the proxy server, which is called the SSL MITM(Man-In-The-Middle) Proxy attack. In this paper, current credit card web-payment systems, which is weak at proxy information alternation attack, are analyzed. A resolution with certificate proxy server is also proposed to prevent the MITM attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.2
• /
• pp.285-292
• /
• 2009

In 2005, Lee and Chen suggested an enhanced one-time password authentication scheme which can prevent the stolen verifier attack that the Yeh-Shen-Whang's scheme has. The Lee-Chen's scheme addresses the stolen verifier attack by deriving each user's pre-shared secret SEED from the server secret. However, we investigated the weakness of the Lee-Chen's scheme and found out that it was suffering from the off-line dictionary attack on the server secret. We demonstrated that the off-line dictionary attack on the server secret can be easily tackled with only the help of the Hardware Security Modules (HSM). Moreover, we improved the scheme not to be weak to the denial of service attack and allow compromise of the past session keys even though the current password is stolen. Through the comparison between the Lee-Chen's scheme and the proposed one, we showed that the proposed one is stronger than other.

• Journal of Digital Convergence
• /
• v.15 no.10
• /
• pp.253-260
• /
• 2017

Authenticated key agreement in multi-server environments is one of very important security issues because only authorized user needs to access their data and services. To support this issue, numerous schemes have been proposed over recent years. Recently, Shin showed the security weaknesses in the previous scheme and proposed an improved scheme called SIAKAS to solve them. Unfortunately, this paper shows that SIAKAS is still weak against application server impersonation attack and could be traceable to attackers. To solve the problems in SIAKAS, we propose an untraceable authenticated key agreement scheme, denoted by UAKAS. UAKAS efficiently solves security and privacy issues in SIAKAS and the related schemes and could reduce the operation overhead at least 12% compared to them.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.1
• /
• pp.121-132
• /
• 2009

Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

• Journal of Convergence for Information Technology
• /
• v.11 no.11
• /
• pp.66-74
• /
• 2021

With the development of the Internet, user authentication technology that proves me online is improving. Existing ID methods pose a threat of personal information leakage if the service provider manages personal information and security is weak, and the information subject is to the service provider. In this study, as online identification technology develops, we propose a DID-based self-authentication model to prevent the threat of leakage of personal information from a centralized format and strengthen sovereignty. The proposed model allows users to directly manage personal information and strengthen their sovereignty over information topics through VC issued by the issuing agency. As a research method, a self-authentication model that guarantees security and integrity is presented using a decentralized identifier method based on distributed ledger technology, and the security of the attack method is analyzed. Because it authenticates through DID Auth using public key encryption algorithms, it is safe from sniffing, man in the middle attack, and the proposed model can replace real identity card.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.274-277
• /
• 2008

Rekeying is the process of changing the encryption key of an ongoing communication. The main objective is to limit the amount of data encrypted with the same key. The IEEE 802.11 standard defines the Wired Equivalent Privacy, or WEP, encapsulation of 802.11 data frames. MAC at sender encrypts the payload (frame body and CRC) of each 802.11 frame before transmission using RC4 stream cipher. MAC at receiver decrypts and passes data to higher level protocol. WEP uses symmetric key stream cipher (RC4) where same key will be used for data encryption and decryption at the sender and the receiver. WEP is not promising with the advancement of the wireless technology existing today. We propose to use the existing information to define the security attributes. This will eliminate the steps that regenerated keys have to be sent to each other over certain period. The rekeying scheme is according to the number of bytes transmitted. Therefore, even the attacker has recorded the packets, it will be insufficient information and time for the attacker to launch the attacks as the key is not deterministic. We develop a packet simulation software for packet transmission and simulate our propose scheme. From the simulation, our propose scheme will overcome the weak WEP key attack and provide an alternative solution to wireless packet transmission. Besides that, our solution appears to be a software approach where only driver updates are needed for the wireless client and server.

• The KIPS Transactions:PartC
• /
• v.19C no.4
• /
• pp.225-230
• /
• 2012

Since one of weak points of public crypto-systems is to require the verification of public key, identity based crypto-systems were proposed as an alternative. However, such techniques need a private key generator which can be a single point of failure. To improve such weakness, threshold identity-based crypto-systems were proposed. In this paper, we propose a new threshold identity-based encryption scheme which is constructed to extend an identity-based encryption scheme by Cocks. Since the proposed scheme is based on quadratic residues, it has smaller complexity of encryption. And we prove that the proposed scheme is secure against a chosen identity attack.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.4
• /
• pp.169-175
• /
• 2008

The existing block encryption algorithms have been designed for the encryption key value to be unchanged and applied to the round functions of each block. and enciphered. Therefore, it has such a weak point that the plaintext or encryption key could be easily exposed by differential cryptanalysis or linear cryptanalysis, both are the most powerful methods for decoding block encryption of a round repeating structure. Dynamic cipher has the property that the key-size, the number of round, and the plaintext-size are scalable simultaneously. Dynamic network is the unique network satisfying these characteristics among the networks for symmetric block ciphers. We analyze the strength of Dynamic network for meet-in-the-middle attack, linear cryptanalysis, and differential cryptanalysis. Also, In this paper we propose a new network called Dynamic network for symmetric block ciphers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.857-869
• /
• 2016

It is a well-known fact that password based authentication system has been threatened for crucial data leakage through monitoring key log. Recently, to prevent this type of attack using keystroke logging, virtual onscreen keyboards are widely used as one of the solutions. The virtual keyboards, however, also have some crucial vulnerabilities and the major weak point is that important information, such as password, can be exposed by tracking the trajectory of the mouse cursor. Thus, in this paper, we discuss the vulnerabilities of the onscreen keyboard, and present hypothetical attack scenario and a method to crack passwords. Finally to evaluate the performance of the proposed scheme, we demonstrate an example experiment which includes attacking and cracking by utilizing password dictionary and analyze the result.