• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.9 no.3
• /
• pp.727-733
• /
• 2008

An authentication between a user's terminal and a Access Control Router (ACR) is preceded so that a user receives secure WiBro services. Otherwise they can be exposed from many attack risks. So the Telecommunications Technology Association (TTA) constituted a mechanism of the mutual authentication for WiBro service. In mechanism a user executes the mutual authentication between a Portable Equipment (PE) and the ACR by using Portable Internet Subscriber Identity Module (PISIM). But this standard needs many message to authenticate the ACR and the users cann't use wireless Internet service. Therefore in this paper we propose the key agreement protocol between the PSS and the ACR to authenticate the PSS to ACR. At this time Power Support Device (PSD) fer supporting the calculated quantity of the PSS is participated in the key agreement protocol. The ACR sends a generated key to Key Authentication Server (KAS) via secure IPsec tunnel and then it preserves the identity of the PSS and the value of key after it enciphered them. In conclusion we analyze the security and efficiency of the proposed protocol.

• Journal of KIISE:Databases
• /
• v.37 no.4
• /
• pp.209-219
• /
• 2010

Online social network services that are rapidly growing recently store tremendous data and analyze them for many research areas. To enhance the effectiveness of information, companies or public institutions publish their data and utilize the published data for many purposes. However, a social network containing information of individuals may cause a privacy disclosure problem. Eliminating identifiers such as names is not effective for the privacy protection, since private information can be inferred through the structural information of a social network. In this paper, we consider a new complex attack type that uses both the content and structure information, and propose a model, $\ell$-degree diversity, for the privacy preserving publication of the social network data against such attacks. $\ell$-degree diversity is the first model for applying $\ell$-diversity to social network data publication and through the experiments it shows high data preservation rate.

• Journal of Korea Multimedia Society
• /
• v.9 no.5
• /
• pp.615-623
• /
• 2006

It has been estimated that 'RFID' technology would be playing an important role in the incoming ubiquitous environment. For this reason, many studies on 'RFID' have been conducted and its application has been on the increase in various fields such as finance, medicine, transportation and culture as well as in logistics distribution. However, the communication between Tag and Reader in RFID system has been conducted by wireless communication of radio frequency so that the information on identification could be eavesdropped by the third party maliciously. Such eavesdropped information could be also used as basic information in attacking others; in this regard, it could impair the privacy of its users and the users have avoided using 'RFID.' To solve theses problems, many studies are being performed to different output of tags by renewing ID. However, protocols have been devised without considering an ID Synchronization in the ID renewal process between database and tag in the existing studies. In this regard, this study has suggested a RFID Authentication Protocol while considering the ID Synchronization.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.2
• /
• pp.265-270
• /
• 2022

With the advent of the Fourth Industrial Revolution, the paradigm of finance is also changing. As remote work becomes more active due to cloud computing and coronavirus, the work environment changes and attack techniques are becoming intelligent and advanced, companies should accept new security models to further strengthen their current security systems. Zero trust security increases security by monitoring all networks and allowing strict authentication and minimal access rights for access requesters with the core concept of doubting and not trusting everything. In addition, the use of NAC and EDR for identification subjects and data to strengthen access control of the zero trust-based security system, and strict identity authentication through MFA will be explained. Therefore, this paper introduces a zero-trust security solution that strengthens existing security systems and presents the direction and validity to be introduced in the financial sector.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.16 no.7
• /
• pp.4884-4890
• /
• 2015

These days most of people possesses an average of one to two mobile devices in the world and a wireless network market is gradually expanding. Wi-Fi preference are increasing in accordance with the use growth of mobile devices. A number of areas such as public agencies, health care, education, learning, and content, manufacturing, retail create new values based on Wi-Fi, and the global network is built and provides complex services. However, There exist some attacks and vulnerabilities like wireless radio device identifier vulnerability, illegal use of network resources through the MAC forgery, wireless authentication key cracking, unauthorized AP / devices attack in the next generation radio network environment. In addition, advanced security technology research, such as authentication Advancement and high-speed secure connection is not nearly progress. Therefore, this paper designed a secure communication system for message protection in next-generation wireless network environments by device identification and, designing content classification and storage protocols. The proposed protocol analyzed safeties with respect to the occurring vulnerability and the securities by comparing and analyzing the existing password techniques in the existing wireless network environment. It is slower 0.72 times than existing cypher system, WPA2-PSK, but enforces the stability in security side.

• The Journal of the Korea Contents Association
• /
• v.16 no.8
• /
• pp.90-96
• /
• 2016

The 3390 million people, around 83% of the adult population in Korea use smartphone. Although the safety problem of the certificate has been occurred continuously, most of these users use the certificate. These safety issues as a solution to 'The owner of a mobile phone using SMS authentication technology', 'Biometric authentication', etc are being proposed. but, a secure and reliable authentication scheme has not been proposed for replace the certificate yet. and there are many attacks to steal the certificate and private key. For these reasons, security experts recommend to store the certificate and private key on usb flash drive, security tokens, smartphone. but smartphones are easily infected malware, an attacker can steal certificate and private key by malicious code. If an attacker snatchs the certificate, the private key file, and the password for the private key password, he can always act as valid user. In this paper, we proposed a safe way to keep the private key on smartphone using smartphone's unique information and user password. If an attacker knows the user password, the certificate and the private key, he can not know the smart phone's unique information, so it is impossible to use the encrypted private key. Therefore smartphone user use IT service safely.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.4
• /
• pp.700-708
• /
• 2015

A software birthmark is the set of characteristics of a program which can be used to identify the program. Many researchers have studied on detecting theft of java programs using some birthmarks. In case of Android apps, code obfuscation techniques are used to protect the apps against reverse-engineering and tampering. However, attackers can also use the obfuscation techniques in order to conceal a stolen program. A birthmark (feature) of an app can be alterable by code obfuscations. Therefore, it is necessary to detect Android app theft based on the birthmark which is resilient to code obfuscation. In this paper, we propose an effective Android app birthmark and app theft detection through the proposed birthmark. By analyzing some obfuscation tools, we have first selected parameter and the return types of methods as an adequate birthmark. Then, we have measured similarity of target apps using the birthmarks extracted from the apps, where some target apps are not obfuscated and the others obfuscated. The measurement results show that our proposed birthmark is effective for detecting Android app theft even though the apps are obfuscated.

• Journal of Internet Computing and Services
• /
• v.23 no.5
• /
• pp.127-134
• /
• 2022

Steganography is a hidden technique in which secret messages are hidden in various multimedia files, and it is widely exploited for cyber crime and attacks because it is very difficult for third parties other than senders and receivers to identify the presence of hidden information in communication messages. Botnet typically consists of botmasters, bots, and C&C (Command & Control) servers, and is a botmasters-controlled network with various structures such as centralized, distributed (P2P), and hybrid. Recently, in order to enhance the concealment of botnets, research on Stego Botnet, which uses SNS platforms instead of C&C servers and performs C&C communication by applying steganography techniques, has been actively conducted, but image or video media-oriented stego botnet techniques have been studied. On the other hand, audio files such as various sound sources and recording files are also actively shared on SNS, so research on stego botnet based on audio steganography is needed. Therefore, in this study, we present the results of comparative analysis on hidden capacity by file type and tool through experiments, using a stego botnet that performs C&C hidden communication using audio files as a cover medium in Telegram Messenger.

• Journal of Internet Computing and Services
• /
• v.13 no.2
• /
• pp.59-71
• /
• 2012

PKI-based public key scheme is outstanding in terms of authenticity and privacy. Nevertheless its application brings big burden due to the certificate/key management. It is difficult to apply it to limited computing devices in WSN because of its high encryption complexity. The Bilinear Pairing emerged from the original IBE to eliminate the certificate, is a future significant cryptosystem as based on the DDH(Decisional DH) algorithm which is significant in terms of computation and secure enough for authentication, as well as secure and faster. The practical EC Weil Pairing presents that its encryption algorithm is simple and it satisfies IND/NM security constraints against CCA. The Random Oracle Model based IBE PKG is appropriate to the structure of our target system with one secret file server in the operational perspective. Our work proposes modification of the Weil Pairing as proper to the closed network for secret file distribution[2]. First we proposed the improved one computing both encryption and message/user authentication as fast as O(DES) level, in which our scheme satisfies privacy, authenticity and integrity. Secondly as using the public key ID as effective as PKI, our improved IBE variant reduces the key exposure risk.