• Annual Conference of KIPS
• /
• 2019.10a
• /
• pp.442-445
• /
• 2019

차량 애드혹 네트워크에서 효율적인 인증을 위한 다양한 연구들이 진행되었다. 최근에 Ying과 Nayak은 이러한 문제를 해결하기 위해서 익명성을 제공하는 새로운 인증 프로토콜을 제안하였다. 본 논문에서는 Ying과 Nayak의 인증 프로토콜에 대한 리뷰를 통해서 이 프로토콜이 식별자 검증을 위한 서비스 거부 공격에 취약함을 보인다. 또한, 검증자 테이블 사용으로 인하여 Ying과 Nayak의 인증 프로토콜이 익명성을 제공하지 못함을 보인다. 즉, Ying과 Nayak의 인증 프로토콜은 보안과 프라이버시가 중요한 차량 애드혹 네트워크에 적절하지 못함을 보인다.

• The KIPS Transactions:PartC
• /
• v.19C no.3
• /
• pp.167-172
• /
• 2012

Mobile phone devices and memory card can be robbed and lost due to the carelessness that might be caused to leak personal information, and also company's confidential information can be disclosed. Therefore, the importance of user authentication to protect personal information is increasing exponentially. However, there are the limitations that criminals could easily obtain and abuse information about individuals, because the input method of personal identification number or the input method of password might not be safe for Shoulder Surfing Attack(SSA). Although various biometric identification methods were suggested to obstruct the SSA, it is the fact that they also have some faults due to the inconvenience to use in mobile environments. In this study, more complemented service for the user authentication was proposed by applying Keystroke method in the mobile environments to make up for the faults of existing biometric identification method. Lastly, the effectiveness and validity of this study were confirmed through experimental evaluations.

• Journal of Digital Contents Society
• /
• v.19 no.4
• /
• pp.837-844
• /
• 2018

Recently, the cloud technology has made dynamical network changes by enabling the construction of a logical network without building a physical network. Despite recent research on the cloud, it is necessary to study security functions for the identification of fake virtual network functions and the encryption of communication between entities. Because the VNFs are open to subscribers and able to implement service directly, which can make them an attack target. In this paper, we propose a virtual public key infrastructure mechanism that detects a fake VNFs and guarantees data security through mutual authentication between VNFs. To evaluate the virtual PKI, we built a management and orchestration environment to test the performance of authentication and key generation for data security. And we test the detection of a distributed denial of service by using several AI algorithms to enhance the security in NFV.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.3
• /
• pp.93-104
• /
• 2010

The advent of various mobile devices and mobile services has caused diversification of information stored in a mobile device, e.g., SMS, photos, movies, addresses, e-mails, digital certificates, and so on. Because mobile devices are lost or stolen easily, user authentication is critical to protect the information stored in mobile devices. However, the current user authentication methods using Personal Identification Numbers (PINs) and passwords are vulnerable to Shoulder Surfing Attacks (SSAs), which enables an attacker to obtain user's information. Although there are already several SSA-resistant authentication methods in the literature, most of these methods lack of usability. Moreover, they are not suitable for use in mobile devices. In this paper, we propose a user friendly password input method for mobile devices which is secure against SSA. We also perform user tests and compare the security and usability of the proposed method with those of the existing password input methods.

• The KIPS Transactions:PartC
• /
• v.16C no.2
• /
• pp.183-188
• /
• 2009

Wireless sensor networks will be broadly deployed in the real world and widely utilized for various applications. A prerequisite for secure communication among the sensor nodes is that the nodes should share a session key to bootstrap their trust relationship. The open problems are how to verify the identity of communicating nodes and how to minimize any information about the keys disclosed to the other side during key agreement. At any rate, any one of the existing schemes cannot perfectly solve these problems due to some drawbacks. Accordingly, we propose a new pre-distribution scheme with the following merits. First, it supports authentication services. Second, each node can only find some indices of key spaces that are shared with the other side, without revealing unshared key information. Lastly, it substantially improves resilience of network against node capture. Performance and security analyses have proven that our scheme is suitable for sensor networks in terms of performance and security aspects.

• Journal of Korea Society of Industrial Information Systems
• /
• v.28 no.5
• /
• pp.41-54
• /
• 2023

Smart grid that supports efficient energy production and management is used in various fields and industries. However, because of the environment in which services are provided through open networks, it is essential to resolve trust issues regarding security vulnerabilities and privacy preservation. In particular, the identification information of smart meter is managed by a centralized server, which makes it vulnerable to security attacks such as device stolen, data forgery, alteration, and deletion. To solve these problems, this paper proposes a blockchain based authentication protocol for a smart meter. The proposed scheme issues an unique decentralized identifiers (DIDs) for individual smart meter through blockchain and utilizes a random values based on physical unclonable function (PUF) to strengthen the integrity and reliability of data. In addition, we analyze the security of the proposed scheme using informal security analysis and AVISPA simulation, and show the efficiency of the proposed scheme by comparing with related work.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1191-1204
• /
• 2012

As attackers try to paralyze information security systems, many researchers have investigated security testing to analyze vulnerabilities of information security products. Penetration testing, a critical step in the development of any secure product, is the practice of testing a computer systems to find vulnerabilities that an attacker could exploit. Security testing like penetration testing includes gathering information about the target before the test, identifying possible entry points, attempting to break in and reporting back the findings. Therefore, to obtain maximum generality, re-usability and efficiency is very useful for efficient security testing and vulnerability hunting activities. In this paper, we propose a threat analysis based software security testing technique for evaluating that the security functionality of target products provides the properties of self-protection and non-bypassability in order to respond to attacks to incapacitate or bypass the security features of the target products. We conduct a security threat analysis to identify vulnerabilities and establish a testing strategy according to software modules and security features/functions of the target products after threat analysis to improve re-usability and efficiency of software security testing. The proposed technique consists of threat analysis and classification, selection of right strategy for security testing, and security testing. We demonstrate our technique can systematically evaluate the strength of security systems by analyzing case studies and performing security tests.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.9
• /
• pp.235-242
• /
• 2018

Various technologies have been developed to more efficiently share content such as P2P, CDN, and CCN. These technologies take a common approach that content request packets is responded by distributed network nodes or hosts, not by a single content distributor. Such approaches not only resolve network congestion around content distributors, but also make it possible to distribute content regardless of the system and network status of content distributors. However, when receiving content from distributed nodes/hosts, not from authenticated distributors, users cannot practically identify which node/host sent content to them. Due to this characteristic, various hacking caused by the malicious modification of content is possible. Therefore, to make such approaches more secure, a content authentication technique is required. In this paper, we propose a improved operation of MHT used in CCN for authenticating distributed content. Then we evaluate the proposed method by comparing its performance with the existing technology.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.143-158
• /
• 2017

Smart Home Appliance which makes people to operate machines in the home by remote control is service or technology to provide convenience. It is close to home, so it has privacy problem and security problem. If Smart Home Applications is attacked, Scale of damage is anticipated. In case of products from overseas country, various vulnerability has been announced every year. Therefore, It is necessary to identify and to analysis threats of Smart Home Appliance using systematically method for using safe Smart home appliance service. In this paper, we present check list for identifying and analyzing threats using Threat Modeling and then we analyzed the Domestic Smart Home Appliance using check list which we present.

• Journal of KIISE
• /
• v.42 no.5
• /
• pp.681-689
• /
• 2015

Personal information includes information about a living human individual. It is the information identifiable through name, resident registration number, and image, etc. Personal information which is collected by institutions can be wrongfully used, because it contains confidential information of an information object. In order to prevent this, a method is used to remove personal identification elements before distributing and sharing the data. However, even when the identifier such as the name and the resident registration number is removed or changed, personal information can be exposed in the case of a linking attack. This paper proposes a new anonymization technique to enhance data utility. To achieve this, attributes that are utilized in service tend to anonymize at a low level. In addition, the anonymization technique of the proposal can provide two or more anonymized data tables from one original data table without concern about a linking attack. We also verify our proposal by using the cooperative game theory.