• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.6C
• /
• pp.659-667
• /
• 2003

IPsec refers to a standardized set of security protocols and algorithms which can provide the integrity, the authentication and the confidentiality services for IP packets in the Internet. Between two security gateways, IPsec provides the access control, the connectionless Integrity, data origin authentication, the anti-replay, and the confidentiality services, not only to the IP layer but also to the upper layers. In this paper, we describe a VPN (Virtual Private Network) testbed configuration using the FreeS/WAN and analyze the ISAKMP messages exchanged between the linux security gateway during the IKE SA setup. Also, we describe our development of an IPSEC encryption verification tool which can be used conveniently by VPN administrators.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.18 no.12
• /
• pp.1945-1955
• /
• 1993

Two types of key distribution protocols with user authentication are proposed for PCS(Personal Communication Service) and digital mobile communication systems. In this paper, we investigate the service procedure and security requirement for PCS. also discuss the security problems of KDPs previously proposed for digital mobile communication, and show that Park`s type II among the schemes is easily broken by an impersonation attack. Our proposed I, II are based on the modified cryptosystem of Rabin and ElGamal, and reduce the amount of computation for user authentication. Such a reduction is good solution coped with the limited capability of user terminal on PCS. As a result of making a comparison between our schemes and the previously presented schemes, we can know ours are more secure and efficient for PCS.

• Annual Conference of KIPS
• /
• 2014.11a
• /
• pp.482-485
• /
• 2014

온라인 중고물품 거래의 장점은 인터넷을 사용하는 모든 사용자에게 자신이 팔고자 하는 물건을 쉽게 알릴수 있다는것이다. 하지만 온라인에서 중고물품 거래 시에 개인의 정보를 노출할 경우가 많아지게 되는데 이는 프라이버시를 침해할 수 있다. 온라인 중고물품거래시에 사용자들은 자신이 판매하는 물건과 함께 이메일 주소나 핸드폰 번호를 노출하게 되는데 이 정보를 소셜네트워크서비스에 연결하면 특정인에 정보를 획득할 수 있게 된다. 공격자는 온라인 중고물품거래가 진행되는 곳에서 특정인에 대한 정보를 획득한뒤 소셜네트워크서비스와 정보를 연결하여 특정인에 대한 스토킹이나 피싱, 금융사기같은 범죄를 할 가능성이 있다. 본 논문에서는 개인정보노출에 대한 위험성을 알아보기 위해 중고물품 사이트에서 획득한 개인정보를 소셜네트워크서비스에 연결하여 개인 식별가능성을 실험해 보았으며 이를 막기 위한 방법을 제안하였다.

• Journal of Internet Computing and Services
• /
• v.17 no.6
• /
• pp.81-91
• /
• 2016

VANET is one of the most developed technologies many people have considered a technology for the next generation. It basically utilizes the wireless technology and it can be used for measuring the speed of the vehicle, the location and even traffic control. With sharing those information, VANET can offer Cooperative ITS which can make a solution for a variety of traffic issues. In this way, safety for drivers, efficiency and mobility can be increased with VANET but data between vehicles or between vehicle and infrastructure are included with private information. Therefore alternatives are necessary to secure privacy. If there is no alternative for privacy, it can not only cause some problems about identification information but also it allows attackers to get location tracking and makes a target. Besides, people's lives or property can be dangerous because of sending wrong information or forgery. In addition to this, it is possible to be information stealing by attacker's impersonation or private information exposure through eavesdropping in communication environment. Therefore, in this paper we propose Privacy Assurance Architecture for VANET to ensure privacy from these threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.145-153
• /
• 2004

Digital fingerprinting schemes are cryptographic methods that a seller can identify a traitor who illegally redistributed digital contents by embedding it into buyer's information. Recently, Josep Domingo-Ferrer suggested an anonymous digital fingerprinting scheme based on committed oblivious transfer protocol. It is significant in the sense that it is completely specified from a computation point of view and is thus readily implementable. But this scheme has the serious problem that it cannot provide the security of buyers. In this paper, we first show how to break the existing committed oblivious transfer-based fingerprinting schemes and then suggest secure fingerprinting scheme by introducing oblivious transfer protocol with two-lock cryptosystem based on discrete logarithm. All computations are performed efficiently and the security degree is strengthened in our proposal.

• Annual Conference of KIPS
• /
• 2012.11a
• /
• pp.1028-1031
• /
• 2012

NFC 기능을 탑재한 스마트폰의 보급이 증가하고 점차적으로 NFC를 활성화하여 고객에게 편리함을 주려는 기업들이 늘어나고 있다. 하지만 기존의 NFC 기반 Payment System의 경우 사용자의 개인 정보를 부분적으로 암호화하지 않은 것과 내부 및 제 3자의 개인정보 유출, 그리고 개인정보를 무단활용을 대표적인 문제점으로 나타낼 수 있다. 뿐만 아니라 도난 및 분실의 위험으로 인한 피해가 있을 수 있다. 이러한 문제점들로 인하여 본 연구에서는 자체적인 NFC 보안에 사용자 어플리케이션 실행시 한 번의 개인정보 입력에 따른 암호화로써 NFC 단말기 간의 정보를 주고 받을 때 암호화를 할 수 있도록 구현하고자 한다. 이렇게 함으로써 NFC를 이용하여 결제를 하였을 시에 암호화 된 개인정보이기 때문에 외부의 공격자로부터 보안에 대한 위협을 줄일 수 있으며, 도난과 분실에도 개인정보가 식별되지 않기 때문에 보다 안정성을 높일 수 있다.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.1 s.45
• /
• pp.161-168
• /
• 2007

Web attack uses structural, logical and coding error or web application rather than vulnerability to Web server itself. According to the Open Web Application Security Project (OWASP) published about ten types of the web application vulnerability to show the causes of hacking, the risk of hacking and the severity of damage are well known. The detection ability and response is important to deal with web hacking. Filtering methods like pattern matching and code modification are used for defense but these methods can not detect new types of attacks. Also though the security unit product like IDS or web application firewall can be used, these require a lot of money and efforts to operate and maintain, and security unit product is likely to generate false positive detection. In this research profiling method that attracts the structure of web application and the attributes of input parameters such as types and length is used, and by installing structural database of web application in advance it is possible that the lack of the validation of user input value check and the verification and attack detection is solved through using profiling identifier of database against illegal request. Integral security management system has been used in most institutes. Therefore even if additional unit security product is not applied, attacks against the web application will be able to be detected by showing the model, which the security monitoring log gathering agent of the integral security management system and the function of the detection of web application attack are combined.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.521-530
• /
• 2017

In this paper, we propose a protection solution against intelligent Ransomware attacks by encrypting not only source files but also backup files of external storage. The system is designed to automatically back up to the cloud server at the time of file creation to perform monitoring and blocking in case a specific process affects the original file. When client creates or saves a file, both process identifiers, parent process identifiers, and executable file hash values are compared and protected by the whitelist. The file format that is changed by another process is monitored and blocked to prevent from suspicious behavior. By applying the system proposed in this paper, it is possible to protect against damage caused by the modification or deletion of files by Ransomware.

• Journal of Korea Multimedia Society
• /
• v.12 no.5
• /
• pp.644-652
• /
• 2009

New communication environments such as USN, WiBro and RFID have been realized nowadays. Thus, in order to ensure security and privacy protection, various light-weight block ciphers, e.g., mCrypton, HIGHT, SEA and PRESENT, have been proposed. The block cipher mCrypton, which is a light-weight version of Crypton, is a 64-bit block cipher with three key size options (64 bits, 96 bits, 128 bits). In this paper we show that 8-round mCrypton with 128-bit key is vulnerable to related-key rectangle attack. It is the first known cryptanalytic result on mCrypton. We first describe how to construct two related-key truncated differentials on which 7-round related-key rectangle distinguisher is based and then exploit it to attack 8-round mCrypton. This attack requires $2^{45.5}$dada and $2^{45.5}$time complexities which is faster than exhaustive key search.

• Journal of the Korea Convergence Society
• /
• v.8 no.10
• /
• pp.29-35
• /
• 2017

In this paper, we describe certificate policy and characteristics in cooperation condition with Cooperative intelligent transport system and autonomous driving vehicle. Among the authentication functions of the vehicle, there is a pseudonym authentication function. This pseudonymity is provided for the purpose of protecting the privacy of information that identifies the vehicle driver, passenger or vehicle. Therefore, the purpose of the pseudonym certificate is to be used for reporting on BSM authentication or misbehavior. However, this pseudonym certificate is used in the OBE of the vehicle and does not have a cryptographic key. In this paper, we consider a method for managing a pseudonym authentication function, which is a key feature of the pseudonym certificate, such as location privacy protection, pseudonym function, disposition of linkage value or CRL, request shuffling processing by registry, butterfly key processing, The authentication policy and its characteristics are examined in detail. In connection with the management of pseudonymes of the vehicle, the attacker must record the BSM transmission and trace the driver or vehicle. In this respect, the results of this study are contributing.