• Convergence Security Journal
• /
• v.15 no.3_1
• /
• pp.83-90
• /
• 2015

Current PKI system will confront more dangerous elements in the wireless network. Accordingly, this study suggests a plan to strengthen authentication system plan with using access control and encryption to the location. Locational information collecting devices such as GPS and sensor are utilized to create a new key for authentication and collect locational information. Such a key encodes data and creates an authentication code for are access control. By using the method suggested by this study, it is possible to control access of a military secret from unauthorized place and to protect unauthorized user with unproposed technique. In addition, this technique enables access control by stage with utilizing the existing PKI system more wisely.

• Convergence Security Journal
• /
• v.19 no.4
• /
• pp.107-113
• /
• 2019

Data security is the planning, implementation and implementation of security policies and procedures for the proper audit and authorization of access to and use of data and information assets. In addition, data serviced through internal / external networks, servers, applications, etc. are the core objects of information protection and can be said to focus on the protection of data stored in DB and DB in the category of information security of database and data. This study is a preliminary study to design a proper Data Security Management System (DSMS) model based on the data security certification system and the US Federal Security Management Act (FISMA). And we study the major security certification systems such as ISO27001 and NIST's Cybersecurity Framework, and also study the state of implementation in the data security manager solution that is currently implemented as a security platform for preventing personal data leakage and strengthening corporate security.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.5
• /
• pp.899-905
• /
• 2009

IPTV service is one of the representatives for the integration of broadcasting industry and communication industry, which also can meet users' various demands and provide efficient service. As the increasing number of IPTV users and contents servers, it is necessary to provide the safety authority system to prevent the illegal audio-visual, incorrect audio-visual authority, and illegal authority control. This thesis puts forward PKI(public Key Infrastructure) as the foundation key production mechanism. Through this mechanism, the key can be transferred safely to users and authenticate the ID of users and contents servers. In a word, our system can provide safe and efficient service for mutual authentication.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.4B
• /
• pp.592-598
• /
• 2010

A home network system is made up of subject of cyber attack from a variety factors of threatening, but also have security weakness in cases of hacking, vicious code, worm virus, DoS attack, tapping of communication network, and more. So, the necessity for a security protocol to protect user asset and personal information within a home network is gradually increasing. Thus, this paper designs and suggests a home network security protocol using user authentication and approach-control technology to prevent the threat by unauthorized users towards personal information and user asset in advance by providing the gradual authority to corresponding devices based on authorized information, after authorizing the users with a Public Key Certificate.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06c
• /
• pp.239-241
• /
• 2012

우리 군은 미래전을 대비하기 위해 각종 전술 응용정보체계의 막힘없는 전송과 통신망간 연동 요구를 충족시키고 미래 전장을 주도할 통신체계 구축을 목표로 전술정보통신체계(TICN) 개발을 추진 중이다. Ad-hoc 네트워크 기술을 사용하는 전술정보통신체계의 부체계인 전투무선체계는 전장 환경에서 운영되는 특수성으로 인해 기존의 전통적인 플랫한 Ad-hoc 네트워크와는 차별화된 계층형 Ad-hoc 네트워크 구조를 가진다. 또한 Ad-hoc 네트워크를 운용하는 환경이 보안성이 극도로 요구되는 전장 환경임을 고려할 때 군 작전의 성공적인 목표 달성을 위한 보안대책은 반드시 필요하다. 특히 전장상황 하에서 유통될 각종 민감 정보들에 대한 기밀성, 무결성 등을 보장하기 위해 정당한 권한을 가진 노드들만이 네트워크에 참여할 수 있는 보안 매커니즘이 적용되어야 하며, 이를 위해선 효율적인 키 관리 기법을 적용해야 한다. 본 논문에서는 비밀키, 노드위치, 해시인증 등의 정보를 이용한 3단계 인증절차 적용으로 Ad-hoc 네트워크 참여 노드의 인증을 강화하고, 통신환경에 따라 3가지 비밀키를 구분 사용하여 계층형 Ad-hoc 네트워크 구조에서 기밀성 보장을 강화하기 위한 키 관리 기법을 제안한다.

• Annual Conference of KIPS
• /
• 2007.05a
• /
• pp.977-980
• /
• 2007

로그인 과정은 사용자의 ID와 Password를 기반으로 시스템에 대한 사용권한을 부여한다. 로그인 과정에서 입력된 ID와 Password 정보는 패킷 스니핑 또는 Keylogger 프로그램 등을 이용하여 악의적인 공격자에 의해 노출될 수 있다는 취약점이 있다. 웹서버 또는 웹메일 시스템 등에 등록된 ID와 Password가 노출된다면 이는 개인 프라이버시 문제와도 연결되어 매우 심각한 문제이기도 하다. 현재 대부분의 시스템에서는 ID와 Password 만을 가지고 사용자에 대한 인증 및 로그인 과정을 수행하기 때문에 더욱더 강력한 복합 로그인 메카니즘이 제시되어야 한다. 본 연구에서는 기존의 ID/Password 기반 로그인 기법과 더불어 소프트웨어 형태의 보안카드를 핸드폰에 설치하여 유무선망을 통한 이중 인증(Two factor authentication) 기법을 제시한다. 제안한 소프트웨어 형태의 보안카드 기반 로그인 기법은 ID/Password와 함께 부가적 정보로써 사용자의 핸드폰에 발급받은 보안카드내 난수 형태로 생성된 번호를 사용한다. 따라서 제안한 시스템을 사용할 경우 기존의 ID와 Password와 연계되어 일회용 패스워드 형태로 제공되는 보안카드 정보를 사용하여 로그인 과정을 수행하기 때문에 보다 안전한 인증 시스템을 구축할 수 있다.

• The Journal of Society for e-Business Studies
• /
• v.18 no.2
• /
• pp.81-93
• /
• 2013

Remote user authentication is a method, in which remote server verifies the legitimacy of a user over an common communication channel. Currently, smart card based remote user authentication schemes have been widely adopted due to their low computational cost and convenient portability for the mutual authentication. 2009 years, Wang et al.'s proposed a dynamic ID-based remote user authentication schemes using smart cards. They presented that their scheme preserves anonymity of user, has the feature of storing password chosen by the server, and protected from several attacks. However, in this paper, I point out that Wang et al.'s scheme has practical vulnerability. I found that their scheme does not provide anonymity of a user during authentication. In addition, the user does not have the right to choose a password. And his scheme is vulnerable to limited replay attacks. In particular, the parameter y to be delivered to the user is ambiguous. To overcome these security faults, I propose an enhanced authentication scheme, which covers all the identified weakness of Wang et al.'s scheme and an efficient user authentication scheme that preserve perfect anonymity to both the outsider and remote server.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3C
• /
• pp.426-435
• /
• 2004

The DIAMETER protocol provides Authentication, Authorization, and Accounting (AAA) transactions across the Internet. SIP(Session Initiation Protocol) will be used for new types of signaling, such as instant messaging and application level mobility across networks. And SIP will be a major signaling protocol for next generation wireless networks. But the Digest authentication scheme is not using a secure method of user authentication in SIP, and it is vulnerable to man-in-the-middle attacks or dictionary attacks. This study focused on designing a SIP proxy for interworking with AAA server with respect to user authentication and security analysis. We compared and analyzed the security aspects of the scenarios and propose two proposals that a response which include the user address and password-based mutual authentication and key agreement protocol. It is claimed to be more secure against common attacks than current scenarios.

• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.201-208
• /
• 2016

The purpose of Email system is used to transmit important information between companies in today. But Email system has vulnerabilities such that changing email address of sender by attacker. So it is important to authenticate mail server and user using mail server. This paper proposed mail proxy located between mail servers that evaluate authority and authenticate sender and receiver. The proposed email platform has some functions to compose trusted domain and to authenticate mail servers in the domain. Also, if sender and recipient are valid users in mail system, each exchanges a key for confidentiality and the sender sends an e-mail encrypted with exchanged key to recipient. In this paper, we propose a key exchange scheme in proposed platform and verify this protocol using Casper which is the formal analysis tool. In the future research, we will study the overall platform of the domain configuration for the security of mail.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.377-391
• /
• 2019

Recently, system studies using tokens and block chains for authentication, access control, etc in IoT environment have been going on at home and abroad. However, existing token-based systems are not suitable for IoT environments in terms of security, reliability, and scalability because they have centralized characteristics. In addition, the system using the block chain has to overload the IoT device because it has to repeatedly perform the calculation of the hash et to hold the block chain and store all the blocks. In this paper, we intend to manage the access rights through tokens for proper access control in the IoT. In addition, we apply the Tangle to configure the P2P distributed ledger network environment to solve the problem of the centralized structure and to manage the token. The authentication process and the access right grant process are performed to issue a token and share a transaction for issuing the token so that all the nodes can verify the validity of the token. And we intent to reduce the access control process by reducing the repeated authentication process and the access authorization process by reusing the already issued token.