• Journal of Korea Multimedia Society
• /
• v.10 no.5
• /
• pp.623-630
• /
• 2007

With the development in IT technology and with growing demands of users, a ubiquitous environment is being made. Because of individuals identification is important in ubiquitous environment, RFID, a technology used frequently. RFID, a technology that radio frequency identification, reader send signer, then tag provide user information. RFID has various strengths, such as high recognition rates, quick recognition speed, but Eavesdropping is possible and problem that user information is revealed happens. To solve this, study is proceeded with activity, but, because of low-cost passive tag is limited operation capability, usually used hash function and random number. Also updates value that is used to present session and uses in next session. Therefore, this scheme protects user privacy using random number. And this sheme can offer synchronization by creating variable value without updating value.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.12 no.5
• /
• pp.870-878
• /
• 2008

The level of security of most sensor nodes that comprise the sensor networks is low, but because of the low computing power and small storage capacity, it is even very difficult to apply a security algorithm efficiently to the sensor nodes. Therefore, preventing the join of an illegal node to a sensor network is impossible, and the transmitting information is easily exposed and overheard when the transmitting algorithm of the sensor node is hewn. In this paper, we propose a group key management scheme for the sensor network using polar coordinates, so that the sensor nodes can deliver information securely inside a cluster and any illegal node is prevented from joining to the cluster where a sensor network is composed of many clusters. In the proposed scheme, all of the sensor nodes in a cluster set up the authentication keys based on the pivot value provided by the CH. The intensive simulations show that the proposed scheme outperforms the pair-wise scheme in terms of the secure key management and the prevention of the illegal nodes joining to the network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1343-1354
• /
• 2018

OAuth 2.0 bearer token and JWT(JSON web token), current standard technologies for authentication and authorization, use the approach of sending fixed token repeatedly to server for authentication that they are subject to eavesdropping attack, thus they should be used in secure communication environment such as HTTPS. In OAuth 2.0 MAC token which was devised as an authentication scheme that can be used in non-secure communication environment, server issues shared secret key to authenticated client and the client uses it to compute MAC to prove the authenticity of request, but in this case server has to store and use the shared secret key to verify user's request. Therefore, it's hard to provide stateless authentication service. In this paper we present a randomized token authentication scheme which can provide stateless MAC token authentication without storing shared secret key in server side. To remove the use of HTTPS, we utilize secure communication using server certificate and simple signature-based login using client certificate together with the proposed randomized token authentication to achieve the fully stateless authentication service and we provide an implementation example.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.681-691
• /
• 2024

In recent decades, research and development in the field of industrial robotics, such as an unmanned ground vehicle (UGV) and an unmanned aerial vehicle (UAV), has been significant progress. In these advancements, it is important to use middleware, which facilitates communication and data management between different applications, and various industrial communication middleware protocols have been released. The robot operating system (ROS) is the most widely adopted as the main platform for robot system development among the communication middleware protocols. However, the ROS is known to be vulnerable to various cyber attacks, such as eavesdropping on communications and injecting malicious messages, because it was initially designed without security considerations. In response, numerous studies have proposed countermeasures to ROS vulnerabilities. In particular, some work has been proposed on generating ROS datasets for intrusion detection systems (IDS), but there is a lack of research in this area. In this paper, in order to contribute to improving the performance of ROS IDSs, we propose a new type of attack scenario that can occur in the ROS and build ROS attack datasets collected from a real robot system and make it available as an open dataset.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.9 no.2
• /
• pp.104-109
• /
• 2010

In this paper, we propose a user authentication technology to protect wiretapping and attacking from others in the telematics environment, which users in vehicle can use internet service in local area network via mobile device. In the proposed user authentication technology, the packet speech data is encrypted by speech-based biometric key, which is generated from the user's speech signal. Thereafter, the encrypted data packet is submitted to the information communication server(ICS). At the ICS, the speech feature of the user is reconstructed from the encrypted data packet and is compared with the preregistered speech-based biometric key for user authentication. Based on implementation of our proposed communication method, we confirm that our proposed method is secure from various attack methods.

• The KIPS Transactions:PartC
• /
• v.13C no.5 s.108
• /
• pp.595-600
• /
• 2006

Nowadays, low-cost radio frequency identification (RFID) technique, is recognizable without the physical contact between the reader and the tag, has been attracting more and more interests from both industry and academic institutes. however, it causes the serious privacy infringement such as excessive information exposure and user's location information tracking due to the wireless characteristics. The security problem of read only tag can be only solved by physical method. In this paper, we propose a low-cost authentication protocol which can be adopted for read-only RFID tag using XOR and Partial ID. The proposed protocol is secure against reply attacking, eavesdropping and spoofing attacking so that avoiding the location privacy exposure

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06a
• /
• pp.166-170
• /
• 2010

센서네트워크는 유비쿼터스 환경을 실현할 수 있는 기술로서, 최근 무인 경비 시스템이나 에너지 관리, 환경 모니터링, 홈 자동화, 헬스케어 응용 등과 같은 다양한 응용 분야에 활용되고 있다. 하지만 자신의 정보가 무선통신상에 쉽게 노출됨으로써 도청과 전송 메시지에 대한 위변조, 서비스 거부 공격을 받을 위험이 있다. 더욱이 센서네트워크의 자원 제약성(적은 메모리, 컴퓨팅 성능의 제약)과 키분배 관리의 어려움으로 인해 기존의 공개키, 대칭키 기반의 면안프로토콜을 대체할 수 있는 프로토콜이 필요하다. 그러므로 키분배 관리에 장 접을 가지는 Bilinear map 기반 프로토콜은 적합한 대안이다. 하지만 프로토콜에 사용되는 Pairing연산은 높은 컴퓨팅 성능이 요구된다. 따라서 제한된 성능을 가진 센서상의 구현을 위해서는 Computation Cost를 줄이고 연산 수행 속도를 가속화 할 필요성이 있다. 본 논문에서는 프로토콜 구현에 필요한 Pairing의 핵심 연산인 Multiplication을 대표적인 센서노드 프로세서인 MSP430상에서 최적화 구현함으로써 성능을 개선한다.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2002.05d
• /
• pp.941-946
• /
• 2002

지문인식 시스템이 네트워크 기반에서 서버 매칭 형식으로 운영될 경우 클라이언트 매칭과는 달리 데이터의 전송과정에 많은 취약성이 존재한다. 지문인식은 휴대의 불편함이 없고, 분실이나 도난의 위험성도 없으며, 추측이 거의 불가능하므로 높은 안전성을 제공하는 장점을 가지고 있다. 그러나 지문데이터는 한 번 도난을 당하거나 네트워크 상에서 전송 도중 공격자를 통해 도청이 된다면 그 사용자는 앞으로 지문인식을 이용할 수 없다는 단점이 존재한다. 이에 대하여 전송 포맷 기술과 전송 데이터 보안의 표준화가 이루어지고 있다. 따라서 본 논문에서는 클라이언트에서 추출한 지문 특징점 데이터를 매칭을 위해 서버로 데이터를 전송할 경우 무결성의 적합성을 검증하기 위한 도구를 구현하였다. 신분위장 및 재전송 공격들의 위협으로부터 안전한 사용자 신분 확인을 보장하기 위해서 전송되는 지문 데이터의 인중, 무결성, 기밀성이 요구되며, 이를 위해 지문 데이터의 MAC(Message Authentication Code)과 암호화 기법을 이용하였다. 이때 전송 데이터의 기밀성을 위해서 Triple-DES와 SEED 암호 알고리즘을 사용하였고 무결성을 위해 MD5와 SHA-1 해쉬 함수를 사용하였다. 클라이언트에서 데이터를 전송할 때 두 가지의 지문데이터를 전송하는 실험을 통하여 결과를 비교하였다. 첫째, 변조된 지문데이터를 전송하였을 경우 데이터가 변조되었음을 알려주는 결과를 보여준다. 둘째, 변조되지 않은 지문데이터를 전송하였을 경우 이 데이터는 변조되었다는 메시지를 출력함으로써 무결성 검증 실험은 이루어진다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.7C
• /
• pp.755-761
• /
• 2006

Previous RFID technique, it is recognizable without the physical contact between the reader and the tag, causes the serious privacy infringement such as excessive information exposure and user's location information tracking due to the wireless characteristics. Especially the information security problem of read only tag is solved by physical method. In this paper, we propose a low-cost mutual authentication protocol which is adopted to read-only tag and secure to several attacks using XOR and Partial ID. The proposed protocol is secure against reply attacking, eavesdropping, spoofing attacking and location tracking.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.27 no.11
• /
• pp.1004-1011
• /
• 2016

In this paper, we suggested the methodology of analyzing and reconstructing of measured electromagnetic emanations from the Micro Controller Unit(MCU) chip of Universal Serial Bus(USB) keyboard. By analyzing electromagnetic emanations, entered information is found at keystroke and furthermore, information security problems such as personal information leakage and eavesdropping can be arisen. USB keyboards make the radiated signal according to the signal transmission mechanism. Electromagnetic emanations were measured by log periodic antenna and wideband receiver and were analyzed by signal processing algorithm.