• The Journal of Korean Association of Computer Education
• /
• v.14 no.1
• /
• pp.175-185
• /
• 2011

Recently RFID systems have been introduced in place of barcode systems to industries such as logistics, distribution, and manufacturing. Due to security vulnerabilities in wireless communication between the reader and tags, however, the authentication protocols for the communication have also been researched extensively. In order to solve the vulnerability of previously proposed protocols, this paper thus proposes an authentication protocol that satisfies the security requirements in the RFID system and minimizes the quantity of computation such as random number generation, transmitting the micro-time of databases. In addition, it is expected that the proposed cross authentication protocol is safe against replay attack, spoofing attack, traffic analysis, and eavesdropping attack when it is applied to the RFID system. Also, it has advantages such as providing a high level of security at a lower manufacturing cost.

• Journal of Convergence for Information Technology
• /
• v.7 no.3
• /
• pp.91-96
• /
• 2017

IoT which is an abbreviation of Internet of Things refers to the communication network service among various objects such as people-people, objects-objects interconnection. The characteristic of IoT that enables direct connection among each device makes security to be considered as more emphasized factor. Though a security module such as an authentication protocol for resolving various security problems that may occur in the IoT environment has been developed, some weak points in security are still being revealed. Therefore, this paper proposes a method for including a protocol including gateway authentication procedure and mutual authentication between the devices and gateways. Protocols with additional authentication procedures can appropriately respond to attackers' spoofing attacks. In addition, important information in the message used for authentication process is protected by encryption or hash function so that it can respond to wiretapping attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.856-858
• /
• 2013

The data which is sensed on USN(Ubiquitous Sensor Network) environment is concerned with personal privacy and the secret information of business, but it has more vulnerable characteristics, in contrast to common networks. In other words, USN has the vulnerabilities which is easily exposed to the attacks such as the eavesdropping of sensor information, the distribution of abnormal packets, the reuse of message, an forgery attack, and denial of service attacks. Therefore, the key is necessarily required for secure communication between sensor nodes. This paper proposes a KDPC(Key Distribution Protocol based on Cluster) using ECDH algorithm by considering the characteristics of sensor network. As a result, the KDPC can provide the safe USN environment by detecting the forgery data and preventing the exposure of sensing data.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.11
• /
• pp.163-171
• /
• 2011

Because RFID systems use radio frequency, they have many security problems such as eavesdropping, location tracking, spoofing attack and replay attack. So, many mutual authentication protocols and cryptography methods for RFID systems have been proposed in order to solve security problems, but previous proposed protocols using AES(Advanced Encryption Standard) have fixed key problem and security problems. In this paper, we analyze security of proposed protocols and propose our protocol using OTP(One-Time Pad) and AES to solve security problems and to reduce hardware overhead and operation. Our protocol encrypts data transferred between RFID reader and tag, and accomplishes mutual authentication by one time random number to generate in RFID reader. In addition, this paper presents that our protocol has higher security and efficiency in computation volume and process than researched protocols and S.Oh's Protocol. Therefore, our protocol is secure against various attacks and suitable for lightweight RFID tag system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.10a
• /
• pp.299-302
• /
• 2011

Recently, Voice over Internet protocol(VoIP) in IP-based wired and wireless voice, as well as by providing multimedia information transfer. Wired and wireless VoIP is easy on illegal eavesdropping of phone calls and VoIP call control signals on the network. In addition, service misuse attacks, denial of service attacks can be targeted as compared to traditional landline phones, there are several security vulnerabilities. In this paper, VoIP equipment in order to obtain information on the IP Phone is scanning. And check the password of IP Phone, and log in successful from the administrator's page. Then after reaching the page VoIP IP Phone Administrator Settings screen, phone number, port number, certification number, is changed. In addition, IP Phones that are registered in the administrator page of the call records check and personal information is the study of hacking.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.81-91
• /
• 2009

Recently, Chein et al proposed the ultralightweight strong authentication and strong integrity (SASI)protocol, where the tag requrires only simple bitwise operations. Since the tag does not support random number generator to generate a challenge nonce, an attacker can replay old messages and impersonate reader. However, all of the previous ultralightweight authentication schemes are vlunerable to various attacks: de-synk, eavesdropping, impersonating, tracking, DoS, disclosure etc. we analyze the problems of previous proposed ultrlightweight protocols, to overcome these security problems by using PRNG on the tag. Therefore, in this paper we propose a new lightweight RFID mutual authentication protocol that provides random number generator and bitwise operations, a security and an efficiency of the proposed schme analyze.

• Journal of Korea Multimedia Society
• /
• v.9 no.5
• /
• pp.615-623
• /
• 2006

It has been estimated that 'RFID' technology would be playing an important role in the incoming ubiquitous environment. For this reason, many studies on 'RFID' have been conducted and its application has been on the increase in various fields such as finance, medicine, transportation and culture as well as in logistics distribution. However, the communication between Tag and Reader in RFID system has been conducted by wireless communication of radio frequency so that the information on identification could be eavesdropped by the third party maliciously. Such eavesdropped information could be also used as basic information in attacking others; in this regard, it could impair the privacy of its users and the users have avoided using 'RFID.' To solve theses problems, many studies are being performed to different output of tags by renewing ID. However, protocols have been devised without considering an ID Synchronization in the ID renewal process between database and tag in the existing studies. In this regard, this study has suggested a RFID Authentication Protocol while considering the ID Synchronization.

• Korean journal of communication and information
• /
• v.38
• /
• pp.211-244
• /
• 2007

Article 17 and 18 of the Korean Constitution respectively prescribe the violation of individual's right to privacy and the secrecy of wire communication. Meanwhile, Article 20 of the Criminal Code provides that an act which is conducted within the ambit of laws or pursuant to accepted business practices or which does not violate the social norms shall not be punishable. In 1999, the Constitutional Court held that media reports on public matters of public figures must be given strong constitutional protection, and treated differently from reports on private matters of private figures. In accordance with the decision, the Supreme Court has expanded the scope of constitutional guarantee of freedom of expression since 2002. This study analyzes the issue of media liability for publication of illegally intercepted wire communication by a third person. Particularly, it reviews Seoul High Court's ruling on 'X-file scandal' which disclosed intercepted wire communications between notable public figures regarding a slush fund for a presidential candidate. In the light of this analysis, the study concludes that the media reporting of the intercepted communication does not violate social norms of Article 20, and therefore it is entitled to a constitutional privilege.

• Journal of KIISE:Information Networking
• /
• v.32 no.6
• /
• pp.659-667
• /
• 2005

A Mobile Ad Hoc Network(MANET) is a multi hop wireless network with no prepared base stations or centralized administrations, where flocks of peer systems gather and compose a network. Each node operates as a normal end system in public networks. In addition to it, a MANET node is required to work as a router to forward traffic from a source or intermediate node to others. Each node operates as a normal end system in public networks, and further a MANET node work as a router to forward traffic from a source or intermediate node to the next node via routing path. Applications of MANET are extensively wide, such as battle field or any unwired place; however, these are exposed to critical problems related to network management, node's capability, and security because of frequent and dynamic changes in network topology, absence of centralized controls, restricted usage on network resources, and vulnerability oi mobile nodes which results from the special MANET's character, shared wireless media. These problems induce MANET to be weak from security attacks from eavesdropping to DoS. To guarantee secure authentication is the main part of security service In MANET because networks without secure authentication are exposed to exterior attacks. In this paper, a multistage authentication strategy based on CGSR is proposed to guarantee that only genuine and veritable nodes participate in communications. The proposed authentication model is composed of key manager, cluster head and common nodes. The cluster head is elected from secure nodes, and key manager is elected from cluster heads. The cluster head will verify other common nodes within its cluster range in MANET. Especially, ID of each node is used on communication, which allows digital signature and blocks non repudiation. For performance evaluation, attacks against node authentication are analyzed. Based on security parameters, strategies to resolve these attacks are drawn up.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.10 no.10
• /
• pp.1786-1795
• /
• 2006

Portable Internet extended from wireless LAN has a large cell size, similar to a wireless mobile communication. and can provide the seamless service which offers middle-low speed mobility. IEEE 802.16e, the international standard of Portable Internet, uses PKMv2 protocol for authorization and key exchange between a MSS and a BS. This paper proposes a new protocol based on PKMv2, which can provide that MSS is able to do fast authorization with a new BS when soft handover is occurred in a MSS. Our protocol can carry out fast authorization because of reducing the number of messages and parameter exchange, public key encryption and signature in wireless network more than the previous works. It also prevents eavesdropping from an external attacker and keeps the security against impersonation attacks for both a MSS and a BS.