• Journal of the Korea Society of Computer and Information
• /
• v.25 no.2
• /
• pp.113-122
• /
• 2020

In this paper, we propose the terminal authentication system using blockchain and TOTP(Time-based One-time Password Algorithm) to sustain a continuous authentication between user device and service device. And we experiment this system by using door-lock as a terminal of IoT(Internet of Things). In the future, we can apply this result to several devices of IoT for convenience and security. Although IoT devices frequently used everyday require convenience and security at the same time, it is difficult for IoT devices having features of the low-capacity and light-weight to apply the existing authentication technology requiring a high amount of computation. Blockchain technology having security and integrity have been used as a storage platform, but its authentication cannot be performed when the terminal cannot access any network. We show the method to solve this problem using Blockchain and TOPT.

• Journal of Advanced Navigation Technology
• /
• v.12 no.5
• /
• pp.451-463
• /
• 2008

There are management and security of software source code equivalent to 10 assembly lines of important infrastructure in the early stage of information society directly. A support technology and framework to protect software source code are so poor state In this paper, the proposed model that is support protection and access control between software source code as object and subject that is not authenticated safely was named CRYPTEX model. And we propose active business model to provide delegate, mobile, and security/access control function for passive software source code in document state using CRYPTEX.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.1-8
• /
• 2019

Internet of Things (IoT) is proliferating to provide more intelligent services by interconnecting various Internet devices, and TCP based MQTT is being used as a standard communication protocol of the IoT. Although it is recommended to use TLS/SSL security protocol for TCP with MQTT-based IoT devices, encryption and decryption performance degenerates when applied to low-specification / low-capacity IoT devices. In this paper, we propose an end-to-end message security protocol using elliptic curve cryptosystem, a lightweight encryption algorithm, which improves performance on both sides of the client and server, based on the simulation of TLS/SSL and the proposed protocol.

• Journal of Digital Convergence
• /
• v.14 no.11
• /
• pp.501-505
• /
• 2016

Recently, the frequency of dealing important information regarding financial services like paying through smart device or internet banking on smart device has been increasing. Also, with the development of smart device execution environment towards open software environment, it became easier for users to download and use random application software, and its security aspect appears to be weakening. This study inspects features of hardware-based smart device security technology. Furthermore, this study proposes a realization method in MTM hardware-based secure smart device execution environment for an application software that runs in smart devices. While existing MTM provides the root of trust function only for the mobile device, the MTM-based mobile security environment technology proposed in this paper can provide numerous security functions that application program needs in mobile device. The further researches on IoT devices that are compatible with security hardware, gateway security technology and methods that secure reliability and security applicable to varied IoT devices by advancing security hardware are the next plan to proceed.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.24 no.4
• /
• pp.25-32
• /
• 2010

The Supervisory Control and Data Acquisition Systems (SCADA) system provides monitoring, data gathering, analysis, and control of the equipment used to manage most infrastructure. The SCADA Network is implemented in a various manner for larger utilities, and multiple types of protocol and communication interfaces are used to network the control center to remote sites. The existing SCADA equipment and protocols were designed and implemented with availability and efficiency, and as a result security was not a consideration. So, performance, reliability, flexibility and safety of SCADA systems are robust, while the security of these systems is often weak. This makes some SCADA networks potentially vulnerable to disruption of service, process redirection, or manipulation of operational data that could result in public safety concerns and/or serious disruptions to the infrastructure. To reduce the risks, therefore, there is a need to have a security device such as cipher devices or cryptographic modules for security solutions. In this paper we develop an embedded cipher device for the SCADA equipment. This paper presents a cipher device designed to improve the security of its networks, especially in the serial communication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.719-728
• /
• 2019

Recently, there has been a growing market for shared mobility businesses that share 'transport' such as cars and bikes, and many operators offer a variety of services. However, if the fare can not be charged normally because of security vulnerability, the operator can not continue the business. So there should be no security loopholes. However, there is a lack of awareness and research on shared mobility security. In this paper, we analyzed security vulnerabilities exposed in application log of shared bike service in Korea. We could easily obtain the password of the bike lock and the encryption key of the AES-128 algorithm through the log, and confirmed the data generation process for unlocking using software reverse engineering. It is shown that the service can be used without charge with a success rate of 100%. This implies that the importance of security in shared mobility business and new security measures are needed.

• Review of KIISC
• /
• v.21 no.5
• /
• pp.50-54
• /
• 2011

타원곡선 암호는 기존의 RSA 암호와 더불어 ANSI와 IEEE 표준 공개키 암호방식을 활용되고 있으며, 특히 WAP 표준으로 채택되어, 스마트폰 등에 의한 이동통신 환경에서 암호 기능을 효율적으로 처리하는 수단으로 각광을 받고 있다. 국내외 보안업체들 역시 최근 스마트폰 등 의 모바일 장치에서 동작되는 다원곡선 암호 장치를 개발 및 출시하고 있으며, 타원곡선 암호 구현과 관련된 국제특허들을 출원하고 있는 추세이다. 본 논문에서는 국내 보안업체들의 다원곡선 암호 상용화 제품 개발을 지원하는 차원에서, WIPO에 최근 출원된 다원곡선 암호 구현기술들을 소개한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 1999.05a
• /
• pp.198-202
• /
• 1999

최근들어 컴퓨터와 네트워크의 발전으로 일상업무의 대부분을 컴퓨터를 이용하여 할 수 있으므로 신원 확인은 중요한 분야로 부상되었으며, 지문은 편리한 입력과 종생불변하고 만인부동한 특성으로 생체 측정 분야 중 가장 각광받고 있는 분야가 되었으다. 근래에 반도체 지문 입력장치의 개발로 인하여 크기와 속도 문제를 해결하므로써, 키보드, 마우스 등에 부착하여 네트워크의 신원확인과 인증에 많은 수요가 예상된다. 본 논문에서는 반도체 입력 장치를 이용한 지문 인식기술과 암호학을 접목하여 지문을 이용한 신원확인과 인증하여 기본형 보안 시스템 적용에 관해 연구하였다.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2019.05a
• /
• pp.222-224
• /
• 2019

자율운항선박의 도입을 위해서는 선박 항해 장비 및 시스템들에 대한 국제표준화가 필수적이며, 선박의 항해 및 무선통신 장비들에 대한 표준을 제정하는 국제전기연합(IEC)의 표준화 활동은 매우 중요하다. 본 논문에서는 자율운항선박에서 다루게 될 수 있는 사이버보안 표준을 비롯하여 선박 장비 및 시스템에 대한 표준현황을 다루고 있다. 또한, 해사서비스의 디지털화를 위한 고려요소인 해사공통정보모델과 이를 위한 이내비게이션 서비스 표준 동향도 다루고 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.1
• /
• pp.187-194
• /
• 2019

Ever since the world's largest Bitcoin Echange, (Mt. Gox), was closed in March 2014 due to the series of hacking, still many other Exchages incl. recent Coinale in Korea have been attacked. Those hacking attempts never stopped and have caused significant threats to the overall industry of Crypto Currency and resulted in the loss of individual investors' asset. The DEX (Decentralized Exchange) has been proposed as a solution to fix the security problem at the Exchange, but still it is far away to resolve all issues. Therefore, this paper firstly analyzes security threats against existing Crypto Currency Exchanges and secondly derives security requirements for them. To do that it proposes a secure and distributed Crypto Currency Transaction Model through Personal Security devices as a solution. The paper also proves this new attempt by demonstrating its unique modelling; ultimately by adopting this modeling into Crypto Exchange is to avoid potential security threats.