• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.769-780
• /
• 2014

In general, internet users need to remember several IDs and passwords when they use diverse web sites. From an effective management perspective, SSO system was suggested to reduce user inconvenience. Kerberos authentication, which uses centralized system management, is a typical example of a broker-based SSO authentication model. However, further research is required, because the existing Kerberos authentication system has security vulnerability problems of password and replay attacks. In SSO authentication systems, a major security vulnerability is the replay attack. When user credentials are seized by attackers, an authorized session can be obtained through a replay attack. In this paper, an improved SSO authentication model based on the broker-based model and a secure lightweight SSO mechanism against credential replay attack is proposed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1175-1184
• /
• 2014

Android provides a message-passing mechanism called intent. While it helps easy developments of communications between intra and inter applications, it can be vulnerable to attacks. In particular, implicit intent, differing from explicit intent specifying a receiving component, does not specify a component that receives a message and insecure ways of using implicit intents may allow malicious applications to intercept or forge intents. In this paper, we focus on security vulnerabilities of implicit intent and review researched attacks and solutions. For the case of implicit intent using 'developer-created action', specific attacks and solutions have been published. However, for the case of implicit intent using 'Android standard action', no specific attack has been found and less studied. In this paper, we present a new attack on implicit intent using Android standard action and propose solutions to protect smart phones from this attack.

• Journal of KIISE:Information Networking
• /
• v.30 no.6
• /
• pp.705-713
• /
• 2003

For group security to protect group data or to charge, group keys should be updated via key update messages when the membership of group changes. If we lose these messages, it is not possible to decrypt the group data and so this is why the recovery of lost keys is very significant. Any message lost during a certain member is logged off can not be recovered in real-time. Saving all messages and resending them by KDC (Key Distribution Center) not only requests large saving spaces, but also causes to transmit and decrypt unnecessary keys. This paper analyzes the problem of the loss of key update messages along with other problems that may arise during member login procedure, and also gives an efficient method for recovering group keys and auxiliary keys. This method provides that group keys and auxiliary keys can be recovered and sent effectively using information stored in key-tree. The group key generation method presented in this paper is simple and enable us to recover any group key without storing. It also eliminates the transmissions and decryptions of useless auxiliary keys.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.8 no.4
• /
• pp.781-787
• /
• 2007

Network Mobility (NEMO) basic support protocol doesn't execute the process of route optimization and has not presented the particular security mechanism in other blocks except hi-directional tunnel between Mobile Router (MR) and its Home Agent (HA). Therefore in this paper we process secure route optimization courses through authenticated binding update protocol between MR and its Correspondent Node (CN) and the protocol of the competency of mandate between MR and its Mobile Network Node (MNN); its block also uses an bi-directional tunnel as the block between MR and its HA. The address of each node are generated by the way of Cryptographically Generated Address (CGA) for proving the ownership of address. Finally we analyze the robustness of proposed protocol using security requirements of MIPv6 and existing attacks and the efficiency of this protocol using the connectivity recovery and end-to-end packet transmission delay time.

• Journal of KIISE:Information Networking
• /
• v.29 no.2
• /
• pp.156-164
• /
• 2002

IPSec is a protocol which provides data encryption, message authentication and data integrity on public and open network transmission. In IPSec, ESP protocol is used when it needs to provide data encryption, authentication and Integrity In real transmission packets. ESP protocol uses DES-CBC encryption mode when sender encrypts packets and receiver decrypts data through this mode IV is used at that time. This value has many tasks of attack during transmission by attacker because it is transferred clean and opened. If IV value is modified, then decryption of ESP data is impossible and higher level information is changed. In this paper we propose a new algorithm that it encrypts IV values using DES-ECB mode for preventing IV attack and checks integrity of whole ESP data using message authentication function. Therefore, we will protect attacks of IV and data, and guarantee core safe transmission on the public network.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.19 no.5
• /
• pp.9-17
• /
• 2019

As the IoT environment becomes more popular, the safety of the M2M environment, which establishes the communication environment between objects and objects without human intervention, becomes important. Due to the nature of the wireless communication environment, there is a possibility of exposure to security threats in various aspects such as data exposure, falsification, tampering, deletion and privacy, and secure communication security technology is considered as an important requirement. In this paper, we propose a new method for group key generation and exchange using trap hash collision hash in existing 'M2M communication environment' using hash collision, And a mechanism for confirming the authentication of the device and the gateway after the group key is generated. The proposed method has attack resistance such as spoofing attack, meson attack, and retransmission attack in the group communication section by using the specificity of the collision message and collision hash, and is a technique for proving safety against vulnerability of hash collision.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.19-24
• /
• 2018

For a long time now, general-purpose processors have provided dedicated hardware / software tracing modules to provide developers with tools to fix bugs. A hardware tracer generates its enormous data into a log that is used for both performance analysis and debugging. Processor Trace (PT) is a new hardware-based tracing feature for Intel CPUs that traces branches executing on the CPU, which allows the reconstruction of the control flow of all executed code with minimal labor. Hardware tracer has been integrated into the operating system, which allows tight integration with its profiling and debugging mechanisms. However, in the Windows environment, existing studies related to PT focused on decoding only one flow in sequence. In this paper, we propose an extended PT decoder structure that provides basic data for real-time trace and malicious code detection using the functions provided by PT in Windows environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.83-92
• /
• 2007

In connectionless packet network, if a sender encrypts packets by block chaining mode and send it to receiver, the receiver should decrypt packets in encrypted order that is not received order. Therefore, the performance and efficiency are lowered for crypto communication system. To solve this problem, we propose packet encryption scheme for connectionless packet network that can decrypt the packets independently, even if the received order of packets are changed or packets are missed. The scheme makes new IV(Initial Vector) using IV that created by key exchange process and salt that made by random number. We propose extended Cryptoki API that added packet encryption/decryption functions and mechanism for improving convenience and performance. We implement the scheme and get result that the performance increased about $1.5{\sim}l5.6$ times compare with in case of implementing using Cryptoki API in the test environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.45-57
• /
• 2009

In this paper, we implemented the conference system based on DTLS for saving securely the VoIP, which is served sprightly in the latest, securely and tested (and also analyzed) the system. As VoIP technology development, demand of conference system is increased and the related technologies are growed. But Security protocol to protect conference service is getting late than conference technology. In this paper, we studied based on DTLS protocol that can provide function of signaling, channel security, media channel security and application of group key and apply to VoIP conference system based UDP unchanged. In this paper, we searched suggested security protocols based on DTLS can apply to conference system and implement and apply the protocol to conference system. And we tested (and also alayzed) overhead of encryption and key management mechanism.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1293-1300
• /
• 2012

With the rapid evolution of mobile devices and the development of wireless networks, users of mobile social network service on smartphone have been increasing. Also the security of personal information as a result of real-time communication and information-sharing are becoming a serious social issue. In this paper, a framework that can be linked with a social network services platform is designed using OpenAPI. In addition, we propose an authentication and detection mechanism to enhance the level of personal information security. The authentication scheme is based on an user ID and password, while the detection scheme analyzes user-designated input patterns to verify in advance whether personal information protection guidelines are met, enhancing the level of personal information security in a social network service environment. The effectiveness and validity of this study were confirmed through performance evaluations at the end.