• Journal of the Korea Society of Computer and Information
• /
• v.25 no.2
• /
• pp.113-122
• /
• 2020

In this paper, we propose the terminal authentication system using blockchain and TOTP(Time-based One-time Password Algorithm) to sustain a continuous authentication between user device and service device. And we experiment this system by using door-lock as a terminal of IoT(Internet of Things). In the future, we can apply this result to several devices of IoT for convenience and security. Although IoT devices frequently used everyday require convenience and security at the same time, it is difficult for IoT devices having features of the low-capacity and light-weight to apply the existing authentication technology requiring a high amount of computation. Blockchain technology having security and integrity have been used as a storage platform, but its authentication cannot be performed when the terminal cannot access any network. We show the method to solve this problem using Blockchain and TOPT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.41-47
• /
• 2008

In a network environment, when a user requests a server's service, he/she must pass an examination of user authentication. Through this process, the server can determine if the user can use the provided services and the exact access rights of this user in these services. In these authentication schemes, the security of private information became an important issue. For this reason, many suggestions have been made in order to protect the privacy of users and smart cards have been widely used for authentication systems providing anonymity of users recently. An remote user authentication system using smart cards is a very practical solution to validate the eligibility of a user and provide secure communication. However, there are no studies in attribute-based authentication schemes using smart cards so far. In this paper, we propose a novel user authentication scheme using smart cards based on attributes. The major merits include : (1) the proposed scheme achieves the low-computation requirement for smart cards; (2) user only needs to register once and can use permitted various services according to attributes; (3) the proposed scheme guarantees perfect anonymity to remote server.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.67-74
• /
• 2011

In this paper, we presented a dynamic cyber attack tree which can describe an attack scenario flexibly for an active cyber attack model could be detected complex and transformed attack method. An attack tree provides a formal and methodical route of describing the security safeguard on varying attacks against network system. The existent attack tree can describe attack scenario as using vertex, edge and composition. But an attack tree has the limitations to express complex and new attack due to the restriction of attack tree's attributes. We solved the limitations of the existent attack tree as adding an threat occurrence probability and 2 components of composition in the attributes. Firstly, we improved the flexibility to describe complex and transformed attack method, and reduced the ambiguity of attack sequence, as reinforcing composition. And we can identify the risk level of attack at each attack phase from child node to parent node as adding an threat occurrence probability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.99-109
• /
• 2021

With the recent development of ICT, information exchange through data communication network is increasing. Cryptography is widely used as the base technology to protect it. The initial cryptography technology was developed for military use and authorized only by the nation in the past. However, nowadays, much of the authority was unwillingly transferred to the private due to the pervasive use of ICT. As a result, there have been conflicts between the private demand to use cryptography and the nation's authority. In this paper, we survey the conflicts between nations and the private in the process of formulating the cryptography policy. Morever, we investigate the reality of the cryptography policy in Korea. Our investigations are expected to help the government apply cryptographic control policy in a balanced manner and plan development of cryptography industries. Lastly, we propose a need to establish a cryptanalysis organization and to legislate a legal sanction against fraudulent use of cryptography.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.43 no.4 s.346
• /
• pp.13-21
• /
• 2006

An mobile ad hoc network(MANET) is a collection of wireless computers (nodes), communicating among themselves over multi-hop paths, without the help of any infrastructure such as base stations or access points. Prior research in MANET has generally studied the routing problem in a non-adversarial setting, assuming a trusted environment. In this paper, we design and evaluate the Secure Zone Routing Protocol(T-ZRP), a secure ad hoc network routing protocol is based on the design of the hash chain. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and don't use asymmetric cryptographic operations in the protocol. Proposed algorithm can safely send to data through authentication mechanism and integrity about routing establishment.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.42 no.11
• /
• pp.27-34
• /
• 2005

Mobile Ad Hoc Networks (MANETs) are self-organized networks that do not rely in their operation on wired infrastructure. As in any networking technology, security is an essential element in MANET as well, for proliferation of this type of networks. But supporting secure communication in MANETs proved to be a significant challenge, mainly due to the fact that the set of nodes in the network can change frequently and rapidly and due to the lack of access to the wired infrastructure. In particular, the trust model and the authentication protocols, which were developed for wired and infrastructure-based networks, cannot be used in MANETs. In this paper, we address the problem of efficient authentication of distributed mobile users in geographically large networks. In particular, we propose a new authentication scheme for this case of MANETs. The proposed scheme exploits Randomized Groups to efficiently share authentication information among nodes that together implement the function of a distributive Certification Authority (CA). We then evaluate the performance of authentication using Randomized Groups.

• The Journal of the Korea Contents Association
• /
• v.10 no.3
• /
• pp.101-112
• /
• 2010

The recent trend of the hacking deals with all the IT infrastructure related to the profit of the companies. Presently, they attack the service itself, the source of the profit, while they tried to access to the service infrastructure through the non-service port in the past. Although they affect the service directly, it is difficult to block them with the old security solution or the old system and they threaten more and more companies with the demand of money menacing the protection of customers and the sustainable management. This paper aims to design and implement multi-platform network packet scanner targeting the exception handling network intrusion detection system which determines normal, abnormal by traffic. Linux and unix have the various network intrusion detection and packet management tools like ngrep, snort, TCPdump, but most of them are based on CUI (Character based User Interface) giving users discomfort who are not used to it. The proposed system is implemented based on GUI(Graphical User Interface) to support the intuitive and easy-to-use interface to users, and using Qt(c++) language that supports multi-platform to run on any operating system.

• The Journal of Society for e-Business Studies
• /
• v.16 no.4
• /
• pp.75-85
• /
• 2011

Although progress in information technology has made our life prosperous. But it accompanied a number of adverse effects in various aspects. Especially, internet according to the increasing requirements for privacy and security, IP concealment network technologies to ensure the anonymity are constantly being developed. IP concealment network technologies is aiding the user to bypass the blocked sites can be used to access for information gathering, and they could be used for a malicious hacker to hide his attacks. However, due to complex routing path, local communication bandwidth sangyiham, and internode encryption there are also disadvantages that communication speed is significantly less. In this paper, the research for improving the performance of anonymous networks is to proceed by the communication speed measurement that using GeoIP the particular country with high-bandwidth is Specified or path length is limited.

• Journal of Digital Contents Society
• /
• v.9 no.4
• /
• pp.607-616
• /
• 2008

By the advancement of computer & network technology, the paridigm of 'Network Computer' has been realizing`. In what is called network computer, computer system and computing resource is incomparably seem to be expanded compared with conventional network technology[1]. Network connected computer system consitute a massive virtual computer, it is possible for people to use an enourmous amout of computing resource distributed widely through the network. It is also possible that we make client lightweight by the use of computer system & all shared computing resources on the network in our computer processing and we call this type of client system as thin-client. Thin-client and network computer are on and the same network paradigm in that both paradigm featuring the active use of computer system and resource on the network[2]. In network computer paragem, network itself is regarded as a basic platform for the transfer of application, so it is possible that client access remote serve system to run remote applications through the network[3]. In this paper, we propose the system architecture for the implementation of network computer by the use of Web browser, X window system and Pyjamas. By the use of network computer proposed in this paper, it is possible for people to run application on the server system as if he run local application, and it is expected to improve the security and maintenance efficiency.

• The KIPS Transactions:PartC
• /
• v.16C no.2
• /
• pp.151-164
• /
• 2009

The importance of sensor networks as a base of ubiquitous computing realization is being highlighted, and espicially the security is recognized as an important research isuue, because of their characteristics.Several efforts are underway to provide security services in sensor networks, but most of them are preventive approaches based on cryptography. However, sensor nodes are extremely vulnerable to capture or key compromise. To ensure the security of the network, it is critical to develop security Intrusion Detection System (IDS) that can survive malicious attacks from "insiders" who have access to keying materials or the full control of some nodes, taking their charateristics into consideration. In this perper, we design a distributed and adaptive IDS architecture on sensor networks, respecting both of energy efficiency and IDS efficiency. Utilizing a modified HEED algorithm, a clustering algorithm, distributed IDS nodes (dIDS) are selected according to node's residual energy and degree. Then the monitoring results of dIDSswith detection codes are transferred to dIDSs in next round, in order to perform consecutive and integrated IDS process and urgent report are sent through high priority messages. With the simulation we show that the superiorities of our architecture in the the efficiency, overhead, and detection capability view, in comparison with a recent existent research, adaptive IDS.