• Journal of Information Processing Systems
• /
• v.9 no.3
• /
• pp.461-476
• /
• 2013

Recently, smart devices for various services have been developed using converged telecommunications, and the markets for near field communication mobile services is expected to grow rapidly. In particular, the realization of mobile NFC payment services is expected to go commercial, and it is widely attracting attention both on a domestic and global level. However, this realization would increase privacy infringement, as personal information is extensively used in the NFC technology. One example of such privacy infringement would be the case of the Google wallet service. In this paper, we propose an zero-knowledge proof scheme and ring signature based on NTRU for protecting user information in NFC mobile payment systems without directly using private financial information of the user.

• International journal of advanced smart convergence
• /
• v.10 no.4
• /
• pp.198-205
• /
• 2021

With the development of blockchain technology, the scope of blockchain applications has expanded rapidly. Blockchain decentralization allows transaction participants to make transparent and safe transactions without a third trust agency. A distributed ledger-based system enables transparent and trusted business for anonymous users. For this reason, many companies apply blockchain to various fields such as logistics, electronic voting, and real estate. Despite this interest, there are still not enough case studies confirming the potential of blockchain as a concrete business model. Therefore, it is necessary to study how blockchain technology can change the existing business model and connect it to a new business model. In this paper, we propose blockchain-based business models and workflow types in various fields such as healthcare, logistics, and energy. We also present application cases. We expect to help companies apply blockchain to their business.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.9
• /
• pp.4508-4528
• /
• 2016

Widespread use of wireless networks has drawn attention to ascertain confidential communication and proper authentication of an entity before granting access to services over insecure channels. Recently, Truong et al. proposed a modified dynamic ID-based authentication scheme which they claimed to resist smart-card-theft attack. Nevertheless, we find that their scheme is prone to smart-card-theft attack contrary to the author's claim. Besides, anyone can impersonate the user as well as service provider server and can breach the confidentiality of communication by merely eavesdropping the login request and server's reply message from the network. We also notice that the scheme does not impart user anonymity and forward secrecy. Therefore, we present another authentication scheme keeping apart the threats encountered in the design of Truong et al.'s scheme. We also prove the security of the proposed scheme with the help of widespread BAN (Burrows, Abadi and Needham) Logic.

• Transactions on Control, Automation and Systems Engineering
• /
• v.3 no.3
• /
• pp.181-189
• /
• 2001

The software components of embedded control systems get extremely complex as they are designed into distributed systems get extremely complex as they are designed into distributed systems consisting of a large number of inexpensive microcontrollers interconnected by low-bandwidth real-time networks such as the controller area network (CAN). While recently emerging middleware technologies such as CORBA and DCOM address the complexity of distributed programming, they cannot be directly applied to distributed control system design due to their excessive resource demand and inadequate communication models. In this paper, we propose a CORBA-based middleware design for CAN-based distributed embedded control systems. Our design goal is to minimize its resource need and make it support group communication without losing the IDL (interface definition language) level compliance to the OMG standards. To achieve this, we develop a transport protocol on the CAN and a group communication scheme based on the well-known publisher/subscriber model. The protocol effectively realizes subject-based addressing and supports anonymous publisher/subscriber communication. We also customize the method invocation and message passing protocol, referred to as the general inter-ORB protocol (GIOP), of CORBA so that CORBA method invocations are efficiently serviced on a low-bandwidth network such as the CAN. This customization includes packed data encoding and variable-length integer encoding for compact representation of IDL data types. We have implemented our CORBA-based middleware on the mArx real-time operating system we have developed at Seoul National University. Our experiments clearly demonstrate that it is feasible to use CORBA in developing distributed embedded control systems possessing severe resource limitations. Our design clearly demonstrates that it is feasible to use a CORBA-based middleware in developing distributed embedded systems on real-time networks possessing severe resource limitations.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.4 no.3
• /
• pp.380-399
• /
• 2010

In this paper, we present a new class of attacks against an anonymous communication protocol, originally presented in ACNS 2008. The protocol itself was proposed as an improved version of ModOnions, which exploits universal re-encryption in order to avoid replay attacks. However, ModOnions allowed the detour attack, introduced by Danezis to re-route ModOnions to attackers in such a way that the entire path is revealed. The ACNS 2008 proposal addressed this by using a more complicated key management scheme. The revised protocol is immune to detour attacks. We show, however, that the ModOnion construction is highly malleable and this property can be exploited in order to redirect ModOnions. Our attacks require detailed probing and are less efficient than the detour attack, but they can nevertheless recover the full onion path while avoiding detection and investigation. Motivated by this, we present modifications to the ModOnion protocol that dramatically reduce the malleability of the encryption primitive. It addresses the class of attacks we present and it makes other attacks difficult to formulate.

• The Journal of Society for e-Business Studies
• /
• v.12 no.4
• /
• pp.29-36
• /
• 2007

Recently, Jaiswal et al. proposed a protocol to improve the multi-agent negotiation test-bed which was proposed by Collins et al. Using publish/subscribe system, time-release cryptography and anonymous communication, their protocol gives an improvement on the old one. However, it is shown that the protocol also has some security weaknesses: such as replay data attack and DOS (denial-of-service) attack, anonymity disclosure, collusion between customers and a certain supplier. So proposed protocol reduces DOS attack and avoids replay data attack by providing ticket token and deal sequence number to the supplier. And it is proved that the way that market generates random number to the supplier is better than the supplier do by himself in guaranteeing anonymity. Market publishes interpolating polynomial for sharing the determination process data. It avoids collusion between customer and a certain supplie

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.6
• /
• pp.201-206
• /
• 2007

Development of Information and Communication technology coming to activity of internet banking and electronic business, and smart card of medium is generalized prevailing for user authentication of electronic signature certificate management center with cyber cash, traffic card, exit and entrance card. In field that using public network, security of smart cart and privacy of card possessor's is very important. Point of smart card security is use safety for smart card by user authentication. Anonymous establishment for privacy protection and denial of service attack for availability is need to provision. In this paper, after analyze for Hwang-Li, Sun's, L-H-Y scheme, password identify element is a change of safety using one time password hash function. We proposed an efficient new smart card authentication protocol against anonymity and denial of service.

• Journal of the Korea Convergence Society
• /
• v.6 no.5
• /
• pp.33-38
• /
• 2015

In a V2X convergence service environment, the principal service among infotainment services and driver management services must be supported centering on critical information of the driver, maintenance manager, customer, and anonymous user. Many software applications have considered solutions to be satisfied the specific requirements of driving care programs, and plans. This paper describes data flow diagram of a secure clinic system for driving car diagnosis, which is included in clinic configuration, clinic, clinic page, membership, clinic request processing, driver profile data, clinic membership data, and clinic authentication in the V2X convergence service environment. It is reviewed focusing on security threat issue of ITS diagnostic system such as spoofing, tampering, repudiation, disclosure, denial of service, and privilege out of STRIDE model.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.4
• /
• pp.1643-1660
• /
• 2016

Connectivity and trust in social networks have been exploited to propose applications on top of these networks, including routing, Sybil defenses, and anonymous communication systems. In these networks, and for such applications, connectivity ensures good performance of applications while trust is assumed to always hold, so as collaboration and good behavior are always guaranteed. In this paper, we study the impact of differential behavior of users on performance in typical social network-enabled routing applications. We classify users into either collaborative or rational (probabilistically collaborative) and study the impact of this classification and the associated behavior of users on the performance of such applications, including random walk-based routing, shortest path based routing, breadth-first-search based routing, and Dijkstra routing. By experimenting with real-world social network traces, we make several interesting observations. First, we show that some of the existing social graphs have high routing costs, demonstrating poor structure that prevents their use in such applications. Second, we study the factors that make probabilistically collaborative nodes important for the performance of the routing protocol within the entire network and demonstrate that the importance of these nodes stems from their topological features rather than their percentage of all the nodes within the network.

• Journal of Information Processing Systems
• /
• v.7 no.1
• /
• pp.121-136
• /
• 2011

With the rapid growth of GPS-enable Smartphones, the interest on using Location Based Services (LBSs) has increased significantly. The evolution in the functionalities provided by those smartphones has enabled them to accurately pinpoint the location of a user. Because location information is what all LBSs depend on to process user's request, it should be properly protected from attackers or malicious service providers (SP). Additionally, maintaining user's privacy and confidentiality are imperative challenges to be overcome. A possible solution for these challenges is to provide user anonymity, which means to ensure that a user initiating a request to the SP should be indistinguishable from a group of people by any adversary who had access to the request. Most of the proposals that maintain user's anonymity are based on location obfuscation. It mainly focuses on adjusting the resolution of the user's location information. In this paper, we present a new protocol that is focused on using cryptographic techniques to provide anonymity for LBSs users in the smartphone environment. This protocol makes use of a trusted third party called the Anonymity Server (AS) that ensures anonymous communication between the user and the service provider.