• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.1
• /
• pp.33-42
• /
• 2002

We present a systematic way to armor a zero-knowledge interactive proof based identification scheme that has badly chosen keys. Keys are sometimes mistakenly chosen to be weak(neither random nor long), and a weak key is often preferred to a strong key so that it might be easy for human to remember. Weak keys severely degrade the security of ZKIP based identification schemes. We show using off-line guessing attack how the weak key threats the security of ZlKIP based identification schemes. For the proper usage of ZKIP, we introduce a specialized form of ZKIP, which has a secret coin-tossing stage. Using the secret coin tossing, a secure framework is proposed for ZKIP based identification schemes with weak key in the ideal cipher model. The framework is very useful in password based authentication and key exchange protocol

• Journal of Korea Society of Industrial Information Systems
• /
• v.11 no.5
• /
• pp.53-61
• /
• 2006

We propose public-oriented e-Marketplace framework construction that activates efficiently transaction of non-metal industrial resources through the case of Mineralland. The firms of Non-metal industrial resources domain have low information level and weak capital structure. So public enterprise has to construct e-marketplace to trade using exact market information. This framework consists of five domains-contents, commerces, communities, collaboration and electronic authentication. To draw this framework, we review many web-sites and literatures about B2B of industrial resources domain. In addition, this study provides practical implications and guidelines for activating public oriented e-Marketplace of non metal industrial resources.

• Journal of Industrial Convergence
• /
• v.18 no.6
• /
• pp.147-154
• /
• 2020

It is difficult to educate the overall operation of public and private blockchains with different characteristics. Recently, most education for blockchain is targeted at public blockchains such as Bitcoin and Ethereum. However, in an actual business environment, a private blockchain such as HyperLedger Fabric is used because access to corporate data is controlled through user authentication. In the case of HLF-based education, it is necessary to understand various components that are not in the public blockchain, such as peers, orderers, and channels. In this paper, a lab framework for HLF is designed for an efficient and systematic understanding of the functions and operations. The framework consists of HLF network, chaincode, and decentralized software control functions. Through the framework, the network configuration, distribution and activation of chaincode, and dApp execution process were checked step by step, and it was very easy to understand the overall flow for blockchain services. In addition, it is expected that a systematic understanding of the overall flow will be possible even in future network expansion.

• Journal of Korea Multimedia Society
• /
• v.20 no.12
• /
• pp.1970-1979
• /
• 2017

Computerization of educational administration following educational informatization of government has been steadily improved for the purpose of teachers' offload and job efficiency, finally resulting that NEIS(National Education Information System) has been completed. The NEIS consists of Nationwide service of NEIS, Business portal system of NEIS, Authentication management system and so on. Students, parents and civil petitioners handle civil affairs through Nationwide service of NEIS and teachers and persons of task conduct theirs business by accessing the Business portal system of NEIS. At this time, users have to obtain their certification from Authentication management system. Previous Studies were mainly focused on the evaluation about its performance according to the introduction of NEIS. But from now on there is a growing interest in security assessment and an efficient method for security improvement to check if NEIS works properly. Therefore, in this thesis, we'll propose an analytic framework in which security assessment is carried out after comprehending the fault structures through performing Fault Fishbone Analysis based on the Fault Tree Analysis. As a result of the system applied, the system had the highest rate of improvement to 47.7 percent.

• Journal of KIISE:Computer Systems and Theory
• /
• v.26 no.11
• /
• pp.1363-1372
• /
• 1999

에이전트 기반 이동 컴퓨팅 환경에서 전자 상거래를 구현하기 위해 가장 필요로 하는 것은 안전한 지불 구조를 제공하는 것이다. 본 연구에서는 불확정 전송 기법 1,2 을 사용한 비대화형 엔티티 인증 기법과 Horster 기법 4,5 을 기반으로 메시지 복원 기능을 제공하는 공정 은닉 서명 기법을 제시한다. 또한 이를 직접 Brands가 제시한 오프-라인 전자 지불 시스템 3,6 에 접목한다. 인증 단계가 비대화형으로 수행되므로 이동 엔티티 인증에 효율적이고, 메시지 복원 기능을 갖고 공개 검증 기능을 제공하는 은닉 서명을 적용하기 때문에 카운터 방식을 사용한 스마트 카드 기반 전자 지불 시스템 6 에 효과적으로 적용할 수 있었다. 전자 화폐에 대해서 신뢰 센터에 의한 공정성 검토 기능을 추가로 제공하므로 전자 지불 시스템의 신뢰성을 향상시킬 수 있다.Abstract The primary requirements for realizing the electronic commerce in agent based mobile computing environments are to implement the compatible secure payment framework. In this paper, we propose both the non-interactive entity authentication scheme that is combined with oblivious transfer protocol 1,2 and the message recovery fair blind signature based on Horster scheme 4,5 . And these techniques are directly applied to the Brand's off-line electronic payment system 3,6 . As the authentication processes are done by non-interactive manner, we can also get efficiency for mobile entity authentication. Additionally, as the used signature scheme provides a message recovery function with publicly verifiable properties, it is efficiently applicable to a counter based off-line electronic payment scheme 6 based on the additional device like smart card. Therefore, we can enhance the reliability of proposed electronic payment system based on the publicly verifiable fairness in its electronic cash by a trusted judge.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.54 no.6
• /
• pp.100-105
• /
• 2017

This work presents an ECG biometric recognition system for the purpose of biometric authentication. ECG biometric approaches are divided into two major categories, fiducial-based and non-fiducial-based methods. This paper proposes a new non-fiducial framework using discrete cosine transform and a Random Forest classifier. When using DCT, most of the signal information tends to be concentrated in a few low-frequency components. In order to apply feature vector of Random Forest, DCT feature vectors of ECG heartbeats are constructed by using the first 40 DCT coefficients. RF is based on the computation of a large number of decision trees. It is relatively fast, robust and inherently suitable for multi-class problems. Furthermore, it trade-off threshold between admission and rejection of ID inside RF classifier. As a result, proposed method offers 99.9% recognition rates when tested on MIT-BIH NSRDB.

• Journal of Korea Multimedia Society
• /
• v.24 no.8
• /
• pp.1044-1058
• /
• 2021

Tempered electronic contents have multiplied in last few years, thanks to the emergence of sophisticated artificial intelligence(AI) algorithms. Deepfakes (fake footage, photos, speech, and videos) can be a frightening and destructive phenomenon that has the capacity to distort the facts and hamper reputation by presenting a fake reality. Evidence of ownership or authentication of digital material is crucial for combating the fabricated content influx we are facing today. Current solutions lack the capacity to track digital media's history and provenance. Due to the rise of misrepresentation created by technologies like deepfake, detection algorithms are required to verify the integrity of digital content. Many real-world scenarios have been claimed to benefit from blockchain's authentication capabilities. Despite the scattered efforts surrounding such remedies, relatively little research has been undertaken to discover where blockchain technology can be used to tackle the deepfake problem. Latest blockchain based innovations such as Smart Contract, Hyperledger fabric can play a vital role against the manipulation of digital content. The goal of this paper is to summarize and discuss the ongoing researches related to blockchain's capabilities to protect digital content authentication. We have also suggested a blockchain (smart contract) dependent framework that can keep the data integrity of original content and thus prevent deepfake. This study also aims at discussing how blockchain technology can be used more effectively in deepfake prevention as well as highlight the current state of deepfake video detection research, including the generating process, various detection algorithms, and existing benchmarks.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.14 no.2
• /
• pp.303-308
• /
• 2019

Spring framework is widely used as a base technology for e-government frameworks and to the extent it is a standard for web service development tools of Korean public institutions. However, recently, a remote code execution vulnerability(CVE-2018-1270) was found in an application using a spring framework. This paper proposes a method of analyzing the vulnerability experiment using a hacking scenario, Proof Of Concept(POC), in which the spring framework is a hazard to the server. We propose the patch to version 4.3.16 and version 5.0.5 or later as an ultimate response. It is also expected that the proposed experiment analysis on vulnerability of hacking scenario will be used as a data for improving performance of security programs and establishing a new authentication system.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.811-815
• /
• 2005

IPSec(Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication. IPSec is providing authentication, integrity and confidentiality security services. The specifications for Internet Key Exchange(IKEv1) were released to the world. Some criticisms of IKEv1 were that it was too complex and endeavored to define too much functionality in one place. Multiple options for multiple scenarios were built into the specification. The problem is that some of the included scenarios are rarely if ever encountered. For IPsec to work, the sending and receiving devices must chare a Public Key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates. This thesis is a study on the performance improvement of the security transmission using the SSFNet(Scalable Simulation Framework Network Models)

• Journal of Advanced Navigation Technology
• /
• v.15 no.1
• /
• pp.39-53
• /
• 2011

As the applications within Mobile devices becoming more extensive, the mobile communication security issues of these applications and researches are appearing to be the most important concern. In this paper, we propose new integration OTP framework technique which uses the fingerprint and voice features of biometrics in order to generate Mobile One Time Passwords (OTPs) Token. The fingerprint and voice are considered to be one of the powerful personal authentication factors of biometrics and it can be used for generating variable passwords based on mobile environments for one time use. However, we performed a simulation of homomorphic variability of fingerprint and voice feature points using dendrogram and distribution of fingerprint and voice feature points for proposed password generation method, and verified validation of availability.